Summary

This project, cisco-ai-defense/skill-scanner, provides a security scanner specifically designed for AI Agent Skills. It addresses critical vulnerabilities such as prompt injection, data exfiltration, and malicious code patterns within AI skill definitions. The tool targets developers and users of AI agent frameworks, offering a comprehensive, multi-layered approach to detect and mitigate security threats, thereby enhancing the overall security posture of AI agent deployments.

How It Works

The scanner employs a multi-engine detection strategy. It combines static analysis using pattern-based detection (YAML and YARA rules) with dynamic analysis through behavioral dataflow analysis. Additionally, it leverages LLM-as-a-judge for semantic analysis of skill descriptions and scripts, and integrates cloud-based scanning services. A meta-analyzer is included to intelligently filter false positives, aiming for high detection accuracy with reduced noise.

Quick Start & Requirements

• Installation: Install via pip: pip install cisco-ai-skill-scanner or uv pip install cisco-ai-skill-scanner. Optional cloud provider extras can be installed using [bedrock], [vertex], [azure], or [all].
• Prerequisites: Python 3.10+ is required. API keys for LLM services (e.g., OpenAI, Anthropic), VirusTotal, and Cisco AI Defense are optional but necessary for enabling specific analyzers.
• Links: Documentation, Guide, Description, Quick Start, Architecture, Threat Taxonomy, LLM Analyzer, Meta-Analyzer, Behavioral Analyzer, API Reference, Development Guide.

Highlighted Details

• Multi-Engine Detection: Integrates static analysis, behavioral dataflow, LLM semantic analysis, and cloud-based scanning for comprehensive threat coverage.
• False Positive Filtering: Features a meta-analyzer designed to significantly reduce noise while maintaining detection capabilities.
• CI/CD Ready: Outputs findings in SARIF format for integration with GitHub Code Scanning and uses exit codes for build failure signaling.
• Extensible Architecture: Supports a plugin architecture, allowing for the addition of custom analyzers.

Maintenance & Community

The project encourages community involvement and contributions. Users can join the Cisco AI Discord for discussions and feedback. Contribution guidelines are available in CONTRIBUTING.md. Links to GitHub, Discord, and PyPI are provided.

Licensing & Compatibility

The project is licensed under the Apache 2.0 license. This license is permissive and generally compatible with commercial use and linking within closed-source projects.

Limitations & Caveats

Certain advanced analysis engines (LLM, VirusTotal, AI Defense) require external API keys and network access to function. The effectiveness of the LLM-based analyzers is dependent on the chosen LLM model and its configuration.