AI Skill Scanner

The skill is coherent with its stated purpose (a static skill scanner) and doesn't request credentials, but running the included Python scanner code executes third‑party code and the repository uses many 'noscan' markers (which can hide content from other scanners), so proceed with caution.

This package appears to be a legitimate static scanner, but you must treat the scanner code as untrusted third‑party code because running it will execute Python on your system. Before running it: (1) review scripts/advanced_checks.py and scripts/scan.py for use of exec/eval, subprocess calls, or network-sending code; (2) run the scanner only in an isolated environment (docker container, VM) with no network access and limited filesystem permissions; (3) search the files for dynamic execution patterns (eval/exec, subprocess/os.system), long encoded strings, or hardcoded endpoints; (4) note the many '# noscan' markers used in the code — these can hide lines from other scanners and merit a manual review of the surrounding code; (5) prefer scanner copies from a known/trusted source (official homepage or repo) rather than an unknown origin; and (6) if you only need static scanning, consider running a minimal, well-audited scanner instead of executing unfamiliar full-featured scripts. If you want, I can highlight specific lines to inspect or extract suspicious patterns from the source files for a focused review.