GitHub Repo Security Checker

Scan any public GitHub repository for known vulnerabilities in seconds. Free, no signup.

Instant

Results in 5-10 seconds. No clone, no install, no signup.

OSV-powered

Dependency vulnerabilities checked against Google's OSV database (npm + PyPI).

Prompt-injection aware

Scans SKILL.md, CLAUDE.md and AGENTS.md for override phrases, hidden unicode, and secret-exfiltration patterns.

Embeddable badge

Drop a status badge into your README — keeps your repo's security posture visible.

What this scan does

Reads package.json and requirements.txt from the default branch.
Queries the OSV vulnerability database for each dependency.
Scans agent instruction files (SKILL.md, CLAUDE.md, AGENTS.md) and the README for prompt-injection, hidden instructions, and secret-exfiltration patterns.
Flags archived repos, stale repos (no commits in 12+ months), and missing licenses.
Returns a status: Passed, Warning, or Issues found.

This is not the catalog scan

This instant check queries the OSV database for known CVEs in your declared dependencies. It is a quick public snapshot and does notchange a skill's security status in the SkillsLLM catalog.

The catalog scan is separate and deeper: when you submit a repo, it is cloned and audited with npm audit + pip-auditagainst the full locked dependency tree. That result sets the skill's official security badge and unlocks featuring. The two engines can return different verdicts by design.

Looking to discover trusted AI skills? Browse the catalog