{"id":27648,"library":"cisco-ai-skill-scanner","title":"cisco-ai-skill-scanner","description":"Security scanner for AI agent skills packages (e.g., MCP, plugins). Detects prompt injection, data exfiltration, and malicious code. Version 2.0.11, active development with frequent releases.","status":"active","version":"2.0.11","language":"python","source_language":"en","source_url":"https://github.com/cisco-ai-defense/skill-scanner","tags":["security","ai","llm","prompt-injection","agent-skills","cisco"],"install":[{"cmd":"pip install cisco-ai-skill-scanner","lang":"bash","label":"default"}],"dependencies":[{"reason":"Used for optional LLM-based scanning (e.g., Google Gemini fallback)","package":"litellm","optional":true}],"imports":[{"note":"Package name uses hyphens on PyPI but underscores in Python imports","wrong":"from skill_scanner import SkillScanner","symbol":"SkillScanner","correct":"from cisco_ai_skill_scanner import SkillScanner"},{"note":"The function is exposed at top-level, not inside a submodule","wrong":"from cisco_ai_skill_scanner.scanner import scan_skill","symbol":"scan_skill","correct":"from cisco_ai_skill_scanner import scan_skill"}],"quickstart":{"code":"import os\nfrom cisco_ai_skill_scanner import scan_skill\n\n# Path to the skill package (zip or directory)\nskill_path = \"./my_skill.zip\"\n\n# Optional: set Google API key for LLM-based scanning\nos.environ['GOOGLE_API_KEY'] = os.environ.get('GOOGLE_API_KEY', '')\n\n# Run the scan (returns a list of findings)\nfindings = scan_skill(skill_path)\n\nfor f in findings:\n    print(f\"Severity: {f.severity} - {f.message}\")","lang":"python","description":"Scan an AI skill package for security vulnerabilities."},"warnings":[{"fix":"Replace `scan_skill_directory(path)` with `scan_skill(path)`.","message":"In version 2.0.0, the API was restructured. The old function `scan_skill_directory` was removed; use `scan_skill` instead.","severity":"breaking","affected_versions":"<2.0.0"},{"fix":"Avoid using `--lenient`. If you need to skip UTF-8 validation, handle decoding manually.","message":"The `--lenient` CLI flag is deprecated and may be removed in a future version. Its behavior allowed binary/non-UTF-8 content to pass the loader, which introduced security risks.","severity":"deprecated","affected_versions":"2.0.9+"},{"fix":"Set the relevant API key before calling scan_skill, or use `--llm-provider none` in CLI to disable LLM scanning explicitly.","message":"LLM scanning requires setting environment variables (e.g., `GOOGLE_API_KEY`). Without them, LLM-based rules are skipped silently.","severity":"gotcha","affected_versions":"all"}],"env_vars":null,"last_verified":"2026-05-09T00:00:00.000Z","next_check":"2026-08-07T00:00:00.000Z","problems":[{"fix":"Install: pip install cisco-ai-skill-scanner. Import: from cisco_ai_skill_scanner import ...","cause":"Package is not installed or imported with wrong name (using hyphens instead of underscores).","error":"ModuleNotFoundError: No module named 'cisco_ai_skill_scanner'"},{"fix":"Ensure all text files in the skill package are UTF-8 encoded. For legacy skills, use `--lenient` (deprecated) or pre-process files.","cause":"The skill package contains non-UTF-8 encoded files (e.g., binary). The scanner expects UTF-8 by default.","error":"UnicodeDecodeError: 'charmap' codec can't decode byte ..."},{"fix":"Check that the skill contains a valid SKILL.md file at the root of the archive/directory.","cause":"The provided path is not a recognized skill package (must be a .zip file or directory with SKILL.md manifest).","error":"ValueError: Unsupported skill format"}],"ecosystem":"pypi","meta_description":null,"install_score":null,"install_tag":null,"quickstart_score":null,"quickstart_tag":null}