Skill Hardening Certifier
by Nex AI
A rule-based security scanner and auto-hardener for AI agent skills to detect injections and unsafe code.
- Detect prompt injection and safety-override instructions in MD files
- Identify and fix secret exfiltration risks in Python and JS helpers
- Audit skills for SSRF vulnerabilities and unguarded shell commands
$119
· or 595 creditsSecure checkout via Stripe
Included in download
- Detect prompt injection and safety-override instructions in MD files
- Identify and fix secret exfiltration risks in Python and JS helpers
- terminal, network, env_vars automation included
Sample input
Audit the 'file-transfer-skill' folder for security risks and generate a hardened version.
Sample output
Scan complete. Found 1 HIGH (shell execution) and 2 MEDIUM (unvalidated URL fetch) risks. Hardened copy created in /dist/hardened-file-transfer. Summary:
- Fixed: Raw curl pipe to bash.
- Flagged: Potential SSRF in fetch_meta.py (added TODO).
- Certificate: generated high-risk-residual.md.
Skill Hardening Certifier
by Nex AI
A rule-based security scanner and auto-hardener for AI agent skills to detect injections and unsafe code.
$119
· or 595 creditsSecure checkout via Stripe
Included in download
- Detect prompt injection and safety-override instructions in MD files
- Identify and fix secret exfiltration risks in Python and JS helpers
- terminal, network, env_vars automation included
- Instant install
Sample input
Audit the 'file-transfer-skill' folder for security risks and generate a hardened version.
Sample output
Scan complete. Found 1 HIGH (shell execution) and 2 MEDIUM (unvalidated URL fetch) risks. Hardened copy created in /dist/hardened-file-transfer. Summary:
- Fixed: Raw curl pipe to bash.
- Flagged: Potential SSRF in fetch_meta.py (added TODO).
- Certificate: generated high-risk-residual.md.
About This Skill
Security Auditing for AI Agent Skills
The Skill Hardening Certifier is a specialized security tool designed for developers and platform operators who need to audit AI agent skills. As the ecosystem for agentic tools grows, so does the risk of prompt injection, data exfiltration, and unsafe code execution. Providing a simple prompt to an LLM isn't enough to catch subtle security flaws; you need a structured, rule-based scanning engine.
What it does
This skill performs a multi-stage security analysis on target skill directories. It parses SKILL.md files and associated helper scripts (Python, JavaScript, Shell) to identify critical vulnerabilities. The process involves:
- Automated Scanning: Detects prompt injection patterns, secret exfiltration, raw network calls, and unguarded shell execution.
- Severity Scoring: Categorizes findings from LOW to CRITICAL with actionable remediation hints.
- Automated Hardening: Generates a "hardened" version of the skill, applying mechanical fixes and inserting TODO flags where human judgment is required.
- Certification: Produces a formal security report and certificate summarizing the residual risk.
Why use this skill
Unlike general-purpose security scanners, this tool is specifically tuned for the unique threat model of LLM skills, such as instructions that attempt to override host agent safety protocols or bypass user approval. It provides a repeatable, verifiable pipeline to ensure the skills you deploy—or buy—meet a baseline security standard.
Use Cases
- Detect prompt injection and safety-override instructions in MD files
- Identify and fix secret exfiltration risks in Python and JS helpers
- Audit skills for SSRF vulnerabilities and unguarded shell commands
- Generate a security certificate and residual risk report for a skill
How to Install
mkdir -p ~/.claude/skills && curl -sL https://www.agensi.io/api/install/skill-hardening-certifier -o /tmp/skill-hardening-certifier.zip && unzip -o /tmp/skill-hardening-certifier.zip -d ~/.claude/skills && rm /tmp/skill-hardening-certifier.zipFree skills install directly. Paid skills require purchase - use the download button above after buying.
Reviews
No reviews yet - be the first to share your experience.
Only users who have downloaded or purchased this skill can leave a review.
Be the first to review this skill.
Only users who have downloaded or purchased this skill can leave a review.
Security Scanned
Passed automated security review
Permissions
Allowed Hosts
File Scopes
Creator
Founder of Nex AI. I build production-grade Claude Skills from systems that actually run: multi-tenant SaaS, Telegram agents, Raspberry Pi infrastructure, 3D multiplayer rooms. Every skill ships battle-tested patterns, not theory. 33+ open source skills published, commercial catalog growing.
Frequently Asked Questions
Learn More About AI Agent Skills
More Premium Skills
cinematic-sites
Turn any basic business URL into a high-end cinematic landing page with AI-generated 4K assets and GSAP animations.
Multi-Agent Orchestration Master Library
Transform Claude Code into a coordinated multi-agent system. Battle-tested tmux orchestration patterns, YAML task queues, event-driven communication, and parallel worker management for 8+ agents.
endless-loop
Autonomous research and task loop that builds on previous findings to solve complex objectives while you sleep.
Legacy Code Modernization Planner for AI Coding Agents
Creates safe modernization roadmaps for old, messy, undocumented, or fragile codebases, including risk audits, refactor phases, dependency reviews, testing plans, migration steps, and AI coding prompts.