SkillCert
Security scanner for Claude Code Skill files — detects vulnerabilities, validates schema, and enforces best practices.
SkillCert analyzes your Claude Code Skill files (.claude/skills/*/SKILL.md) in real-time, highlighting security risks, schema violations, and best practice issues directly in your editor.
Features
25 Built-in Security Rules
| Category |
Rules |
Examples |
| Schema Validation |
SCH001–SCH008 |
Missing required fields, invalid values, unknown keys |
| Security Scanning |
SEC001–SEC012 |
Unrestricted Bash, rm -rf, curl \| bash, command injection, privilege escalation |
| Best Practices |
BP001–BP005 |
Expensive model selection, broad tool access, missing version |
Real-time Diagnostics
Issues are highlighted inline as you type:
- Red underline — Critical security issues (e.g.,
rm -rf, curl | bash)
- Yellow underline — Risky patterns (e.g., unrestricted Bash access)
- Blue underline — Best practice suggestions
Hover over any flagged issue to see:
- Rule ID and name
- Risk level (High / Medium / Low)
- Detailed explanation
- Suggested fix
Quick Fixes
Click the lightbulb icon to apply automatic fixes:
- Add missing required fields (
name, description)
- Convert name to kebab-case
- Add
allowed-tools restrictions for Bash
- Quote unsafe
$ARGUMENTS variables
- Switch from expensive
opus to sonnet model
A dedicated sidebar panel provides:
- Security Score (0–100) based on findings
- Rule Status — pass/fail overview for all 25 rules
- Tool Permissions — visual overview of declared tools and their restrictions
Status Bar Indicator
The status bar shows the current file's security status at a glance:
$(shield) SkillCert: OK (green) — no issues$(shield) SkillCert: 2E 3W (red/yellow) — errors and warnings found
Click to jump to the Problems panel.
Save Notifications
When you save a Skill file, SkillCert notifies you of any newly introduced security issues.
Installation
From VS Code Marketplace
Search for SkillCert in the Extensions view (Ctrl+Shift+X / Cmd+Shift+X), then click Install.
From VSIX
code --install-extension skillcert-0.1.0.vsix
Usage
- Open a Skill file — any file matching
.claude/skills/*/SKILL.md or .claude/commands/*.md
- SkillCert activates automatically and scans the file in real-time
- Review issues in the editor (underlines), Problems panel, or the SkillCert sidebar
- Apply Quick Fixes via the lightbulb icon or
Ctrl+. / Cmd+.
Commands
Open the Command Palette (Ctrl+Shift+P / Cmd+Shift+P) and type "SkillCert":
| Command |
Description |
SkillCert: Scan Current File |
Manually trigger a scan |
SkillCert: Scan Workspace |
Scan all Skill files in the workspace |
SkillCert: Show Security Report |
Open the Problems panel |
SkillCert: Toggle Rule |
Enable or disable specific rules |
Keyboard Shortcuts
| Shortcut |
Action |
Cmd+Shift+K (Mac) / Ctrl+Shift+K (Win/Linux) |
Scan current file |
Right-click in the editor or file explorer on any .md file to access SkillCert: Scan Current File.
Configuration
Configure SkillCert in VS Code Settings (Ctrl+, / Cmd+,):
| Setting |
Default |
Description |
skillCert.enable |
true |
Enable or disable scanning |
skillCert.scanOnType |
true |
Scan as you type (debounced) |
skillCert.debounceMs |
300 |
Debounce interval in ms |
skillCert.detectByContent |
false |
Detect Skill files by content in any .md file |
skillCert.showNotifications |
true |
Show save-time notifications |
skillCert.rules |
{} |
Override rule severity per rule ID |
skillCert.customSkillPaths |
[] |
Additional glob patterns for Skill files |
Rule Severity Override
Adjust individual rule severity or disable rules entirely:
{
"skillCert.rules": {
"SEC009": "off",
"BP001": "warning",
"SEC002": "error"
}
}
Available severity values: error, warning, info, hint, off
Rules Reference
Schema Rules
| ID |
Name |
Default |
Description |
| SCH001 |
required-name |
Error |
Missing name field |
| SCH002 |
required-description |
Error |
Missing description field |
| SCH003 |
invalid-name-format |
Error |
Name is not kebab-case or outside 3–50 chars |
| SCH004 |
invalid-version-format |
Warning |
Version does not follow semver |
| SCH005 |
invalid-model-value |
Error |
Invalid model value |
| SCH006 |
invalid-color-value |
Warning |
Invalid color value |
| SCH007 |
unknown-frontmatter-key |
Warning |
Unrecognized frontmatter key |
| SCH008 |
invalid-tools-type |
Error |
tools is not an array of strings |
Security Rules
| ID |
Name |
Default |
Description |
| SEC001 |
unrestricted-bash |
Warning |
Bash in tools without allowed-tools restriction |
| SEC002 |
dangerous-rm |
Error |
rm -rf or similar destructive commands |
| SEC003 |
curl-pipe-bash |
Error |
curl \| bash remote code execution pattern |
| SEC004 |
eval-usage |
Warning |
eval invocation detected |
| SEC005 |
argument-injection |
Warning |
Unquoted $ARGUMENTS or $1–$9 in shell context |
| SEC006 |
file-inclusion-risk |
Info |
@filename with external/absolute path |
| SEC007 |
chmod-escalation |
Warning |
chmod 777 or chmod +s |
| SEC008 |
network-exfiltration |
Warning |
Commands that could send data externally |
| SEC009 |
sudo-usage |
Warning |
sudo command detected |
| SEC010 |
env-var-access |
Info |
Access to sensitive env vars (API_KEY, SECRET, etc.) |
| SEC011 |
base64-obfuscation |
Warning |
Base64 decode piped to shell |
| SEC012 |
unrestricted-write |
Info |
Write in tools without path restriction |
Best Practice Rules
| ID |
Name |
Default |
Description |
| BP001 |
expensive-model |
Info |
Model set to opus (most expensive) |
| BP002 |
missing-invocation-control |
Info |
No invocation control fields specified |
| BP003 |
broad-tool-access |
Info |
5+ tools requested |
| BP004 |
missing-version |
Info |
Missing version field |
| BP005 |
empty-body |
Info |
Markdown body is empty |
Requirements
License
MIT License — see LICENSE for details.
