SkillGate is a CLI-first security gate for AI agent code. It scans risks and blocks unsafe changes before deployment.

Which languages does SkillGate support?

SkillGate supports 7 languages: Python, JavaScript, TypeScript, Shell/Bash, Go, Rust, and Ruby, with 120 detection rules.

Does SkillGate execute my code?

No. SkillGate uses static analysis with AST parsing and regex patterns. Your code is never executed and never leaves your environment.

How does SkillGate integrate with CI/CD?

SkillGate provides integrations for GitHub Actions, GitLab CI, and Bitbucket Pipelines. It can block PRs on policy failures and upload SARIF to GitHub Security.

Does SkillGate support Claude Code and Codex CLI?

Yes. SkillGate protects Claude Code and Codex CLI workflows with policy checks before risky commands run.

Can SkillGate protect OpenClaw and other local AI agents?

Yes. SkillGate can wrap agent CLI execution paths and apply the same runtime checks for OpenClaw and similar local AI agent runtimes.

How is SkillGate tested for real agent behavior?

SkillGate runs capability testbed regressions built from public agent skill repositories and app examples to verify policy decisions against realistic tool-call patterns.

What are signed attestations?

SkillGate generates Ed25519-signed reports that cryptographically prove scan results haven't been tampered with. Verify with `skillgate verify`.

Pricing | SkillGate

From First Scan to Production Protection

Flexible Pricing

Pricing That Grows With Your Team

Start with local visibility, then add CI blocking and runtime enforcement as you scale.

Free: basic visibility. Pro: stronger policy checks. Team: CI protection across repos. Enterprise: advanced controls and evidence for high-trust environments.

SkillGate Control Stack

Three layers: static policy checks, CI enforcement, then runtime and org controls.

Coverage Progression

Local and Policy ChecksCI and Team ProtectionProduction and Org Controls

Billing

Yearly saves 17%

Developer VisibilityTeam EnforcementOrg Control Plane

LEach step adds stronger prevention and tighter runtime boundaries.

Pick a plan by how much control you need in real production paths.

Local and Policy Checks

Start with practical scanning and clear policy decisions.

Local Checks

Free

Visibility only. No enforcement.

Designed for: Individual AI developers

Developer visibility

Governance Depth

$0forever

Run your first security scans for agent skills.

Static Governance

3 scans per day
Baseline risk scoring
Top 5 findings per scan
Python, JS, TS, Shell analysis
CLI output (human-readable)
No policy enforcement
No signed attestations
No CI/CD integration

Pro

Detect issues, but cannot block production merges.

Designed for: Freelancers and solo AI builders

Full static governance

Governance Depth

$41/month, billed annually

Save 17% with annual billing

Full static policy controls for individual developers and freelancers.

Static Governance + Policy Engine

Unlimited scans
All 7 languages (+ Go, Rust, Ruby)
120 detection rules
Markdown and multi-artifact detection
Full risk scoring with severity + confidence breakdown
Policy customization (YAML)
Ed25519 signed attestation reports
Capability modeling and simulation
JSON + SARIF output formats
Email support
No CI/CD PR blocking

CI and Team Protection

Protect pull requests and keep standards consistent across repos.

Team Workflow Protection

Team

Enforce in CI, but runtime still uncontrolled.

Designed for: Engineering teams shipping AI workflows

Engineering team governance

Governance Depth

$83/month, billed annually

Save 17% with annual billing

CI enforcement and fleet controls for engineering teams.

Static + Policy + CI + Fleet Governance

Everything in Pro
Fleet-wide scanning controls
Multi-skill summaries with deterministic outputs
GitHub Action PR blocking
GitLab CI / Bitbucket Pipelines
Low-noise deterministic PR annotations
SARIF upload to GitHub Security tab
Org policy presets and drift detection
Central team dashboard
Slack/webhook alerts
Org risk posture summary
Up to 15 seats
Priority support
No dedicated signing keys

Production and Org Controls

Add stronger controls for production workflows and enterprise requirements.

Organization-Wide Controls

AI Agent Control Plane

Production Tier

Enterprise

Enforce at execution boundary.

Designed for: Regulated AI platforms

Foundational security infrastructure

Governance Depth

CustomAnnual contract

Runtime security control plane for regulated enterprise execution.

Full Control Stack

Runtime Budgets
Trust DAG
Compliance Exports

View Runtime Control Path

Skill -> Policy Engine -> Runtime Gateway -> Capability Budgets -> Lineage DAG

EU AI ActSOC2On-premAir-gapSigned AI-BOM

Everything in Team + regulated runtime controls
Runtime capability budgets
Transitive risk & trust propagation graph
Signed AI-BOM with cryptographic provenance
Org-wide policy simulation and rollout planning
Private relay and air-gapped deployment modes
Signed reputation graph integration
Authoritative entitlement APIs and signed decision logs
View all enterprise capabilities
- Audit-grade export bundles
- Control-mapping evidence (EU AI Act, SOC 2, internal controls)
- Unlimited seats
- On-prem and hybrid entitlement enforcement
- Dedicated support engineer
- Custom SLAs

Custom onboarding plan
Architecture and security review support
Dedicated support engineer

When Teams Usually Move to Team

You need reliable merge blocking in CI, not just warnings.
You need one view across multiple repos and skill bundles.
You need policy drift tracking at the org level.

When Programs Move to Enterprise

You must enforce controls at runtime, not only at PR time.
You need evidence packs ready for reviews and audits.
You require private relay or disconnected deployment models.
You need clear decision logs for security and compliance teams.

Compare Plans Across the Full Control Plane

Full capability matrix across policy, CI, runtime, and compliance needs.

Capability	Free	Pro	Team	Enterprise
Static Governance Static governance baseline scans	Included	Included	Included	Included
Policy-as-code customization	Not included	Included	Included	Included
Signed attestations and verification	Not included	Included	Included	Included
CI & Fleet Governance Fleet-wide scanning across multiple skills and repositories	Not included	Not included	Included	Included
CI/CD PR blocking and deterministic annotations	Not included	Not included	Included	Included
Org risk posture summaries and drift controls	Not included	Not included	Included	Included
Runtime & Org Control Plane Runtime capability budgets	Not included	Not included	Not included	Included
Transitive risk and trust propagation graph	Not included	Not included	Not included	Included
Org-scale policy simulation and rollout modeling	Not included	Not included	Included	Included
Private relay and air-gapped enforcement modes	Not included	Not included	Not included	Included
Audit export bundles and control-mapping evidence workflows	Not included	Not included	Not included	Included
Compliance & Evidence Control mapping evidence packages (EU AI Act, SOC 2, internal controls)	Not included	Not included	Limited	Included
Signed governance decision logs and provenance export support	Not included	Not included	Limited	Included

Procurement Guide Compliance Guide Deployment Guide

Frequently Asked Questions

Can I try SkillGate before paying?

Yes. Free includes 3 scans per day and no credit card is required. Install with `pipx install skillgate` or `npx @skillgate-io/cli version` and run your first scan right away.

What happens when I exceed the Free tier limit?

You get a clear daily-limit message. Upgrade to Pro for unlimited scans. Your existing results stay intact.

Can I cancel anytime?

Yes. Cancel auto-renew anytime in the Stripe Customer Portal. Monthly plans end at period close. Annual plans stay active through the paid term.

Do you offer annual discounts?

Yes. Pro and Team include annual billing at a lower effective monthly rate. Enterprise is annual and contract-based.

Is my code sent to your servers?

No by default. Scans run locally, and code stays local unless you explicitly use hosted API features. Private signing keys remain local.

What CI/CD systems are supported?

GitHub Actions (with PR blocking and SARIF), GitLab CI, and Bitbucket Pipelines are supported out of the box. Any CI that can run a Python CLI can run SkillGate.

How does the Team plan differ from Pro?

Pro focuses on stronger policy checks. Team adds CI blocking, PR feedback, fleet scans (`--fleet`), and shared visibility across repos.

What makes Enterprise different from Team?

Enterprise adds advanced production controls, private deployment options, and evidence workflows for security and compliance reviews.