# Scan-Skill Mode

### Skill Security Scan (`scan-skill`)

`scan-skill` adds a security gate for skills used by agentic coding tools. It can scan a remote skill before installation and scan a local skill folder already installed on your machine.

**Motivation** Skills execute with user-level permissions. That means a malicious skill can attempt credential theft, persistence, remote payload execution, or agent manipulation. This feature is designed to reduce that supply-chain risk by providing a structured, repeatable security scan before trust is granted.

**How it works**

1. Input handling:

* Remote input: scans supported remote sources (currently GitHub and ClawHub/ClawdHub hosts).
* Local input: accepts a local directory path, recursively packages it in-memory, and requires a `SKILL.md` file.

2. Safe ingestion:

* Enforces size and structure limits.
* Skips symlinks and non-text/binary content for analysis stages.
* Preserves `SKILL.md` as the primary manifest.

3. Multi-layer detection:

* Static layer: known malicious patterns and indicators.
* Behavioral layer: suspicious code behavior/data-flow patterns.
* Semantic layer (LLM): context-aware reasoning, false-positive review at finding level, and final narrative summary.

4. Result output:

* Returns verdict (`BENIGN`, `WARNING`, `SUSPICIOUS`, `MALICIOUS`), findings, evidence, severity, and optional analysis summary.
* Uses hash-based caching to reuse prior scan results for identical skill content.

**CLI usage**

```bash
# Remote GitHub skill
npx mobbdev@latest scan-skill --url https://github.com/user/my-skill

# Remote ClawHub skill
npx mobbdev@latest scan-skill --url https://clawhub.ai/user/skill-slug

# Local installed skill folder (must contain SKILL.md)
npx mobbdev@latest scan-skill --url /path/to/skills/my-skill
```

```bash
# Non-interactive CI mode
npx mobbdev@latest scan-skill --url /path/to/skills/my-skill --ci
```

Note: local scanning expects a **directory**, not a direct `SKILL.md` file path.