Dify logo
Dify logo
Marketplace
app icon
skillward
0.0.8

SkillWard enables security review of AI Agent Skills before they are published or deployed, reducing the potential risks of Agent usage. Beyond static analysis and LLM evaluation, it executes suspicious Skills in isolated Docker sandboxes, replacing uncertain warnings with runtime evidence.

fangcunai/skillward1 installs
Install

SkillWard

Author: Fangcun-AI
Version: 0.0.8
Type: Tool plugin

SkillWard scans AI Agent Skills before they are published or deployed. This Dify tool plugin connects a Dify workflow to a running SkillWard service and returns a structured security report.

This Marketplace release focuses on one stable workflow: upload a Skill archive from Dify and scan it through the hosted SkillWard backend.

Current Scope

Version exposes the tool only.

The tool accepts a , , or archive that contains an Agent Skill. The archive must include . The plugin forwards the archive to the SkillWard endpoint; the backend extracts it into a temporary directory, scans it, and removes the temporary files after the scan.

Roadmap

SkillWard is under active development. A major update is planned after this initial Marketplace release. The next major version is expected to improve the hosted scanning workflow and provide a more polished security report experience.

Setup

Configure the provider credential:

  • :

For self-hosted testing, you can point to your own SkillWard base URL, for example .

When Dify runs in Docker on macOS, usually points to the Dify container, not your host machine. Use , a tunnel URL, or a deployed SkillWard API URL instead.

Usage

Add the tool to a Dify Workflow, Chatflow, or Agent.

Expected input:

  • : A single uploaded , , or archive containing the Agent Skill.
  • : Whether to enable SkillWard LLM safety evaluation.
  • : Whether to enable Docker sandbox runtime verification.
  • : Whether to enable post-runtime tool-chain analysis.
  • : Report language, or .

Expected output:

  • : A short human-readable scan summary.
  • : The full structured SkillWard scan report.
  • : The SkillWard verdict, such as or .
  • : Name of the scanned Skill when available.
  • : Error details when the scan request fails.

Hosted Backend

With the hosted SkillWard backend, model evaluation and Docker sandbox runtime checks run in the SkillWard API service. They do not run inside the Dify plugin process.

The Dify plugin only packages the request, sends it to SkillWard , and returns the result to the workflow.

Self-Hosted Backend

If you are testing against a local SkillWard backend, start first:

Verify the service:

Then set in the plugin credentials to the URL that Dify can reach.

CATEGORY
Tool
VERSION
0.0.8
fangcunai·06/27/2026 11:06 AM
REPOSITORY
https://github.com/Fangcun-AI/SkillWard
REQUIREMENTS
LLM invocation
Tool invocation
App invocation
Endpoint registration
Maximum memory
256MB
Maximum storage
1MB