Review aid, not a verdict
Skill Spector reports are designed to support manual review. A low-risk report does not prove a skill is safe, and a high-risk finding does not prove malicious intent.
Terms and disclaimer
Use reports as evidence, not as automatic permission.
Skill Spector helps surface security signals in AI agent skills and MCP tool bundles. It does not replace source review, sandboxing, dependency review, or organizational security policy.
Source can change
Public repositories, branches, URLs, packages, and remote files can change over time. Prefer reports that include a scanned commit, source hash, or reproducible source reference.
Use your own judgment
You are responsible for deciding whether to install, run, trust, or distribute an AI agent skill, MCP server, script, package, or tool bundle.
Acceptable use
Use Skill Spector to review sources you are allowed to inspect. Do not submit content for harassment, abuse, credential exposure, illegal activity, or attempts to disrupt the service.
No professional advice
Reports, scores, recommendations, and guides are informational. They are not legal, compliance, security certification, or professional advice.
No warranty
The service and reports are provided as-is. Static analysis can miss behavior, misclassify intent, or become outdated when upstream sources change.
Report concerns
If a public report appears inaccurate, sensitive, or outdated, contact [email protected] with the report URL and source details.
Before installing a skill, combine the report with manual source review and the SKILL.md review checklist.