Combined with Snyk reporting that they found ~1500 malicious skills on such marketplaces (https://snyk.io/blog/toxicskills-malicious-ai-agent-skills-c...), I decided to build a library for doing skill scanning since Claude doesn't do it natively.
v0.1 of skillcop is an OSS wrapper around Claude Code for scanning malicious skills at invocation time.Skillcop integrates natively with Ollama for skill scanning, providing direct access to Gemma 3, GPT-OSS, GLM 4.7 Flash from the CLI.
Existing harnesses exist but don't quite get to this level of granular LLM-on-LLM scanning. Would love to get feedback and users from the community!