AI tools are increasingly extended through "skills" — packaged capabilities maintained by third-party developers. Some are great. Some hide prompts that change agent behavior. A small number embed code or content you wouldn't want running in your environment.
Static scanning won't catch every malicious skill. But it will catch the obvious ones, and "obvious" is more common than you'd think.
A clean static result doesn't mean a skill is safe. It means it isn't trivially malicious. Treat results as one signal among several.
Prerequisites
- The Blue Lantern on-prem toolkit installed locally. Static scanning is also available through our SaaS API if you'd rather not run it on your machine.
- Credits allocated (or auto-refresh enabled).
gitavailable locally for pulling the skill source — though if you're already suspicious of a skill, don't download it.
Example: Anthropic's Claude Code skills
Anthropic's first-party skill repo is unlikely to be malicious, but it's a useful sample for trying the workflow against open-source skills you don't fully trust.
git clone https://github.com/anthropics/skills.git
Running the scanner
Target a single skill rather than the whole repo — Blue Lantern charges credits per file scanned, so a focused target keeps costs predictable:
bluelantern --target ./skills/path/to/skill run malware-analyzer scan
Results land in your configured data directory under /results. To browse them visually, run bluelantern ui and open the results page (default port 9090).
When to act
Anything the scanner flags — YARA matches, suspicious string patterns, unusual section entropy — is worth a closer look before you wire the skill into a production agent. A negative result moves the skill from "unknown" to "no trivially-malicious indicators." That's progress, not a guarantee.