frontpage.

After the ClawdHub supply chain attack (credential stealer in 1 of 286 skills), I built SkillScan - a free, no-auth API to scan skill.md files for threats.

What it detects: - Known exfiltration services (webhook.site, requestbin) - ~/.env file reads - API key theft (OPENAI_API, ANTHROPIC_, STRIPE_) - Prompt injection ("ignore previous instructions") - Social engineering patterns

Returns a 0-100 safety score with evidence. The ClawdHub stealer scores 0.

curl -X POST https://skillscan.chitacloud.dev/scan -H "Content-Type: application/json" -d '{"skill_url": "https://example.com/skill.md"}'

Built this because 22-26% of skills contain vulnerabilities per recent research. One malicious install can leak all your LLM API keys.

Show HN: CIA World Factbook Archive (1990–2025), searchable and exportable

Show HN: AI Timeline – 171 LLMs from Transformer (2017) to GPT-5.3 (2026)

Show HN: I built an iOS app to WebRTC into my Mac terminal from the toilet

Show HN: Local-First Linux MicroVMs for macOS

Show HN: SkillScan – Free API to detect malicious AI agent skill files

Show HN: Keep your eyes healthy with 20 20 20 rule reminder using bash

Show HN: Agentic programming needs new processes

Show HN: A geometric analysis of Chopin's Prelude No. 4 using 3D topology

Show HN: Visual Tailwind CSS Style Guide – Single HTML file, no build step

Show HN: 3D Mahjong, Built in CSS

Show HN: Monolith e-commerce platform for serverless

Show HN: CLI to estimate Cloudflare bill before it surprises you

Show HN: AgentReady – Drop-in proxy that cuts LLM token costs 40-60%

Show HN: Implementing ping from the Ethernet layer (ARP,IPv4,ICMP in user space)

Show HN: Rendering 18,000 videos in real-time with Python

Show HN: Llama 3.1 70B on a single RTX 3090 via NVMe-to-GPU bypassing the CPU

Show HN: TLA+ Workbench skill for coding agents (compat. with Vercel skills CLI)

Show HN: ZuckerBot. API and MCP server for AI agents to run Meta/Facebook ads

Show HN: Sprime – weather, crypto, news, forex all normalized to one JSON schema

Show HN: Bibabo – Gamified AI-first coding education

Show HN: Aussie Meme Boss Rush – 1 day Vibe Coded WebGL single file HTML game

Show HN: WARN Firehose – Every US layoff notice in one searchable database

Show HN: Iron-Wolf – Wolfenstein 3D source port in Rust

Show HN: Spacemoji – 3D emoji-filled space warp simulation in a single HTML file

Show HN: A native macOS client for Hacker News, built with SwiftUI

Show HN: A portfolio that re-architects its React DOM based on LLM intent

Show HN: Sayou: Open-source agent workspace with versioned files and MCP tools

Show HN: Clocktopussheets generated from your Git commits

Show HN: Goxe – Fast log clustering on an i5 (Reduced to 1 alloc/log, road to 0)

Show HN: Gridl – A daily block puzzle game

Show HN: SkillScan – Free API to detect malicious AI agent skill files

Show HN: CIA World Factbook Archive (1990–2025), searchable and exportable

Show HN: AI Timeline – 171 LLMs from Transformer (2017) to GPT-5.3 (2026)

Show HN: I built an iOS app to WebRTC into my Mac terminal from the toilet

Show HN: Local-First Linux MicroVMs for macOS

Show HN: SkillScan – Free API to detect malicious AI agent skill files

Show HN: Keep your eyes healthy with 20 20 20 rule reminder using bash

Show HN: Agentic programming needs new processes

Show HN: A geometric analysis of Chopin's Prelude No. 4 using 3D topology

Show HN: Visual Tailwind CSS Style Guide – Single HTML file, no build step

Show HN: 3D Mahjong, Built in CSS

Show HN: Monolith e-commerce platform for serverless

Show HN: CLI to estimate Cloudflare bill before it surprises you

Show HN: AgentReady – Drop-in proxy that cuts LLM token costs 40-60%

Show HN: Implementing ping from the Ethernet layer (ARP,IPv4,ICMP in user space)

Show HN: Rendering 18,000 videos in real-time with Python

Show HN: Llama 3.1 70B on a single RTX 3090 via NVMe-to-GPU bypassing the CPU

Show HN: TLA+ Workbench skill for coding agents (compat. with Vercel skills CLI)

Show HN: ZuckerBot. API and MCP server for AI agents to run Meta/Facebook ads

Show HN: Sprime – weather, crypto, news, forex all normalized to one JSON schema

Show HN: Bibabo – Gamified AI-first coding education

Show HN: Aussie Meme Boss Rush – 1 day Vibe Coded WebGL single file HTML game

Show HN: WARN Firehose – Every US layoff notice in one searchable database

Show HN: Iron-Wolf – Wolfenstein 3D source port in Rust

Show HN: Spacemoji – 3D emoji-filled space warp simulation in a single HTML file

Show HN: A native macOS client for Hacker News, built with SwiftUI

Show HN: A portfolio that re-architects its React DOM based on LLM intent

Show HN: Sayou: Open-source agent workspace with versioned files and MCP tools

Show HN: Clocktopussheets generated from your Git commits

Show HN: Goxe – Fast log clustering on an i5 (Reduced to 1 alloc/log, road to 0)

Show HN: Gridl – A daily block puzzle game