SkillRisk is a static security analyzer designed for AI Agent Skills (focusing on Claude Code & MCP). It parses skill definitions (JSON/YAML) to instantly detect: 🛡️ Privilege Escalation: Spots unchecked sudo or root access. 💉 Injection Risks: Finds arguments vulnerable to command injection. 🕵️ Malicious Hooks: Identifies hidden execution scripts (like PreToolUse hijacking). 100% Local-First & Static. We don't execute your code; we audit it. Secure your Agent workflow in seconds.