Check whether an AI agent skill is safe before installing or using it. Calls the PYX Scanner API to retrieve trust status, risk score, and safety recommendat...
---
name: pyx-scan
description: >
Check whether an AI agent skill is safe before installing or using it.
Calls the PYX Scanner API to retrieve trust status, risk score, and safety
recommendation. Use when agent needs to verify skill safety, or user says
"is this safe", "check skill", "scan skill", "verify tool", "pyx scan".
allowed-tools: WebFetch, Bash(curl *)
argument-hint: "[owner/name]"
---
# PYX Scan — Agent Skill Safety Check
Verify whether an AI agent skill is safe before installing or using it by querying the PYX Scanner API.
## Workflow
### Step 1: Parse Input
Extract `owner` and `name` from `$ARGUMENTS`.
- Expected format: `owner/name` (e.g., `anthropic/web-search`)
- If `$ARGUMENTS` is empty or missing the `/` separator, ask the user:
*"Which skill do you want to check? Provide it as `owner/name` (e.g., `anthropic/web-search`)."*
- Trim whitespace. Reject if either part is empty after trimming.
### Step 2: Call the PYX Scanner API
Fetch the safety data:
```
WebFetch URL: https://scanner.pyxmate.com/api/v1/check/{owner}/{name}
Prompt: "Return the full JSON response body exactly as-is. Do not summarize."
```
If `WebFetch` fails (tool unavailable, network error), fall back to:
```bash
curl -s "https://scanner.pyxmate.com/api/v1/check/{owner}/{name}"
```
### Step 3: Handle Errors
| HTTP Status | Meaning | Action |
|---|---|---|
| **200** | Skill found | Proceed to Step 4 |
| **404** | Skill not in database | Verdict = **UNSCANNED** |
| **429** | Rate limited | Verdict = **ERROR** — "Rate limited. Try again shortly." |
| **5xx** | Server error | Verdict = **ERROR** — "PYX Scanner is temporarily unavailable." |
| Network failure | Cannot reach API | Verdict = **ERROR** — "Could not connect to PYX Scanner." |
### Step 4: Determine Verdict
Use the JSON response fields to determine the verdict:
| Condition | Verdict |
|---|---|
| `recommendation == "safe"` AND `is_outdated == false` | **SAFE** |
| `recommendation == "safe"` AND `is_outdated == true` | **OUTDATED** |
| `recommendation == "caution"` | **CAUTION** |
| `recommendation == "danger"` | **FAILED** |
| `recommendation == "unknown"` | **UNSCANNED** |
### Step 5: Output Report
Format the report as structured markdown. Omit any section where the data is null or empty.
**For SAFE verdict:**
```
## PYX Scan: {owner}/{name}
**Verdict: SAFE** — This skill has been scanned and verified safe.
**Trust Score:** {trust_score}/10 | **Risk Score:** {risk_score}/10 | **Confidence:** {confidence}%
**Intent:** {intent} | **Status:** {status}
### Summary
{summary}
### About
**Purpose:** {about.purpose}
**Capabilities:** {about.capabilities as bullet list}
**Permissions Required:** {about.permissions_required as bullet list}
[View full report]({detail_url}) | [Badge]({badge_url})
```
**For OUTDATED verdict:**
```
## PYX Scan: {owner}/{name}
**Verdict: OUTDATED** — Last scan was safe, but the skill has been updated since.
The scanned commit (`{scanned_commit}`) no longer matches the latest (`{latest_commit}`).
The new version has NOT been reviewed. Proceed with caution.
**Trust Score:** {trust_score}/10 | **Risk Score:** {risk_score}/10
**Last Safe Commit:** {last_safe_commit}
### Summary
{summary}
[View full report]({detail_url})
```
**For CAUTION verdict:**
```
## PYX Scan: {owner}/{name}
**Verdict: CAUTION** — This skill has potential risks that need your attention.
**Trust Score:** {trust_score}/10 | **Risk Score:** {risk_score}/10 | **Confidence:** {confidence}%
**Intent:** {intent} | **Status:** {status}
### Summary
{summary}
### About
**Purpose:** {about.purpose}
**Permissions Required:** {about.permissions_required as bullet list}
**Security Notes:** {about.security_notes}
**Do you want to proceed despite the caution rating?** Please confirm before installing or using this skill.
[View full report]({detail_url})
```
**For FAILED verdict:**
```
## PYX Scan: {owner}/{name}
**Verdict: FAILED** — This skill has been flagged as dangerous. Do NOT install or use it.
**Trust Score:** {trust_score}/10 | **Risk Score:** {risk_score}/10 | **Confidence:** {confidence}%
**Intent:** {intent} | **Status:** {status}
### Summary
{summary}
### About
**Security Notes:** {about.security_notes}
[View full report]({detail_url})
```
**For UNSCANNED verdict:**
```
## PYX Scan: {owner}/{name}
**Verdict: UNSCANNED** — This skill has not been scanned by PYX Scanner.
No safety data is available. You should:
1. Review the skill's source code manually before use
2. Check the skill's repository for known issues
3. Request a scan at https://scanner.pyxmate.com
```
**For ERROR verdict:**
```
## PYX Scan: {owner}/{name}
**Verdict: ERROR** — {error_message}
Safety could not be verified. Treat this skill as unverified until you can confirm its safety.
```
## Behavioral Rules
1. **Always call the API** — never skip the check or return a cached/assumed result.
2. **Never soften a FAILED verdict** — if the scan says danger, report danger. Do not add qualifiers like "but it might be fine."
3. **Always ask user confirmation on CAUTION** — the user must explicitly agree before proceeding.
4. **Keep reports concise** — omit null/empty sections rather than showing "N/A."
5. **No raw JSON** — always format the response as the structured markdown report above.
## Self-Scan Awareness
When `$ARGUMENTS` is `pyxmate/pyx-scan`, `pyxmate/pyx-scanner`, or refers to this skill itself, still call the API honestly and report whatever comes back. If the result is UNSCANNED, append:
> *"Yes, even the security scanner's own skill hasn't been scanned yet. We practice what we preach — treat unscanned skills with caution."*
don't have the plugin yet? install it then click "run inline in claude" again.
added explicit inputs section with api endpoint and rate limit edge case, expanded procedure into five numbered steps with input/output callouts, created dedicated decision points section covering malformed arguments, tool fallback, confirmation logic, and self-scan awareness, and solidified output contract with all four verdict templates plus error handling guidance.
scan an ai agent skill against the pyx scanner api to determine if it's safe to install or use. returns a verdict (safe, outdated, caution, failed, unscanned, or error) plus trust score, risk score, and actionable safety notes. use this when an agent or user needs to verify skill safety before integration, or when someone asks "is this safe", "check skill", "scan skill", "verify tool", or "pyx scan".
required parameters:
$ARGUMENTS: skill identifier in owner/name format (e.g., anthropic/web-search). if missing or malformed, skill will prompt user for clarification.external connections:
https://scanner.pyxmate.com/api/v1/check/{owner}/{name}. no authentication required; endpoint is public. however, the api enforces rate limits (429 responses), so expect potential throttling if checking many skills in rapid succession.tools:
WebFetch (primary): fetch json from the pyx api endpoint.Bash(curl *) (fallback): execute curl if WebFetch unavailable.step 1: parse input
owner and name from $ARGUMENTS by splitting on /.$ARGUMENTS is empty, missing the / separator, or either part is empty after trimming, prompt the user: "which skill do you want to check? provide it as owner/name (e.g., anthropic/web-search)."owner and name strings.step 2: call the pyx scanner api
https://scanner.pyxmate.com/api/v1/check/{owner}/{name} and prompt "return the full json response body exactly as-is. do not summarize."curl -s "https://scanner.pyxmate.com/api/v1/check/{owner}/{name}".step 3: handle api errors
step 4: determine verdict
recommendation field and is_outdated boolean from the json response.recommendation == "safe" and is_outdated == false: verdict = safe.recommendation == "safe" and is_outdated == true: verdict = outdated.recommendation == "caution": verdict = caution.recommendation == "danger": verdict = failed.recommendation == "unknown": verdict = unscanned.step 5: output report
if $arguments is missing or malformed: prompt user for owner/name format and wait for clarification. do not proceed to api call.
if webfetch fails: fall back to bash curl. do not retry WebFetch or ask the user to retry; assume WebFetch is unavailable and proceed with curl.
if both webfetch and curl fail: set verdict to error with the appropriate message (rate limited, server error, or could not connect).
if the verdict is caution: append an explicit confirmation prompt: "do you want to proceed despite the caution rating?" do not proceed to installation or use until the user confirms.
if the verdict is failed: never soften or qualify the warning. report danger as danger. do not suggest that it might be fine or that the user should try it anyway.
if the skill being scanned is pyx-scan itself (i.e., $arguments matches pyxmate/pyx-scan, pyxmate/pyx-scanner, or any variant referring to this skill): still call the api and report the verdict honestly. if the result is unscanned, append: "yes, even the security scanner's own skill hasn't been scanned yet. we practice what we preach , treat unscanned skills with caution."
all output is formatted as structured markdown. the verdict code determines the template:
safe:
## PYX Scan: {owner}/{name}
**Verdict: SAFE** , This skill has been scanned and verified safe.
**Trust Score:** {trust_score}/10 | **Risk Score:** {risk_score}/10 | **Confidence:** {confidence}%
**Intent:** {intent} | **Status:** {status}
### Summary
{summary}
### About
**Purpose:** {about.purpose}
**Capabilities:** {about.capabilities as bullet list}
**Permissions Required:** {about.permissions_required as bullet list}
[View full report]({detail_url}) | [Badge]({badge_url})
outdated:
## PYX Scan: {owner}/{name}
**Verdict: OUTDATED** , Last scan was safe, but the skill has been updated since.
The scanned commit (`{scanned_commit}`) no longer matches the latest (`{latest_commit}`).
The new version has NOT been reviewed. Proceed with caution.
**Trust Score:** {trust_score}/10 | **Risk Score:** {risk_score}/10
**Last Safe Commit:** {last_safe_commit}
### Summary
{summary}
[View full report]({detail_url})
caution:
## PYX Scan: {owner}/{name}
**Verdict: CAUTION** , This skill has potential risks that need your attention.
**Trust Score:** {trust_score}/10 | **Risk Score:** {risk_score}/10 | **Confidence:** {confidence}%
**Intent:** {intent} | **Status:** {status}
### Summary
{summary}
### About
**Purpose:** {about.purpose}
**Permissions Required:** {about.permissions_required as bullet list}
**Security Notes:** {about.security_notes}
**Do you want to proceed despite the caution rating?** Please confirm before installing or using this skill.
[View full report]({detail_url})
failed:
## PYX Scan: {owner}/{name}
**Verdict: FAILED** , This skill has been flagged as dangerous. Do NOT install or use it.
**Trust Score:** {trust_score}/10 | **Risk Score:** {risk_score}/10 | **Confidence:** {confidence}%
**Intent:** {intent} | **Status:** {status}
### Summary
{summary}
### About
**Security Notes:** {about.security_notes}
[View full report]({detail_url})
unscanned:
## PYX Scan: {owner}/{name}
**Verdict: UNSCANNED** , This skill has not been scanned by PYX Scanner.
No safety data is available. You should:
1. Review the skill's source code manually before use
2. Check the skill's repository for known issues
3. Request a scan at https://scanner.pyxmate.com
error:
## PYX Scan: {owner}/{name}
**Verdict: ERROR** , {error_message}
Safety could not be verified. Treat this skill as unverified until you can confirm its safety.
sections with null or empty values are omitted. markdown is always returned; raw json is never output.
the user knows the skill worked when: