aegis-audit_skill

This skill performs deterministic static security audits of AI agent skills to help you review and approve trustable tools before use.
  • Python

2.5k

GitHub Stars

4

Bundled Files

2 months ago

Catalog Refreshed

4 months ago

First Indexed

Readme & install

Copy the install command, review bundled files from the catalogue, and read any extended description pulled from the listing source.

Installation

Preview and clipboard use veilstrat where the catalogue uses aiagentskills.

npx veilstrat add skill openclaw/skills --skill aegis-audit

  • _meta.json281 B
  • CHANGELOG.md316 B
  • LICENSING.md3.4 KB
  • SKILL.md10.1 KB

Overview

This skill performs a deep behavioral security audit for AI agent skills and MCP tools. It runs deterministic static analysis, generates cryptographic lockfiles, and can optionally add an LLM-powered intent review. Use it to produce CWE-mapped, OWASP-tagged, line-referenced security reports before installing or deploying any skill or tool.

How this skill works

The scanner parses code with AST analysis, runs Semgrep and 15 specialized detectors (secrets, shell, JS, Dockerfile, taint analysis, etc.) to enumerate exact capabilities and risky patterns. It produces a reproducible deterministic payload (findings, scope-resolved capabilities, and a 0–100 risk score) and can generate an Ed25519-signed Merkle lockfile for tamper detection. Optionally, you may enable an LLM second opinion that annotates intent and suggests mitigations; LLM mode is disabled by default and sends data only when you configure an API key.

When to use it

  • Before installing or approving any new skill, tool, plugin, or MCP server
  • During pre-deployment review or continuous integration for skills and tools
  • When auditing archived skill versions or third-party packages
  • To generate a tamper-evident signed snapshot (aegis.lock) for provenance
  • When you need CWE/OWASP-mapped, line-referenced evidence rather than a brief safety summary

Best practices

  • Run scans offline by default; enable LLM analysis only when you accept provider data handling
  • Pin Aegis to a specific version and verify the publisher before installing
  • Commit aegis.lock alongside the skill to ensure reproducible verification
  • Treat PROHIBITED findings as blockers and document or remediate RESTRICTED findings
  • Use JSON output in CI pipelines to gate deployments based on deterministic risk scores

Example use cases

  • Scan a downloaded skill directory before importing into an agent runtime
  • Integrate aegis scan --json --no-llm into CI to fail builds for high-risk findings
  • Generate and commit aegis.lock for published skills so recipients can verify integrity
  • Run aegis mcp-serve to expose scan and verify tools to MCP-aware clients like Cursor
  • Use the persona classifier to triage manual review workload (Permission Goblin, Spaghetti Monster)

FAQ

No. Deterministic static scans are fully offline by default and do not transmit code.

What does enabling LLM analysis do?

LLM analysis sends scanned code to the configured provider for intent annotations and a non-deterministic risk adjustment. It is disabled unless you explicitly configure an API key.

Built by
VeilStrat
AI signals for GTM teams
© 2026 VeilStrat. All rights reserved.All systems operational