v0.1

Getting Started

Install and run your first scan with skill-issue

Getting Started

skill-issue is a static security analyzer for Claude skill directories. It detects security vulnerabilities, prompt injection risks, malicious code patterns, and configuration issues in AI skill definitions.

Installation

Download the binary

Grab the latest release for your platform from GitHub Releases:

# macOS (Apple Silicon)
curl -L https://github.com/daviddrummond95/skill-issue-cli/releases/latest/download/skill-issue-aarch64-apple-darwin -o skill-issue
chmod +x skill-issue
sudo mv skill-issue /usr/local/bin/

# macOS (Intel)
curl -L https://github.com/daviddrummond95/skill-issue-cli/releases/latest/download/skill-issue-x86_64-apple-darwin -o skill-issue
chmod +x skill-issue
sudo mv skill-issue /usr/local/bin/

# Linux (x86_64)
curl -L https://github.com/daviddrummond95/skill-issue-cli/releases/latest/download/skill-issue-x86_64-unknown-linux-gnu -o skill-issue
chmod +x skill-issue
sudo mv skill-issue /usr/local/bin/

Build from source

If you have Rust installed, you can build from source:

git clone https://github.com/daviddrummond95/skill-issue-cli.git
cd skill-issue-cli
cargo build --release

The compiled binary will be at target/release/skill-issue.

Your first scan

Run skill-issue against any skill directory:

# Scan the current directory
skill-issue

# Scan a specific skill directory
skill-issue /path/to/my-skill

You'll see output like this:

╭──────────┬────────────┬──────────────┬──────┬──────────────────────────────────────╮
│ Severity │ Rule       │ File         │ Line │ Message                              │
├──────────┼────────────┼──────────────┼──────┼──────────────────────────────────────┤
│ ERROR    │ SL-SEC-001 │ README.md    │ 24   │ Possible API key detected            │
│ WARNING  │ SL-HID-002 │ README.md    │ 12   │ HTML comment may hide instructions   │
╰──────────┴────────────┴──────────────┴──────┴──────────────────────────────────────╯

Found 2 issue(s): 1 error(s), 1 warning(s), 0 info(s)

CLI Options

Option	Short	Description	Default
`--format`	`-f`	Output format: `table`, `json`, or `sarif`	`table`
`--config`	`-c`	Path to configuration file	Auto-detect
`--severity`	`-s`	Minimum severity: `info`, `warning`, `error`	`info`
`--ignore`		Rule IDs to ignore (repeatable)	None
`--error-on`		Minimum severity for non-zero exit	`error`
`--quiet`	`-q`	Suppress output except findings	Off
`--verbose`	`-v`	Show detailed rule information	Off
`--no-color`		Disable colored output	Off

Exit Codes

Code	Meaning
`0`	Clean scan (or only findings below `--error-on` threshold)
`1`	Warnings found (when `--error-on warning`)
`2`	Errors found or threshold exceeded

Next Steps

Configuration — Customize rules and thresholds
Rules Reference — Browse all 50+ security rules
CI/CD Integration — Automate scanning in your pipeline

NextConfiguration →