I built this after the ClawHavoc campaign (341 malicious skills in 3 days, Jan 2026) and after Snyk's ToxicSkills audit, which showed that 13.4% of skills contain critical security issues. There was no OSS scanner, so I built one. 12 rules, zero dependencies, works on Claude SKILL.md, CLAUDE.md, AGENTS.md, and MCP tool definitions. Would love feedback on rule coverage.