GitHub Repo Security Checker

Scan any public GitHub repository for known vulnerabilities in seconds. Free, no signup.

Instant

Results in 5-10 seconds. No clone, no install, no signup.

OSV-powered

Dependency vulnerabilities checked against Google's OSV database (npm + PyPI).

Embeddable badge

Drop a status badge into your README — keeps your repo's security posture visible.

What this scan does

Reads package.json and requirements.txt from the default branch.
Queries the OSV vulnerability database for each dependency.
Flags archived repos, stale repos (no commits in 12+ months), and missing licenses.
Returns a status: Passed, Warning, or Issues found.

This is not the catalog scan

This instant check queries the OSV database for known CVEs in your declared dependencies. It is a quick public snapshot and does not change a skill's security status in the SkillsLLM catalog.

The catalog scan is separate and deeper: when you submit a repo, it is cloned and audited with npm audit + pip-audit against the full locked dependency tree. That result sets the skill's official security badge and unlocks featuring. The two engines can return different verdicts by design.

Looking to discover trusted AI skills? Browse the catalog