kurtpayne/skillscan-detector-v4

SkillScan Detector v4

A fine-tuned Qwen2.5-1.5B-Instruct model for detecting security threats in AI agent skill files.

What it does

Analyzes AI agent skill files (.md) and outputs structured JSON with:

• Verdict: benign or malicious
• Labels: specific attack types detected
• Confidence: 0-1 score
• Reasoning: human-readable explanation citing evidence from the text

Attack types detected

Class	F1	Precision	Recall
path_traversal	0.857	0.882	0.833
social_engineering	0.857	0.750	1.000
prompt_injection	0.474	0.941	0.317
code_injection	0.424	0.438	0.412
supply_chain	0.340	0.258	0.500
evasion	0.308	0.182	1.000
data_exfiltration	0.148	0.080	1.000

Macro F1: 0.487 | Verdict accuracy: 85.2% | Parse failures: 1.2%

Usage with llama-cpp-python

Requirement already satisfied: llama-cpp-python in /opt/homebrew/lib/python3.11/site-packages (0.3.20) Requirement already satisfied: typing-extensions>=4.5.0 in /opt/homebrew/lib/python3.11/site-packages (from llama-cpp-python) (4.15.0) Requirement already satisfied: numpy>=1.20.0 in /opt/homebrew/lib/python3.11/site-packages (from llama-cpp-python) (1.26.4) Requirement already satisfied: diskcache>=5.6.1 in /opt/homebrew/lib/python3.11/site-packages (from llama-cpp-python) (5.6.3) Requirement already satisfied: jinja2>=2.11.3 in /opt/homebrew/lib/python3.11/site-packages (from llama-cpp-python) (3.1.4) Requirement already satisfied: MarkupSafe>=2.0 in /opt/homebrew/lib/python3.11/site-packages (from jinja2>=2.11.3->llama-cpp-python) (2.0.1)

Download the GGUF model: ⚠️ Warning: 'huggingface-cli download' is deprecated. Use 'hf download' instead.

Model details

• Base model: Qwen/Qwen2.5-1.5B-Instruct (Apache 2.0)
• Fine-tuning: QLoRA (r=32, alpha=64) on 20,035 teacher-distilled examples
• Teachers: Claude Sonnet + GPT-4o (structured security analysis)
• Quantization: GGUF Q4_K_M (935 MB)
• Inference: CPU-only via llama.cpp, ~2-4s per file
• License: Apache 2.0

Files

File	Size	Description
	935 MB	Quantized model for CPU inference
	3.1 GB	Full FP16 weights

Part of SkillScan

This model is used by skillscan-security, the open-source CLI scanner for AI agent skill files.

Requirement already satisfied: skillscan-security[ml] in /opt/homebrew/lib/python3.11/site-packages (0.8.0) Requirement already satisfied: typer>=0.12.3 in /opt/homebrew/lib/python3.11/site-packages (from skillscan-security[ml]) (0.15.1) Requirement already satisfied: rich>=13.7.1 in /opt/homebrew/lib/python3.11/site-packages (from skillscan-security[ml]) (14.3.3) Requirement already satisfied: pydantic>=2.7.1 in /opt/homebrew/lib/python3.11/site-packages (from skillscan-security[ml]) (2.9.2) Requirement already satisfied: pyyaml>=6.0.1 in /opt/homebrew/lib/python3.11/site-packages (from skillscan-security[ml]) (6.0.1) Requirement already satisfied: nltk>=3.9.1 in /opt/homebrew/lib/python3.11/site-packages (from skillscan-security[ml]) (3.9.1) Requirement already satisfied: transformers>=4.40.0 in /opt/homebrew/lib/python3.11/site-packages (from skillscan-security[ml]) (5.5.1) Requirement already satisfied: torch>=2.2.0 in /opt/homebrew/lib/python3.11/site-packages (from skillscan-security[ml]) (2.6.0) Requirement already satisfied: peft>=0.9.0 in /opt/homebrew/lib/python3.11/site-packages (from skillscan-security[ml]) (0.14.0) Requirement already satisfied: click in /opt/homebrew/lib/python3.11/site-packages (from nltk>=3.9.1->skillscan-security[ml]) (8.1.7) Requirement already satisfied: joblib in /opt/homebrew/lib/python3.11/site-packages (from nltk>=3.9.1->skillscan-security[ml]) (1.4.2) Requirement already satisfied: regex>=2021.8.3 in /opt/homebrew/lib/python3.11/site-packages (from nltk>=3.9.1->skillscan-security[ml]) (2026.4.4) Requirement already satisfied: tqdm in /opt/homebrew/lib/python3.11/site-packages (from nltk>=3.9.1->skillscan-security[ml]) (4.67.0) Requirement already satisfied: numpy>=1.17 in /opt/homebrew/lib/python3.11/site-packages (from peft>=0.9.0->skillscan-security[ml]) (1.26.4) Requirement already satisfied: packaging>=20.0 in /opt/homebrew/lib/python3.11/site-packages (from peft>=0.9.0->skillscan-security[ml]) (24.2) Requirement already satisfied: psutil in /opt/homebrew/lib/python3.11/site-packages (from peft>=0.9.0->skillscan-security[ml]) (6.1.0) Requirement already satisfied: accelerate>=0.21.0 in /opt/homebrew/lib/python3.11/site-packages (from peft>=0.9.0->skillscan-security[ml]) (1.1.1) Requirement already satisfied: safetensors in /opt/homebrew/lib/python3.11/site-packages (from peft>=0.9.0->skillscan-security[ml]) (0.4.5) Requirement already satisfied: huggingface-hub>=0.25.0 in /opt/homebrew/lib/python3.11/site-packages (from peft>=0.9.0->skillscan-security[ml]) (1.10.1) Requirement already satisfied: annotated-types>=0.6.0 in /opt/homebrew/lib/python3.11/site-packages (from pydantic>=2.7.1->skillscan-security[ml]) (0.7.0) Requirement already satisfied: pydantic-core==2.23.4 in /opt/homebrew/lib/python3.11/site-packages (from pydantic>=2.7.1->skillscan-security[ml]) (2.23.4) Requirement already satisfied: typing-extensions>=4.6.1 in /opt/homebrew/lib/python3.11/site-packages (from pydantic>=2.7.1->skillscan-security[ml]) (4.15.0) Requirement already satisfied: markdown-it-py>=2.2.0 in /opt/homebrew/lib/python3.11/site-packages (from rich>=13.7.1->skillscan-security[ml]) (3.0.0) Requirement already satisfied: pygments<3.0.0,>=2.13.0 in /opt/homebrew/lib/python3.11/site-packages (from rich>=13.7.1->skillscan-security[ml]) (2.18.0) Requirement already satisfied: filelock in /opt/homebrew/lib/python3.11/site-packages (from torch>=2.2.0->skillscan-security[ml]) (3.25.2) Requirement already satisfied: networkx in /opt/homebrew/lib/python3.11/site-packages (from torch>=2.2.0->skillscan-security[ml]) (3.4.2) Requirement already satisfied: jinja2 in /opt/homebrew/lib/python3.11/site-packages (from torch>=2.2.0->skillscan-security[ml]) (3.1.4) Requirement already satisfied: fsspec in /opt/homebrew/lib/python3.11/site-packages (from torch>=2.2.0->skillscan-security[ml]) (2024.9.0) Requirement already satisfied: sympy==1.13.1 in /opt/homebrew/lib/python3.11/site-packages (from torch>=2.2.0->skillscan-security[ml]) (1.13.1) Requirement already satisfied: mpmath<1.4,>=1.1.0 in /opt/homebrew/lib/python3.11/site-packages (from sympy==1.13.1->torch>=2.2.0->skillscan-security[ml]) (1.3.0) Requirement already satisfied: tokenizers<=0.23.0,>=0.22.0 in /opt/homebrew/lib/python3.11/site-packages (from transformers>=4.40.0->skillscan-security[ml]) (0.22.2) Requirement already satisfied: shellingham>=1.3.0 in /opt/homebrew/lib/python3.11/site-packages (from typer>=0.12.3->skillscan-security[ml]) (1.5.4) Requirement already satisfied: hf-xet<2.0.0,>=1.4.3 in /opt/homebrew/lib/python3.11/site-packages (from huggingface-hub>=0.25.0->peft>=0.9.0->skillscan-security[ml]) (1.4.3) Requirement already satisfied: httpx<1,>=0.23.0 in /opt/homebrew/lib/python3.11/site-packages (from huggingface-hub>=0.25.0->peft>=0.9.0->skillscan-security[ml]) (0.27.2) Requirement already satisfied: mdurl~=0.1 in /opt/homebrew/lib/python3.11/site-packages (from markdown-it-py>=2.2.0->rich>=13.7.1->skillscan-security[ml]) (0.1.2) Requirement already satisfied: MarkupSafe>=2.0 in /opt/homebrew/lib/python3.11/site-packages (from jinja2->torch>=2.2.0->skillscan-security[ml]) (2.0.1) Requirement already satisfied: anyio in /opt/homebrew/lib/python3.11/site-packages (from httpx<1,>=0.23.0->huggingface-hub>=0.25.0->peft>=0.9.0->skillscan-security[ml]) (4.6.2.post1) Requirement already satisfied: certifi in /opt/homebrew/lib/python3.11/site-packages (from httpx<1,>=0.23.0->huggingface-hub>=0.25.0->peft>=0.9.0->skillscan-security[ml]) (2024.8.30) Requirement already satisfied: httpcore==1.* in /opt/homebrew/lib/python3.11/site-packages (from httpx<1,>=0.23.0->huggingface-hub>=0.25.0->peft>=0.9.0->skillscan-security[ml]) (1.0.7) Requirement already satisfied: idna in /opt/homebrew/lib/python3.11/site-packages (from httpx<1,>=0.23.0->huggingface-hub>=0.25.0->peft>=0.9.0->skillscan-security[ml]) (3.10) Requirement already satisfied: sniffio in /opt/homebrew/lib/python3.11/site-packages (from httpx<1,>=0.23.0->huggingface-hub>=0.25.0->peft>=0.9.0->skillscan-security[ml]) (1.3.1) Requirement already satisfied: h11<0.15,>=0.13 in /opt/homebrew/lib/python3.11/site-packages (from httpcore==1.*->httpx<1,>=0.23.0->huggingface-hub>=0.25.0->peft>=0.9.0->skillscan-security[ml]) (0.14.0) intel refresh updated=9 skipped=0 errors=0 Scan failed: Target does not exist: path/to/skill