Use when the user wants to scan a downloaded GitHub repo, local directory, or agent-skill pack for malicious code — secret exfiltration, backdoors, install-time mischief, hostile git metadata, or prompt-injection patterns in skill files. Triggered by phrases like "scan this repo", "is this safe to run", "check for malware", "audit this code", "review this skill before I install it".
Triage-level malicious-code scanner. Composes existing scanners (Cisco skill-scanner, Semgrep, Gitleaks, OSV-Scanner, Guarddog) with malice-focused custom rules and a hostile-git-metadata check, then produces a single verdict report.
.git/config.Do not use for general code-quality review or CVE-only scans — those
are different jobs (see /security-review or osv-scanner alone).
| Mode | When | Primary tools |
|---|---|---|
repo (default) | General source repo / downloaded code | gitleaks, semgrep (public + custom malice rules), osv-scanner, guarddog (if manifests), git-metadata scan |
skill | Agent-skill packs (.claude/, .codex/, .cursor/, MCP servers, SKILL.md present) | Cisco skill-scanner (primary), semgrep skill-specific rules, gitleaks, manifest inventory |
repo mode auto-detects skill-like content and also invokes Cisco
skill-scanner inline when it finds it.
# Default mode = repo
bin/repo-safety-scan <url-or-path>
# Explicit mode
bin/repo-safety-scan repo <url-or-path>
bin/repo-safety-scan skill <url-or-path>
# Keep workdir (default: auto-cleanup if we made a /tmp dir)
bin/repo-safety-scan repo <path> --out ./scan-results --keep
Targets: HTTPS/SSH git URLs or local directory paths.
pip install / npm install /
setup.py / make / docker build.core.hooksPath=/dev/null); no
submodules; shallow history; 500 MB size cap..git/config, .gitattributes, .git/hooks/) runs
regardless of mode — catches GHSA-j4h9-wv2m-wrf7-class attacks.repo and mention you're doing so.bin/repo-safety-scan <mode> <target> --keep
via the Bash tool. Capture the workdir path from the output.$WORKDIR/report.md has the verdict, top concerns,
and scanner status. Quote the verdict and top concerns to the user.missing, tell the user what to install — see references/installation.md.
A scan missing 4/5 scanners is a thin scan; say so.Single markdown report at $WORKDIR/report.md containing:
<details>).Raw scanner JSON outputs stay in $WORKDIR/artifacts/ for deeper triage.
The skill will run even when scanners are missing — it just does less.
For a full repo scan install: semgrep, gitleaks, osv-scanner,
guarddog (pip). For skill mode install: cisco-ai-skill-scanner (pip)
in addition. See references/installation.md.
references/threat_taxonomy.md — what we look for and whyreferences/installation.md — scanner install commandsreferences/triage_playbook.md — how to read the report