Today, we’re excited to announce Agent Scan - Skill Inspector, a fully self-service website that makes it easy and free for anyone to scan Agent skills for risk, exposure, and malicious behavior before installing them or running anything locally.
AI agent skills introduce a new attack surface
As part of our research into the agent skill ecosystem, we analyzed 3,984 skills across major marketplaces.
We found:
76 confirmed malicious skills
13.4% of all skills contain at least one critical-level issue
36.8% contain at least one security issue
Our analysis uncovered credential theft, backdoors, suspicious downloads, remote code execution patterns, and prompt-based data exfiltration. Some confirmed malicious skills remained publicly accessible at the time of publication.
These findings reflect a broader shift in how risk enters modern development environments. AI agent skills can access source code, retrieve data, invoke external services, and execute multi-step actions on behalf of users. Yet they are rarely inventoried, reviewed, or scanned with the same rigor as traditional dependencies.
Without visibility into how they behave and what they access, organizations introduce new exposure points into systems that were never designed for autonomous execution.
How Agent Scan evaluates AI skills
Agent Scan analyzes AI skills as a combination of Skill code and Natural language instructions (e.g., SKILL.md). You’re able to paste a marketplace URL or GitHub repository, or drag and drop a local skill folder.
Based on real-world attack behaviors observed in our research, Agent Scan detects:
Prompt injection
Malicious code
Suspicious downloads
Hardcoded secrets
Improper credential handling
Remote code and prompt execution patterns
Third-party content exposure
Unverifiable dependencies and remote execution patterns
Direct financial system access
System modification and persistence risks
Findings are grouped into Critical, High, and Medium categories based on attack patterns documented in our research.
You can try Agent Scan today in two formats: our CLI for automated workflows or our new web experience for instant, ad-hoc scanning.
The Agent Scan - Skill Inspector is best for quick checks, ad-hoc scans, and sharing results. Scan your skills today for free.
The Agent Scan CLI is best for automation, CI/CD, and continuous security:
Scan local skills, integrate into CI, or enforce policies across your team.
Enterprise AI security with Evo
Agent Scan-Skill Inspector provides fast visibility into the risk of individual AI skills before they’re installed. As organizations expand their use of AI agents, that visibility must extend across the entire AI software supply chain, including models, MCP servers, datasets, prompts, and agent workflows.
Evo by Snyk is an orchestration system that delivers continuous discovery, adversarial testing, policy enforcement, and remediation across AI-native applications. It enables teams to inventory AI and agentic assets and continuously analyze them for security risk with guided remediation. Evo provides the orchestration layer required to govern AI systems at scale, with a user experience purpose-built for the next generation of AI Security Engineers. Skill support in Evo is coming soon.
