🔍
12917 skills
← All skills
Tencent SkillHub · Developer Tools

Aegis Audit

Deep behavioral security audit for AI agent skills and MCP tools. Performs deterministic static analysis (AST + Semgrep + 15 specialized scanners), cryptographic lockfile generation, and optional LLM-powered intent analysis. Use when installing, reviewing, or approving any skill, tool, plugin, or MCP server — especially before first use. Replaces basic safety summaries with full CWE-mapped, OWASP-tagged, line-referenced security reports.

skill openclawclawhub Free
0 Downloads
0 Stars
0 Installs
0 Score
High Signal

Deep behavioral security audit for AI agent skills and MCP tools. Performs deterministic static analysis (AST + Semgrep + 15 specialized scanners), cryptographic lockfile generation, and optional LLM-powered intent analysis. Use when installing, reviewing, or approving any skill, tool, plugin, or MCP server — especially before first use. Replaces basic safety summaries with full CWE-mapped, OWASP-tagged, line-referenced security reports.

⬇ 0 downloads ★ 0 stars Unverified but indexed

Install for OpenClaw

Quick setup
  1. Download the package from Yavira.
  2. Extract the archive and review SKILL.md first.
  3. Import or place the package into your OpenClaw setup.

Requirements

Target platform
OpenClaw
Install method
Manual import
Extraction
Extract archive
Prerequisites
OpenClaw
Primary doc
SKILL.md

Package facts

Download mode
Yavira redirect
Package format
ZIP package
Source platform
Tencent SkillHub
What's included
CHANGELOG.md, LICENSING.md, SKILL.md

Validation

  • Use the Yavira download entry.
  • Review SKILL.md after the package is downloaded.
  • Confirm the extracted package contains the expected setup assets.

Install with your agent

Agent handoff

Hand the extracted package to your coding agent with a concrete install brief instead of figuring it out manually.

  1. Download the package from Yavira.
  2. Extract it into a folder your agent can access.
  3. Paste one of the prompts below and point your agent at the extracted folder.
New install

I downloaded a skill package from Yavira. Read SKILL.md from the extracted folder and install it by following the included instructions. Tell me what you changed and call out any manual steps you could not complete.

Upgrade existing

I downloaded an updated skill package from Yavira. Read SKILL.md from the extracted folder, compare it with my current installation, and upgrade it while preserving any custom configuration unless the package docs explicitly say otherwise. Summarize what changed and any follow-up checks I should run.

Open Send to Agent page Open JSON manifest Open Markdown brief

Trust & source

Release facts

Source
Tencent SkillHub
Verification
Indexed source record
Version
0.1.10

Documentation

ClawHub primary doc Primary doc: SKILL.md 15 sections Open source page

Aegis Audit

Behavioral security scanner for AI agent skills and MCP tools. Aegis is a defensive security auditing tool. It detects malicious patterns in other skills so users can avoid dangerous installs. This skill does not teach or enable attacks — it helps users vet skills before trusting them. The "SSL certificate" for AI agent skills — scan, certify, and govern before you trust. Source: github.com/Aegis-Scan/aegis-scan | Package: pypi.org/project/aegis-audit | License: AGPL-3.0

What Aegis does

Aegis answers the question every agent user should ask: "What can this skill actually do, and should I trust it?" Deterministic static analysis — AST parsing + Semgrep + 15 specialized scanners. Same code = same report, every time. Scope-resolved capabilities — Not just "accesses the filesystem" but exactly which files, URLs, hosts, and ports. Risk scoring — 0-100 composite score with CWE/OWASP-mapped findings and severity tiers. Cryptographic proof — Ed25519-signed lockfile with Merkle tree for tamper detection. Optional LLM analysis — Bring your own key (Gemini, Claude, OpenAI, Ollama, local). Disabled by default. See the privacy notice below before enabling.

Install

Install from PyPI using pip or uv: pip install aegis-audit uv tool install aegis-audit Both commands install the same package. Pin to a specific version when possible (e.g. pip install aegis-audit==1.3.0) and verify the publisher on PyPI before installing. The package source is at github.com/Aegis-Scan/aegis-scan. After install, the aegis CLI is available on your PATH.

Quick start

Aegis runs fully offline by default. No API keys, no network access, no data leaves your machine. aegis scan --no-llm This scans the current directory and produces a security report. All commands default to . (current directory) when no path is given. aegis scan ./some-skill --no-llm

CLI reference

CommandDescriptionaegis scan [path]Full security scan with risk scoringaegis lock [path]Scan + generate signed aegis.lockaegis verify [path]Verify lockfile against current codeaegis badge [path]Generate shields.io badge markdownaegis setupInteractive LLM configuration wizardaegis mcp-serveStart the MCP server (stdio transport)aegis mcp-configPrint MCP config JSON for Cursor / Claude Desktopaegis versionShow the Aegis version Common flags: --no-llm (skip LLM, the default), --json (CI output), -v (verbose).

Lockfiles

Generate a signed lockfile after scanning: aegis lock This produces aegis.lock — a cryptographically signed snapshot of the skill's security state. Commit it alongside the skill so consumers can verify nothing changed. Verify a lockfile: aegis verify If any file was modified since the lockfile was created, the Merkle root will not match and verification fails.

Optional: LLM analysis

Privacy notice: LLM analysis is disabled by default. When enabled, Aegis sends scanned code to the configured third-party LLM provider (Google, OpenAI, or Anthropic). No data is transmitted unless you explicitly configure an API key and run a scan without --no-llm. Do not enable LLM mode on repositories containing secrets or sensitive code unless you trust the provider. To enable LLM analysis, run the interactive setup: aegis setup This saves your config to ~/.aegis/config.yaml. Alternatively, set one of these environment variables: GEMINI_API_KEY — Google Gemini OPENAI_API_KEY — OpenAI ANTHROPIC_API_KEY — Anthropic Claude These environment variables are optional. Aegis works fully offline without them. Only set a key if you want the AI second-opinion feature and accept that scanned code will be sent to the corresponding provider. For local LLM servers (Ollama, LM Studio, llama.cpp, vLLM), see aegis setup — no third-party data transmission occurs with local models.

MCP server

Aegis runs as an MCP server for Cursor, Claude Desktop, and any MCP-compatible client. Three tools are exposed: scan_skill, verify_lockfile, and list_capabilities. Add this to your .cursor/mcp.json: { "mcpServers": { "aegis": { "command": "aegis", "args": ["mcp-serve"] } } } Or generate it automatically: aegis mcp-config Aegis uses stdio transport — no network server needed.

What gets scanned

ScannerWhat it detectsAST Parser750+ Python function/method patterns across 15+ categoriesSemgrep Rules80+ regex rules for Python, JavaScript, and secretsSecret ScannerAPI keys, tokens, private keys, connection strings (30+ patterns)Shell AnalyzerPipe-to-shell, reverse shells, inline execJS AnalyzerXSS, eval, prototype pollution, dynamic importsDockerfile AnalyzerPrivilege escalation, secrets in ENV/ARG, unpinned imagesConfig AnalyzerDangerous settings in YAML, JSON, TOML, INISocial EngineeringMisleading filenames, Unicode tricks, trust manipulationSteganographyHidden payloads in images, homoglyph attacksShadow Module DetectorStdlib-shadowing files (os.py, sys.py in the skill)Combo AnalyzerMulti-capability attack chains (exfiltration, C2, ransomware)Taint AnalysisSource-to-sink data flows (commands, URLs, SQL, paths)Complexity AnalyzerCyclomatic complexity warnings for hard-to-audit functionsSkill Meta AnalyzerSKILL.md vs actual code cross-referencingPersona ClassifierOverall trust profile (LGTM, Permission Goblin, etc.)

Vibe Check personas

Aegis assigns each scanned skill a persona based on deterministic analysis: Cracked Dev — Clean code, smart patterns, minimal permissions. LGTM — Permissions match the intent, scopes are sane, nothing weird. Trust Me Bro — Polished on the outside, suspicious on the inside. You Sure About That? — Messy code, missing pieces, docs that overpromise. Co-Dependent Lover — Tiny logic, huge dependency tree. Supply chain risk. Permission Goblin — Wants everything: filesystem, network, secrets. Spaghetti Monster — Unreadable chaos. High complexity. The Snake — Code that looks clean but is not. Potentially malicious.

JSON output for CI

aegis scan --json --no-llm aegis scan --json --no-llm | jq '.deterministic.risk_score_static' aegis scan --json --no-llm | jq -e '.deterministic.risk_score_static <= 50' The JSON report contains two payloads: Deterministic — Merkle tree, capabilities, findings, risk score (reproducible, signed) Ephemeral — LLM analysis, risk adjustment (non-deterministic, not signed)

For skill developers

Run Aegis on your own skill before publishing: cd ./my-skill aegis scan --no-llm -v Fix PROHIBITED findings. Document RESTRICTED ones. Ship with an aegis.lock: aegis lock See the Skill Developer Best Practices guide.

Architecture

aegis scan ./skill | +-- coordinator.py File discovery (git-aware / directory walk) +-- ast_parser.py AST analysis + pessimistic scope extraction +-- secret_scanner.py 30+ secret patterns +-- shell_analyzer.py Dangerous shell patterns +-- js_analyzer.py JS/TS vulnerability patterns +-- config_analyzer.py YAML/JSON/TOML/INI risky settings +-- combo_analyzer.py Multi-capability attack chains +-- taint_analyzer.py Source-to-sink data flow tracking +-- binary_detector.py External binary classification +-- social_eng_scanner Social engineering detection +-- stego_scanner Steganography + homoglyphs +-- hasher.py Lazy Merkle tree +-- signer.py Ed25519 signing +-- rule_engine.py Policy evaluation +-- reporter/ JSON + Rich console output | v aegis_report.json + aegis.lock

License

Aegis is dual-licensed: Open Source: AGPL-3.0 — free to use, modify, and distribute. Network service deployments must release source. Commercial: Proprietary license available for embedding in proprietary products, running without source disclosure, SLAs, and support. See LICENSING.md for full details.

Contributing

Contributions welcome. By contributing, you agree to the Contributor License Agreement. cd aegis-core pip install -e ".[dev]" pytest Python 3.11+ required. No network access needed for deterministic scans. Works offline.

Category context

Code helpers, APIs, CLIs, browser automation, testing, and developer operations.

Source: Tencent SkillHub

Largest current source with strong distribution and engagement signals.

Package contents

Included in package
3 Docs
  • SKILL.md Primary doc
  • CHANGELOG.md Docs
  • LICENSING.md Docs

Related skills

readyClaw Free
Featured

API Architect

Design contracts before code

Designs contracts before implementation and treats REST, GraphQL, and gRPC as tools rather than dogma.

Developer Tools agent claude
souls.zip $149
Featured

The Dev Team

A four-agent engineering squad for shipping products

Four-agent engineering team spanning CTO, frontend, backend, and design roles, built to mirror the stack behind souls.zip.

Developer Tools team openclaw
readyClaw Free
Featured

Web Platform Engineer

Build for the open web with strong fundamentals

A web engineering agent grounded in HTML semantics, CSS layout systems, and browser-native resilience.

Developer Tools agent claude