Mitiga Labs · Free tool

Scan an AI skill before your agent runs it

Skillgate detects, flags, and scores skills, hooks, and agent configuration files for prompt injection, hook RCE, credential exfiltration, and other attack techniques. Free to use. No account needed to browse.

Community Scans
2,412
+312 this week
New Findings
188
+2 this week
Contributors
2,412
+96 this week
Active Rules
75
Updated 2 days ago

Recently Investigated

Resources the community is looking into right now.

Resource
Type
Signal
Last Detected
Risk

.mcp/rogue-drop/package.json

IdanMit/skillgate_testing

MCP Pkg
Community Review
2d ago
90

.mcp/rogue-drop/package.json

IdanMit/skillgate_testing

MCP Pkg Community Review 2d ago
90

.claude/skills/supply-chain/SKILL.md

IdanMit/skillgate_testing

Skill
Prompt Injection
3d ago
86

.claude/skills/supply-chain/SKILL.md

IdanMit/skillgate_testing

Skill Prompt Injection 3d ago
86

.claude/settings.json

IdanMit/skillgate_testing

Config
Unsafe Permissions
10d ago
72

.claude/settings.json

IdanMit/skillgate_testing

Config Unsafe Permissions 10d ago
72

docs/poisoned-memory.md

IdanMit/skillgate_testing

Doc
Community Review
12d ago
54

docs/poisoned-memory.md

IdanMit/skillgate_testing

Doc Community Review 12d ago
54

.claude/settings.json

tvna/claude-md

Config
Unsafe Permissions
15h ago
20

.claude/settings.json

tvna/claude-md

Config Unsafe Permissions 15h ago
20
Mitiga star

What is Skillgate?

Skillgate is a free, community-powered scanner from Mitiga Labs for third-party AI skills, prompts, configs, and repositories. Give it a public repo or file URL and it checks the file for known attack techniques, flags what it finds, and scores how dangerous the file is to load before your agent ever runs it. Browsing public scans is anonymous; submitting your own takes a free account.

“AI agents and skills are now wired into cloud, SaaS, and developer pipelines, yet they incorporate third-party instructions most teams never review. Skillgate gives the community a practical safety net so they can use the wealth of publicly available skills they find with increased confidence. It’s exactly the kind of research-driven tool Mitiga Labs was created to build.”

— Ofer Maor, Co-Founder and Chief Technology Officer, Mitiga

HOW IT WORKS

Three steps,
nothing executed

01

Submit a URL

Paste a public GitHub link. Skillgate pins the scan to a specific commit, so you know exactly what was checked.

02

Detect & Flag

Skillgate reads the file with signature and AST analysis, plus an LLM-as-judge step forskills, and maps each finding to a known technique. Nothing is executed.

03

Score & Read

You get a risk score out of 100 and a verdict (Clean, Risky, Suspicious, orDangerous), an explanation of the score, findings grouped by severity, and eachdetectcion with how to fix it. A single file scans in seconds; a full repo takesa minute or two.

What it catches

More than 80 detection rules across 6 technique families

Mapped to the OWASP Agentic AI Top 10 and MITRE ATT&CK and ATLAS.

Prompt Injection

Hook RCE

Credit Exfiltration

Tool & Skill Poisoning

MCP Poisoning

Memory Poisoning

Command Injection

Persistance

Privilege Escalation

Lateral Movement

Supply Chain

Env-var Hijack

Anti-scanner Directives

Skill-structure Abuse

It reads the files agents actually load:

SKILL.md

Hooks

CLAUDE.md

AGENTS.md

.cursorrules

.windsurfrules

mcp.json

package.json

why trust skillgate

Research-built, framework-mapped, honest about limits

Who its for

If you install skills, it's for you

Developers

Developers

Check a skill, hook, or MCP server from a marketplace before you install it.

Security teams

Security teams

See what's inside the skills, hooks, and agent rules spreading across your org, and which ones score Dangerous.

Anyone who uses AI agents

Anyone who uses AI agents

You don't need a security background. Found a third-party skill and you're about to put it to use? Paste the link and see what's inside first.

Community scans

2,412

+312 this week

New findings

188

+2 this week

Contributors

2,412

+96 this week

Active rules

75

Updated 2 days ago

FAQ

Frequently asked questions

What is Skillgate?

A free, hosted scanner from Mitiga Labs that checks AI agent configuration files — skills, hooks, agent rules, MCP configs, and instruction files — for known attack techniques, then flags and scores them.

What files does Skillgate scan?

SKILL.md, hooks, CLAUDE.md, AGENTS.md, .cursorrules, .windsurfrules, MCP server configs, and install-time package metadata, pulled from public GitHub, GitLab, or Bitbucket URLs.

What does Skillgate detect?

Prompt injection, hook RCE, credential exfiltration, tool and skill poisoning, MCP and memory poisoning, command injection, persistence, privilege escalation, lateral movement, and more — 79 rules across 15 techniques.

Does Skillgate run or execute the skill?

No. It analyzes the file statically and with an LLM-as-judge step for skills. Nothing is executed.

How does Skillgate score a file?

Each finding carries a severity, and Skillgate returns a risk score out of 100 that reflects the most critical detections, plus a verdict of Clean, Risky, Suspicious, or Dangerous.

Is Skillgate free?

Yes. Browsing public scans is anonymous. Submitting a skill or repo to scan takes a free account.

Is Skillgate open source?

No. At launch it's a hosted tool. An API is planned for a future version.

What is an AI skill?

A reusable instruction bundle that tells an AI agent how to handle a task. Agents also load hooks, rules, and MCP server configs — the same files Skillgate scans.

where does skillgate fit?

Before execution—alongside the Mitiga Platform

Skillgate scans AI agent configuration files before execution. Separately, Mitiga's platform delivers Agentic Runtime Security: it detects malicious activity from anomalies and threat intelligence across cloud, SaaS, and AI, and anticipates, disrupts, and blocks active attacks before impact, powered by Helios AIDR. Skillgate is the check before an agent loads a file; the platform is how Mitiga defends what's already running.

Let them come.

No one can prevent attacks—but we can prevent their impact.