sigil-scan
OfficialPrevent malicious AI agent code execution.
AuthorNOMARJ
Version1.0.0
Installs0
System Documentation
What problem does it solve?
Sigil-scan prevents unreviewed or malicious AI agent code and supply-chain threats from executing by analyzing repositories, packages, MCP servers, and installed skills before they are used.
Core Features & Use Cases
- Eight-phase analysis: Install hooks, dangerous code patterns, network exfiltration, credential access, obfuscation, provenance, prompt injection, and skill security.
- Local, JSON-first scanning: Produces a unified JSON verdict with phased findings, scores, rule IDs, file paths, and contextual snippets suitable for automated workflows.
- Use Case: Audit a GitHub repository, npm/pip package, or installed skill before cloning or installing to detect postinstall hooks, hardcoded keys, exfiltration endpoints, and prompt-jailbreak attempts.
Quick Start
Run the sigil-scan skill to audit the target repository or package and return a unified JSON verdict with findings and a risk score.
Dependency Matrix
Required Modules
sigilcurlwgetjqpython3sha256sumshasumtimeoutgtimeoutbrewnpmcargo
Components
scriptsreferences
💻 Claude Code Installation
Recommended: Let Claude install automatically. Simply copy and paste the text below to Claude Code.
Please help me install this Skill: Name: sigil-scan Download link: https://github.com/NOMARJ/sigil/archive/main.zip#sigil-scan Please download this .zip file, extract it, and install it in the .claude/skills/ directory.
Agent Skills Search Helper
Install a tiny helper to your Agent, search and equip skill from 471,000+ vetted skills library on demand.