Data We Process
SkillSecurity processes the SKILL.md text, exact public SKILL.md URL and in-scope same-repository files explicitly referenced by that URL, or local Skill zip content you submit in order to produce a static skills security report. All scans are static: we never execute scanned Skill code, install dependencies, or run subprocesses on behalf of scanned content.
Reports and Retention
Report metadata is stored in a database and report bodies are stored in object storage. Paste and local upload reports expire according to the product retention window. After expiration, the report body is unavailable — only limited metadata remains to show the expired state.
Operations and Security
The service records request IDs, statuses, error codes, rate-limit events, share-card generation events, and similar operational signals for troubleshooting, abuse prevention, and service reliability. When Turnstile is enabled, your browser obtains a challenge token from Cloudflare and the server verifies it.
Contact
For privacy, security, or false-positive concerns, contact support@skillsecurity.net.