AI Skill Security Auditor — A premium security audit platform that scans AI skill definitions for vulnerabilities and provides actionable remediation guidance.
Paste or upload any AI skill file (SKILL.md, configs, scripts) and get an instant deep security analysis. SkillSentinel scans for 28 vulnerability categories and returns a scored report with severity-tagged findings, remediation steps, and an AI-powered option to automatically harden the skill.
- 28 Pattern Categories — Detects eval/Function constructor, shell commands, hardcoded secrets, prompt injection, path traversal, SSRF, prototype pollution, weak cryptography, CORS misconfigurations, sensitive data in logs, and more.
- Sentinel Score Dial — Animated 0–100 score with a color-coded SVG arc (green → safe, cyan → low risk, amber → medium, red → critical).
- AI Nutrition Label — 10-metric profile: network calls, file system access, code execution, hardcoded secrets, shell commands, data exfiltration risk, permission escalation, prompt injection susceptibility, path traversal, and total lines of code.
- Detailed Findings — Each vulnerability includes severity, category, description, the offending code snippet with line number, and step-by-step remediation.
- Secure & Improve — Powered by Google Gemini. Rewrites your skill with all vulnerabilities fixed while preserving functionality.
- Iterative Hardening — Runs up to 3 passes, targeting a score of 80+ out of 100.
- Copy & Download — Export the improved skill directly from the results modal.
- Drag-and-drop or file picker
- Supported formats:
.md.txt.yaml.yml.json.js.ts.py.toml.cfg.conf - Up to 5 MB per file
- Authentication — Sign in with Google, GitHub, Apple, or email (via OpenID Connect)
- Skill Registry — Searchable history of all your past audits, scoped to your account
- Feedback System — 1–5 star rating with category tags and optional message
- 3 Free Uses — Every account gets 3 free "Secure & Improve" runs
- Credit System — After free uses, each improvement costs 1 credit ($2)
- PayPal Checkout — Purchase credits directly in the app via PayPal
| Layer | Technology |
|---|---|
| Frontend | React, TypeScript, Vite, Tailwind CSS, shadcn/ui, Framer Motion |
| Backend | Express, Node.js, TypeScript |
| Database | PostgreSQL, Drizzle ORM |
| Auth | Replit Auth (OpenID Connect) |
| AI | Google Gemini (@google/genai) |
| Payments | PayPal Server SDK |
| Routing | wouter (client), Express (server) |
| Data Fetching | TanStack Query v5 |
shared/
schema.ts # Drizzle schema + Zod types
server/
index.ts # Express entry point
routes.ts # API routes (all authenticated)
storage.ts # Database storage interface
db.ts # Drizzle + pg pool
analyzer.ts # Static analysis engine (28 patterns)
gemini.ts # Gemini AI client
paypal.ts # PayPal SDK setup
seed.ts # Demo data seeder
client/src/
App.tsx # Auth-aware routing
pages/
landing.tsx # Public landing page
home.tsx # Scan input (text + file upload)
report.tsx # Score dial, nutrition label, findings
registry.tsx # Audit history
components/
orb-animation.tsx # Animated orb ingestion
scan-animation.tsx # Live scanning animation
score-dial.tsx # Sentinel Score arc
nutrition-label.tsx # AI Nutrition Label
finding-card.tsx # Vulnerability finding card
glass-panel.tsx # Glassmorphic container
PayPalButton.tsx # PayPal checkout
credits-dialog.tsx # Credit purchase dialog
feedback-dialog.tsx # Feedback form
- Node.js 18+
- PostgreSQL database
- PayPal developer account (for credits feature)
| Variable | Description |
|---|---|
DATABASE_URL |
PostgreSQL connection string |
SESSION_SECRET |
Secret for session encryption |
PAYPAL_CLIENT_ID |
PayPal app client ID |
PAYPAL_CLIENT_SECRET |
PayPal app client secret |
Gemini AI variables (AI_INTEGRATIONS_GEMINI_BASE_URL, AI_INTEGRATIONS_GEMINI_API_KEY) are auto-configured when running on Replit.
npm install
npm run db:push
npm run devThe app starts on port 5000 with Express serving the API and Vite serving the frontend.
Dark glassmorphic UI built for a premium security-tool aesthetic:
- Background:
hsl(230, 15%, 6%) - Neon Cyan:
rgb(0, 210, 211)— primary accent - Neon Purple:
rgb(139, 92, 246)— secondary accent - Emerald:
rgb(16, 185, 129)— success / safe indicators - Fonts: Space Grotesk (headings), JetBrains Mono (code)
- Glassmorphic panels with backdrop blur and subtle neon borders
| Table | Purpose |
|---|---|
users |
User accounts (from Replit Auth) |
sessions |
Auth sessions |
skills |
Uploaded/pasted skill definitions |
audits |
Scan results with score and risk level |
findings |
Individual vulnerability findings per audit |
feedback |
User feedback with star ratings |
user_credits |
Credit balance and free-use tracking |
credit_transactions |
Purchase and usage history |
MIT