ai-coding-shield/ai-coding-shield
skill/SKILL.md
Security auditing tool for AI development workflows, rules, skills, and MCPs.
$ install --global
skillsauthnpx skillsauth add ai-coding-shield/ai-coding-shield ai-coding-shieldInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: Mar 29, 2026, 11:33 AM38.0s2 files scanned
SKILL.md
- name:
- ai-coding-shield
- description:
- Security auditing tool for AI development workflows, rules, skills, and MCPs.
AI Coding Shield Skill
This skill allows you to use ai-coding-shield to audit your AI development artifacts for security risks. It helps identify potential threats in workflows, MCP configurations, skills, and other agentic components.
When to use
Use this skill when you need to:
- Audit Workflows: Check
.github/workflowsor other CI/CD scripts for security vulnerabilities. - Verify MCPs: Validate Model Context Protocol servers against trusted authors and domains.
- Scan Skills: Review other agentic skills for dangerous patterns (e.g., command injection, data exfiltration).
- Check Threats: Scan for general security threats like obfuscated code, suspicious package installations, or network risks.
How to use
First, ensure the tool is installed by running the installation script provided in this skill:
./skill/scripts/install.sh
Once installed, you can use the ai-coding-shield CLI to perform various security tasks.
Scan a directory
To audit the current directory or a specific path (e.g., .agent/):
ai-coding-shield audit .
Or for a specific folder:
ai-coding-shield audit .agent/
List known threats
To see the catalog of threats that the tool can detect:
ai-coding-shield list
Get info on a specific threat
To understand a specific threat ID returned in a report:
ai-coding-shield info CMD_001
CI/CD Integration (Optional)
You can integrate ai-coding-shield into your GitHub Actions pipeline to automatically scan for risks on every push.
[!IMPORTANT] User Confirmation Required: Before adding this to a pipeline, you must explicitly confirm with the user that they want to enable automated security scanning in their CI/CD process.
If approved, you can add a step like this to your workflow file (e.g., .github/workflows/security.yml):
- name: AI Coding Shield Audit
uses: AI-Coding-Shield/ai-coding-shield@v1
with:
path: .
fail-on: high
Related Skills
ai-coding-shield/Safe Linter
development
VerifiedTrustedCommunity
A safe skill that just runs linting
4SKILL.mdUpdated Mar 27, 2026
ai-coding-shield/Malicious Skill
testing
VerifiedTrustedCommunity
A skill with embedded malicious scripts
4SKILL.mdUpdated Mar 27, 2026
ai-coding-shield/Cloud Scanner
devops
VerifiedTrustedCommunity
Scanning cloud environment for leaks
4SKILL.mdUpdated Mar 27, 2026
openclaw/taskflow
tools
VerifiedTrustedCommunity
Use when work should span one or more detached tasks but still behave like one job with a single owner context. TaskFlow is the durable flow substrate under authoring layers like Lobster, ACPX, plugins, or plain code. Keep conditional logic in the caller; use TaskFlow for flow identity, child-task linkage, waiting state, revision-checked mutations, and user-facing emergence.
357,764SKILL.mdUpdated Apr 10, 2026