EdictumSkill Scanner
Deterministic static analysis of SKILL.md directories for security findings.
Right page if: you want to understand what `edictum skill scan` detects and how its risk tiers work. Wrong page if: you want the broader CLI surface -- see https://docs.edictum.ai/docs/reference/cli. Gotcha: the scanner analyzes code blocks in SKILL.md content and helper files. It does not understand prose-only prompt injection or magically verify runtime trust.
edictum skill scan is the deterministic scanner for skill directories and
SKILL.md files. It ships in the canonical Edictum CLI from edictum-go.
Install the CLI with:
go install github.com/edictum-ai/edictum-go/cmd/edictum@latestThen scan a skill or skill collection:
edictum skill scan ./skillsWhat it detects
The scanner checks for concrete risk patterns such as:
- dangerous shell commands
- credential and secret file paths
- exfiltration domains
- obfuscation signals
- suspicious base64 payloads
It also supports structural checks such as "does this skill collection actually include the expected ruleset coverage?"
Risk Tiers
Each skill is classified as one of:
| Tier | Meaning |
|---|---|
CRITICAL | High-confidence exploit pattern |
HIGH | Serious threat signal |
MEDIUM | Suspicious pattern that needs review |
CLEAN | No findings above threshold |
Real CLI Surface
The current public flags are:
--json--threshold CRITICAL|HIGH|MEDIUM--structural-only--verbose
Examples:
edictum skill scan ./skills --threshold HIGH
edictum skill scan ./skills --json --threshold MEDIUM
edictum skill scan ./skills --structural-only
edictum skill scan ./skills --verboseCurrent Limits
- The scanner is local CLI analysis, not a hosted control-plane feature.
- Older docs described Python-packaged CLI extras and server upload flags. That is stale.
- If you are looking for a publicly documented hosted ingest endpoint for scan findings, that is not part of the current public control-plane docs.
Related
Last updated on