Integration

Skills.sh Skill

Install Sigil as a skills.sh skill and get six-phase security scanning in any AI coding agent. Works with Claude Code, Cursor, Codex, Amp, Cline, Gemini CLI, GitHub Copilot, Windsurf, Aider, OpenCode, Roo Code, and Continue.

What is skills.sh

skills.sh is a package manager for AI agent skills. Skills are portable instructions and scripts that any compatible AI coding agent can use. The Sigil skill gives your agent the ability to scan code, packages, repos, and MCP servers for security threats before executing them.

Note

This is not a replacement for server-side scanning. It's an additional layer that catches what server-side providers cannot — scanning at the point of use, on your machine, right before execution.

Installation

Install the skill

bash

npx skills add nomarj/sigil-skill --skill sigil-scan

Install for specific agents

Restrict installation to specific agents with the -a flag:

bash

npx skills add nomarj/sigil-skill -a claude-code -a cursor -a codex

Global install

Make the skill available across all projects:

bash

npx skills add nomarj/sigil-skill --skill sigil-scan -g

Auto-setup

The Sigil CLI binary is installed automatically on first use. No separate installation step required. Requires macOS (arm64/x64), Linux (x64), or WSL. Internet required only for the initial binary download — all scanning is local and offline.

Supported agents

Works with all agents that support skills.sh:

Claude Code

Cursor

Codex

Amp

Cline

Gemini CLI

GitHub Copilot

Windsurf

Aider

OpenCode

Roo Code

Continue

Eight scan phases

The skill runs the full Sigil six-phase analysis on every target:

Phase	Weight	What it detects
Install Hooks	10x	setup.py cmdclass, npm postinstall, Makefile install targets
Code Patterns	5x	eval, exec, pickle, child_process, dynamic imports
Network / Exfil	3x	HTTP requests, webhooks, raw sockets, DNS exfiltration
Credentials	2x	ENV var access, hardcoded keys, SSH/AWS credential files
Obfuscation	5x	base64, charCode, hex encoding, string obfuscation
Provenance	1–3x	Hidden files, binaries, shallow clones, suspicious filenames
Prompt Injection	10x	Jailbreaks, instruction overrides, system prompt exfiltration
Skill Security	5x	Malicious skill manifests, MCP server exploits, credential embedding

Capabilities

Scan on demand

Ask your agent to scan any target — directory, repo URL, package name, or GitHub shorthand:

text

"Scan this repo for security issues"
"Is owner/repo safe to use?"
"Audit this MCP server before I install it"

Pre-clone quarantine

Before cloning a repo or installing a package, the skill intercepts, scans in quarantine, and presents findings before any code reaches your environment.

Environment audit

Scans your local environment for exposed credentials — .env files with API keys, SSH keys with wrong permissions, secrets leaked in shell history.

Installed skills audit

Scans all skills installed across all your agent directories and reports risk assessments for each. Checks ~/.claude/skills/, ~/.cursor/skills/, ~/.agents/skills/, and more.

Risk verdicts

Verdict	Score	Action
LOW RISK	0–9	No significant patterns detected. Proceed with awareness.
MEDIUM RISK	10–24	Suspicious patterns warrant review. Explicit approval required.
HIGH RISK	25–49	Patterns strongly suggest elevated risk. Rejection recommended.
CRITICAL RISK	50+	Very high concentration of dangerous patterns. Never auto-proceed.

Scan output

The skill returns structured JSON that your agent interprets and presents:

json

{
  "verdict": "HIGH RISK",
  "score": 37,
  "target": "github.com/someone/sketchy-mcp-server",
  "files_scanned": 142,
  "duration_ms": 85,
  "findings_count": 12,
  "phases": {
    "InstallHooks": { "findings": 2, "severity": "critical" },
    "CodePatterns": { "findings": 5, "severity": "high" },
    "NetworkExfil": { "findings": 1, "severity": "medium" },
    "Credentials": { "findings": 3, "severity": "high" },
    "Obfuscation": { "findings": 0, "severity": "clean" },
    "Provenance": { "findings": 1, "severity": "low" },
    "PromptInjection": { "findings": 0, "severity": "clean" },
    "SkillSecurity": { "findings": 0, "severity": "clean" }
  },
  "findings": [
    {
      "phase": "InstallHooks",
      "severity": "Critical",
      "weight": 10,
      "rule": "INSTALL-003",
      "file": "package.json",
      "line": 8,
      "snippet": "postinstall script detected: node malicious.js"
    }
  ]
}

Scan targets

The skill accepts multiple target formats:

Type	Example
Local path	/path/to/project or ./src
GitHub URL	https://github.com/owner/repo
GitHub shorthand	owner/repo
npm package	@scope/package or npm:package-name
pip package	pip:package-name
Any URL	https://example.com/file.py

Comparison with other integrations

Feature	Skills.sh Skill	Claude Code Plugin	MCP Server
Agent compatibility	12 agents	Claude Code only	MCP clients
Install method	npx skills add	claude plugin add	JSON config
Auto binary setup	Yes	Manual	Manual
Scan phases	8	6	6
Environment audit	Yes	No	No
Skills audit	Yes	No	No

Source code

The skill is open source under the Apache 2.0 license.

•NOMARJ/sigil-skill on GitHub — source, issues, and contributions
•Claude Code Plugin — native plugin with slash commands and agents
•MCP Server — tool-based integration for MCP-compatible clients
•CLI Reference — all commands, flags, and scan configuration

Previous← Configuration NextClaude Code Plugin →

Need help?

Ask a question in GitHub Discussions or check the troubleshooting guide.

Community Troubleshooting