Audit AI Agent Skills
Before Execution
Quick Scan
Free- YARA malware detection
- Credential theft & API key detection
- Command injection & reverse shells
- Data exfiltration patterns
- Obfuscation detection
- Risk score (0-100) + detailed findings
Deep Scan coming soon — LLM-powered social engineering detection, trust signal analysis, and behavioral intent reasoning.
What Shieldon Catches
Four categories of threats detected across every skill.md your agent encounters.
Credential Theft
AWS, GitHub, Stripe, Slack, cloud provider keys, private keys, .env / .ssh access
Command Injection
Reverse shells, curl | bash, privilege escalation, cron persistence, code injection
Data Exfiltration
webhook.site, paste services, ngrok tunnels, DNS tunneling, curl POST to external endpoints
Obfuscation
Base64 decode chains, hex encoding, eval() + encoding, char-by-char string building
How Scanning Works
Every scan runs through a 3-stage pipeline in under 2 seconds.
Pre-filter
Structure checks, suspicious patterns, quick red flags
Deep scan
23 YARA rules across 4 threat categories
Verdict
Risk score 0–100, severity level, SAFE / REVIEW / BLOCK
{
"risk_score": 75,
"risk_level": "HIGH",
"recommendation": "REVIEW",
"findings": [
{
"type": "Credential_AWS_Access_Key",
"description": "AWS access key pattern detected",
"severity": "HIGH",
"evidence": "Hardcoded key at line 342: KEYEXAMPLE"
}
],
"scans_remaining": 7
}