SkillProvenance Scan

Review guide

Claude Skill Provenance Review for Teams

Review Claude skill provenance, authorship, repository source, permissions, install steps, and upgrade changes before team adoption.

Open scan preview

What this search usually needs

Claude skill provenance review focuses on the trust chain behind a skill: who maintains it, which repository or package it came from, what files it references, and whether its instructions or install steps try to overreach. Buyers and IT teams use this review before approving a skill for repeated work.

Where it applies

  • A Claude skill author wants to share a report with buyers or internal security reviewers.
  • A team is adopting skills from multiple contributors and needs a common review rubric.
  • A compliance reviewer needs evidence that credentials are not requested in unsafe ways.

How to run the review

  1. Collect the skill directory, repository URL, release tag, and license.
  2. Parse SKILL.md for system-like language, credentials, external calls, and privileged installation steps.
  3. Inspect referenced scripts and supporting files for hidden behavior.
  4. Map source, version, author, forks, and recent commits into a provenance graph.
  5. Attach findings to an allowlist decision or trust report.

Common risks to catch

  • A skill can include prompt-injection style text that tries to override the agent runtime.
  • Credential requests may appear as setup guidance rather than a declared dependency.
  • Repository ownership changes or stale maintainership can create long-term adoption risk.

Use SkillProvenance Scan for this review

SkillProvenance Scan gives Claude skill teams a provenance graph, injection scan, permission inventory, and exportable trust report without turning the review into a manual checklist.

Open scan preview View pricing plans