Behavioral security scanner for AI agent skills and MCP tools โ scan, certify, and govern.
Project description
Aegis Audit ๐ฆ
Behavioral security scanner for AI agent skills, like on OpenClaw, and MCP tools.
The "SSL certificate" for AI agent skills โ scan, certify, and govern before you trust.
Aegis answers the question every agent user should ask: "What can this skill actually do, and should I trust it?"
Why Aegis?
AI agents install and run skills with broad system access. Today, you're trusting them blindly. Aegis gives you:
- Deterministic static analysis โ AST parsing + Semgrep + 15 specialized scanners. Same code = same report, every time.
- Scope-resolved capabilities โ Not just "accesses the filesystem" but exactly which files, URLs, hosts, and ports.
- Risk scoring โ 0โ100 composite score with CWE/OWASP-mapped findings and severity tiers.
- Cryptographic proof โ Ed25519-signed lockfile with Merkle tree for tamper detection.
- Optional LLM analysis โ Bring your own key (Gemini, Claude, OpenAI, Ollama, local).
| Feature | Basic Safety Summary | Aegis Audit |
|---|---|---|
| Detection method | LLM reads README | AST + Semgrep + 15 scanners |
| Deterministic | No | Yes |
| Capabilities | High-level categories | Scope-resolved (files/URLs/ports) |
| Vulnerability detection | None | 700+ patterns, CWE-mapped |
| Secret scanning | None | 30+ token patterns |
| Obfuscation detection | None | Base64-exec, homoglyphs, stego |
| Tamper detection | None | Ed25519-signed Merkle tree |
| Fix suggestions | None | Actionable remediation per finding |
Quick Start
1. Install
pip install aegis-audit
2. Scan a skill
# Scan the current directory (deterministic, no API key needed)
aegis scan --no-llm
# Scan a specific path
aegis scan ./some-skill --no-llm
Tip: All commands default to
.(the current directory) when no path is given. Most userscdinto a skill and runaegis scanfrom there.
3. (Optional) Add LLM analysis
# Interactive setup โ choose provider, model, paste API key
aegis setup
# Then scan with LLM enabled (it's on by default when configured)
aegis scan
aegis setup saves your config to ~/.aegis/config.yaml. You can also set an environment variable instead โ env vars always take priority over the config file:
export GEMINI_API_KEY=your-key # or OPENAI_API_KEY, ANTHROPIC_API_KEY
aegis scan
4. Generate a signed lockfile
aegis lock
This runs a full scan and generates aegis.lock โ a cryptographically signed snapshot of the skill's security state. Commit it alongside the skill so consumers can verify nothing changed.
5. Verify a lockfile
aegis verify
Checks that the current code matches the signed aegis.lock. If any file was modified, the Merkle root won't match and verification fails.
CLI Reference
| Command | Description |
|---|---|
aegis scan [path] |
Full security scan with risk scoring |
aegis lock [path] |
Scan + generate signed aegis.lock |
aegis verify [path] |
Verify lockfile against current code |
aegis badge [path] |
Generate shields.io badge markdown |
aegis setup |
Interactive LLM configuration wizard |
aegis mcp-serve |
Start the MCP server (stdio transport) |
aegis mcp-config |
Print MCP config JSON for Cursor / Claude Desktop |
aegis version |
Show the Aegis version |
All commands that take [path] default to . (current directory). Common flags: --no-llm (skip LLM), --json (CI output), -v (verbose). Run aegis scan --help (or aegis lock --help, etc.) for full flags.
LLM Setup
Aegis works fully offline with deterministic analysis. LLM analysis is optional โ it adds an AI second opinion on intent and risk but is never required.
Option A: Interactive setup (recommended)
aegis setup
This walks you through:
- Choose a provider โ Gemini, Claude, OpenAI, or a local server (Ollama, LM Studio, llama.cpp, vLLM)
- Pick a model โ curated list per provider, or enter a custom model ID
- Paste your API key โ hidden input, tested before saving
Config is saved to ~/.aegis/config.yaml. Run aegis setup again anytime to change it.
Option B: Environment variables
Set one of these and Aegis picks it up automatically:
| Variable | Provider |
|---|---|
GEMINI_API_KEY |
Google Gemini |
OPENAI_API_KEY |
OpenAI |
ANTHROPIC_API_KEY |
Anthropic Claude |
For local servers:
| Variable | Description |
|---|---|
OLLAMA_HOST |
Ollama server URL (default: http://localhost:11434) |
AEGIS_LOCAL_OPENAI_URL |
Any OpenAI-compatible server URL |
AEGIS_LLM_PROVIDER |
Force a specific provider: openai, gemini, claude, ollama, local_openai |
We've established personas for code repositories that run with our deterministic checks, no LLM is required. Get to know our code personas:
Vibe Check Personas
Aegis assigns each scanned skill a persona based on deterministic analysis. The Vibe Check shows one of these:
๐ฅ Cracked Dev
10x engineer energy. Clean code, smart patterns, minimal permissions. The kind of skill you'd want to maintain.
โ
LGTM
Looks good to me. Permissions match the intent, scopes are sane, nothing weird. Ship it.
๐ Trust Me Bro
Polished on the outside, suspicious on the inside. Docs vs code mismatch or unusual permissions. Trust, but verify.
๐ค You Sure About That?
The intern special. Messy code, missing pieces, docs that overpromise. No malicious intent, but it needs a real review.
๐ Co-Dependent Lover
Tiny logic, huge dependency tree. Loves node_modules. Supply chain risk is real here.
๐บ Permission Goblin
Wants everything: filesystem, network, secrets, the kitchen sink. Over-scoped and worth a closer look.
๐ Spaghetti Monster
Unreadable chaos. High complexity, hard to follow. Good luck auditing this.
๐ The Snake
Warning: This code might look clean, but it isn't. Do not use this skill, it is malicious by design.
Example Output
This is actual Aegis output from scanning a skill, this is with the llm set-up and the --verbose details. This is the actual OpenClaw skill that I used for this test: https://clawhub.ai/alirezarezvani/senior-data-scientist
โญโ Aegis Security Audit โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโฎ
โ AEGIS SECURITY AUDIT โ
โ Target: C:\Users\TEST โ
โ Files: 8 (3 Python, 1 config, 4 other) โ
โ Source: directory โ
โ Mode: AST + LLM (gemini) โ
โฐโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโฏ
โญโ Vibe Check โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโฎ
โ ๐ค You Sure About That? โ
โ The intern special. Messy code, missing pieces, โ
โ docs that overpromise. No malicious intent, but it โ
โ needs a real review. โ
โ โ
โ ####---------------- 22/100 - LOW - minor observations โ
| only โ
โ โ
โ Aegis scored this skill 22/100. The code requests โ
โ minimal permissions and nothing looks unusual. The โ
โ documentation makes claims that don't align with what โ
โ Aegis found in the actual code. This mismatch is the โ
โ most important thing to investigate. Messy code: 1 โ
โ missing file ref(s); docs claim production-grade but โ
โ code is minimal. No malicious intent detected, but this โ
โ needs a code review. โ
โฐโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโฏ
โญโ Trust Analysis โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโฎ
โ Aegis cross-referenced SKILL.md against the actual โ
โ code. โ
โ โ
โ [ALERT] The description claims โ
โ capabilities that don't match what the code provides - โ
โ 5 mismatch(es) found. โ
โ Claimed cloud: aws, gcp, azure โ
โ Cloud CLIs in code: none โ
โ Claimed containers: docker, kubernetes, k8s, โ
โ helm, deployment โ
โ Container files in manifest: none โ
โ ... and 2 more โ
โ -> This mismatch suggests the skill either โ
โ won't work as advertised without extra setup that โ
โ isn't included, or the description is overstating โ
โ what the skill actually does. Either way, the โ
โ skill's documentation is not trustworthy โ
โ as-is. โ
โ โ
โ [ALERT] The SKILL.md references โ
โ 13 file(s) or path(s) that don't exist in the package. โ
โ Files referenced but missing: ./charts/, โ
โ config.yaml, data/, k8s/, prod.yaml, project/, โ
โ results/, scripts/, scripts/evaluate.py, โ
โ scripts/health_check.py โ
โ Files referenced and present: โ
โ references/experiment_design_frameworks.md, โ
โ references/feature_engineering_patterns.md, โ
โ references/statistical_methods_advanced.md, โ
โ scripts/experiment_designer.py, โ
โ scripts/feature_engineering_pipeline.py โ
โ Commands referenced: aws, bash, docker, go, โ
โ helm, kubectl, pytest, python โ
โ -> This means the instructions will cause โ
โ the AI agent to look for files that aren't there. โ
โ The agent may then try to find them elsewhere on โ
โ your system, download them, or create them - all of โ
โ which happen outside the skill's controlled โ
โ scope โ
โ โ
โ [WARN] The skill advertises โ
โ credential-heavy integrations but declares no required โ
โ credentials. โ
โ Integrations needing credentials: aws, gcp, โ
โ azure, postgres, postgresql, database, prometheus, โ
โ monitoring โ
โ Code reads secrets: no โ
โ Code reads env vars: no โ
โ โ
โ [OK] Typical configuration - โ
โ not always-on, not force-installed. โ
โ โ
โ [INFO] No formal install spec, โ
โ but the package includes 3 executable script(s). โ
โ Python scripts: 3 โ
โ Shell scripts: 0 โ
โ โ
โ [INFO] No tool declarations to โ
โ verify; code doesn't invoke external binaries. โ
โ No declared or detected binaries โ
โฐโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโฏ
โญโโโโโโโโโโโโโโโโโโโโโโโโ AI Analysis โโโโโโโโโโโโโโโโโโโโโโโโโฎ
โ I'm looking at the rap sheet hereโthree counts of โ
โ `system:sysinfo` with unresolved scopesโbut the actual โ
โ code snippets seem to be missing from the dossier! That โ
โ puts me in a bit of a bind for a full forensic โ
โ analysis. However, looking purely at the metadata: โ
โ triggering `system:sysinfo` with an `UNRESOLVED` scope โ
โ usually means the code is accessing system details โ
โ (like `os.uname()`, `platform.system()`, or โ
โ `sys.platform`) via dynamic methods (like โ
โ `getattr(platform, var)`) rather than direct calls. โ
โ โ
โ While system fingerprinting is often step one for โ
โ malware (to tailor the payload), it's also common in โ
โ legitimate cross-platform tools. Without seeing the โ
โ code, I can't confirm if this is clever engineering or โ
โ an evasion attempt, but purely accessing system info is โ
โ generally low-risk compared to file or network access. โ
โฐโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโฏ
โญโ Findings โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโฎ
โ [OK] Permissions: minimal. No โ
โ high-risk API usage detected. โ
โฐโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโฏ
โญโ Capabilities โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโฎ
โ Permissions: minimal. No high-risk APIs (network, โ
โ subprocess, credentials) detected. See โ
โ aegis_report.json. โ
โฐโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโฏ
โญโ Before You Install โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโฎ
โ 1. Pin to a specific version: install โ
โ from a tagged release or commit hash, not 'latest'. โ
โ 2. Check the developer's reputation: look โ
โ at their profile, other published skills, and community โ
โ activity. โ
โ 3. Read the SKILL.md: confirm the skill โ
โ does what you need and the documentation matches the โ
โ code. โ
โฐโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโฏ
โญโ Verbose Risk Briefs โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโฎ
โ Credential & secret access โ
โ None detected. No hardcoded secrets, credential-store โ
โ access, or env-var reads found. โ
โ โ
โ Program execution โ
โ None detected. No subprocess, shell, or external binary โ
โ invocations found. โ
โ โ
โ System-level access โ
โ None detected. No platform/sysinfo calls or signal โ
โ handlers found. โ
โ โ
โ Supply chain risk โ
โ None detected. No combination of subprocess + โ
โ unrecognized binaries. โ
โฐโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโฏ
โญโ Combination Risks โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโฎ
โ No dangerous capability combinations detected. โ
โฐโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโฏ
โญโ External Programs โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโฎ
โ No external programs invoked. โ
โฐโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโฏ
โญโ Sensitive Path Violations โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโฎ
โ No sensitive path violations. โ
โฐโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโฏ
โญโ Scan Complete โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโฎ
โ Report: โ
โ C:\Users\TEST\aegis_report.json โ
โ This was a read-only scan. Run aegis โ
โ lock to generate a signed lockfile. โ
โฐโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโฏ
Here is an example of the scan with no AI enabled:
โญโ Aegis Security Audit โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโฎ
โ AEGIS SECURITY AUDIT โ
โ Target: C:\Users\TEST โ
โ Files: 8 (3 Python, 1 config, 4 other) โ
โ Source: directory โ
โ Mode: AST-only โ
โฐโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโฏ
โญโ Vibe Check โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโฎ
โ ๐ค You Sure About That? โ
โ The intern special. Messy code, missing pieces, โ
โ docs that overpromise. No malicious intent, but it โ
โ needs a real review. โ
โ โ
โ ####---------------- 22/100 - LOW - minor observations โ
โ only โ
โ โ
โ Aegis scored this skill 22/100. The code requests โ
โ minimal permissions and nothing looks unusual. The โ
โ documentation makes claims that don't align with what โ
โ Aegis found in the actual code. This mismatch is the โ
โ most important thing to investigate. Messy code: 1 โ
โ missing file ref(s); docs claim production-grade but โ
โ code is minimal. No malicious intent detected, but this โ
โ needs a code review. โ
โฐโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโฏ
โญโ Trust Analysis โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโฎ
โ Aegis cross-referenced SKILL.md against the actual โ
โ code. โ
โ โ
โ [ALERT] The description claims โ
โ capabilities that don't match what the code provides - โ
โ 5 mismatch(es) found. โ
โ Claimed cloud: aws, gcp, azure โ
โ Cloud CLIs in code: none โ
โ Claimed containers: docker, kubernetes, k8s, โ
โ helm, deployment โ
โ Container files in manifest: none โ
โ ... and 2 more โ
โ -> This mismatch suggests the skill either โ
โ won't work as advertised without extra setup that โ
โ isn't included, or the description is overstating โ
โ what the skill actually does. Either way, the โ
โ skill's documentation is not trustworthy โ
โ as-is. โ
โ โ
โ [ALERT] The SKILL.md references โ
โ 13 file(s) or path(s) that don't exist in the package. โ
โ Files referenced but missing: ./charts/, โ
โ config.yaml, data/, k8s/, prod.yaml, project/, โ
โ results/, scripts/, scripts/evaluate.py, โ
โ scripts/health_check.py โ
โ Files referenced and present: โ
โ references/experiment_design_frameworks.md, โ
โ references/feature_engineering_patterns.md, โ
โ references/statistical_methods_advanced.md, โ
โ scripts/experiment_designer.py, โ
โ scripts/feature_engineering_pipeline.py โ
โ Commands referenced: aws, bash, docker, go, โ
โ helm, kubectl, pytest, python โ
โ -> This means the instructions will cause โ
โ the AI agent to look for files that aren't there. โ
โ The agent may then try to find them elsewhere on โ
โ your system, download them, or create them - all of โ
โ which happen outside the skill's controlled โ
โ scope โ
โ โ
โ [WARN] The skill advertises โ
โ credential-heavy integrations but declares no required โ
โ credentials. โ
โ Integrations needing credentials: aws, gcp, โ
โ azure, postgres, postgresql, database, prometheus, โ
โ monitoring โ
โ Code reads secrets: no โ
โ Code reads env vars: no โ
โ โ
โ [OK] Typical configuration - โ
โ not always-on, not force-installed. โ
โ โ
โ [INFO] No formal install spec, โ
โ but the package includes 3 executable script(s). โ
โ Python scripts: 3 โ
โ Shell scripts: 0 โ
โ โ
โ [INFO] No tool declarations to โ
โ verify; code doesn't invoke external binaries. โ
โ No declared or detected binaries โ
โฐโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโฏ
โญโ Findings โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโฎ
โ [OK] Permissions: minimal. No โ
โ high-risk API usage detected. โ
โฐโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโฏ
โญโ Capabilities โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโฎ
โ Permissions: minimal. No high-risk APIs (network, โ
โ subprocess, credentials) detected. See โ
โ aegis_report.json. โ
โฐโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโฏ
โญโ Before You Install โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโฎ
โ 1. Pin to a specific version: install โ
โ from a tagged release or commit hash, not 'latest'. โ
โ 2. Check the developer's reputation: look โ
โ at their profile, other published skills, and community โ
โ activity. โ
โ 3. Read the SKILL.md: confirm the skill โ
โ does what you need and the documentation matches the โ
โ code. โ
โฐโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโฏ
โญโ Scan Complete โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโฎ
โ Report: โ
โ C:\Users\mhube\aegis_report.json โ
โ This was a read-only scan. Run aegis โ
โ lock to generate a signed lockfile. โ
โฐโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโฏ
What Gets Scanned
| Scanner | What It Detects |
|---|---|
| AST Parser | 750+ Python function/method patterns across 15+ categories |
| Semgrep Rules | 80+ regex rules for Python, JavaScript, and secrets |
| Secret Scanner | API keys, tokens, private keys, connection strings (30+ patterns) |
| Shell Analyzer | Pipe-to-shell, reverse shells, inline exec |
| JS Analyzer | XSS, eval, prototype pollution, dynamic imports |
| Dockerfile Analyzer | Privilege escalation, secrets in ENV/ARG, unpinned images |
| Config Analyzer | Dangerous settings in YAML, JSON, TOML, INI |
| Social Engineering | Misleading filenames, Unicode tricks, trust manipulation |
| Steganography | Hidden payloads in images, homoglyph attacks |
| Shadow Module Detector | Stdlib-shadowing files (os.py, sys.py in the skill) |
| Combo Analyzer | Multi-capability attack chains (exfiltration, C2, ransomware) |
| Taint Analysis | Source-to-sink data flows (commands, URLs, SQL, paths) |
| Complexity Analyzer | Cyclomatic complexity warnings for hard-to-audit functions |
| Skill Meta Analyzer | SKILL.md vs. actual code cross-referencing |
| Persona Classifier | Overall trust profile (LGTM, Permission Goblin, etc.) |
Use as an MCP Server
Aegis runs as an MCP server for Cursor, Claude Desktop, and any MCP-compatible client. Three tools are exposed: scan_skill, verify_lockfile, and list_capabilities.
Add to Cursor
Add this to your .cursor/mcp.json:
{
"mcpServers": {
"aegis": {
"command": "aegis",
"args": ["mcp-serve"]
}
}
}
Or generate it automatically:
aegis mcp-config
Add to Claude Desktop
Add the same block to your Claude Desktop MCP config. Aegis uses stdio transport โ no network server needed.
Use as a Cursor Skill (ClawHub)
Aegis is available as a skill on ClawHub. Install it and your agent will automatically audit skills before enabling them.
See SKILL.md for the full skill specification.
JSON Output for CI
# Full JSON report to stdout
aegis scan --json --no-llm
# Pipe into jq to extract the risk score
aegis scan --json --no-llm | jq '.deterministic.risk_score_static'
# Fail CI if risk > 50
aegis scan --json --no-llm | jq -e '.deterministic.risk_score_static <= 50'
The JSON report contains two payloads:
- Deterministic โ Merkle tree, capabilities, findings, risk score (reproducible, signed)
- Ephemeral โ LLM analysis, risk adjustment (non-deterministic, not signed)
Architecture
aegis scan ./skill
โ
โโโ coordinator.py โ File discovery (git-aware / directory walk)
โโโ ast_parser.py โ AST analysis + pessimistic scope extraction
โโโ secret_scanner.py โ 30+ secret patterns
โโโ shell_analyzer.py โ Dangerous shell patterns
โโโ js_analyzer.py โ JS/TS vulnerability patterns
โโโ config_analyzer.py โ YAML/JSON/TOML/INI risky settings
โโโ combo_analyzer.py โ Multi-capability attack chains
โโโ taint_analyzer.py โ Sourceโsink data flow tracking
โโโ binary_detector.py โ External binary classification
โโโ social_eng_scanner โ Social engineering detection
โโโ stego_scanner โ Steganography + homoglyphs
โโโ hasher.py โ Lazy Merkle tree
โโโ signer.py โ Ed25519 signing
โโโ rule_engine.py โ Policy evaluation
โโโ reporter/ โ JSON + Rich console output
โ
โผ
aegis_report.json + aegis.lock
For Skill Developers
Building a skill? See the Skill Developer Best Practices guide for how to make your skills auditable, trustworthy, and easy to verify.
Run Aegis on your own skill before publishing:
cd ./my-skill
aegis scan --no-llm -v
Fix PROHIBITED findings. Document RESTRICTED ones. Ship with an aegis.lock:
aegis lock
Project Structure
aegis-audit/
โโโ aegis-core/ # Python package (pip install aegis-audit)
โ โโโ aegis/ # Source code
โ โ โโโ cli.py # CLI entry point
โ โ โโโ mcp_server.py # MCP server
โ โ โโโ scanner/ # All 15+ analyzers
โ โ โโโ crypto/ # Hasher + signer
โ โ โโโ models/ # Pydantic models
โ โ โโโ policy/ # Rule engine
โ โ โโโ reporter/ # Output formatters
โ โโโ tests/ # Test suite
โ โโโ pyproject.toml # Package config
โ โโโ README.md # Detailed CLI reference
โโโ docs/ # Governance & operational docs
โ โโโ CHANGELOG.md
โ โโโ SKILL_DEVELOPER_GUIDE.md
โ โโโ INCIDENT_RESPONSE.md
โ โโโ BCP_DR.md
โ โโโ RISK_REGISTER.md
โ โโโ VENDOR_RISK.md
โโโ scripts/ # Batch scanning utilities
โโโ .github/ # CI + issue templates
โโโ SKILL.md # ClawHub skill specification
โโโ LICENSE # AGPL-3.0
โโโ LICENSING.md # Dual license details
License
Aegis is dual-licensed:
- Open Source: AGPL-3.0 โ free to use, modify, and distribute. Network service deployments must release source.
- Commercial: Proprietary license available for embedding in proprietary products, running without source disclosure, SLAs, and support.
See LICENSING.md for full details. For enterprise inquiries: miki@launchloop.xyz.
Contributing
Contributions welcome. By contributing, you agree to the Contributor License Agreement.
cd aegis-core
pip install -e ".[dev]"
pytest
Python 3.11+ required | No network access needed for deterministic scans | Works offline
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
aegis_audit-0.1.3.tar.gz
(191.1 kB
view details)
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
aegis_audit-0.1.3-py3-none-any.whl
(216.7 kB
view details)
File details
Details for the file aegis_audit-0.1.3.tar.gz.
File metadata
- Download URL: aegis_audit-0.1.3.tar.gz
- Upload date:
- Size: 191.1 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.12.3
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
c641b49faf3a74b03db5535d9f78acf7c5190caf98f21cf90e8bca9ed8f9a8c2
|
|
| MD5 |
37d747ba3c7afc40aeb760e4cec07ee2
|
|
| BLAKE2b-256 |
8c11f6e6985e7aeeaa00c68b83456b894a4ac67f8a15c71e826ab32bb8fa0703
|
File details
Details for the file aegis_audit-0.1.3-py3-none-any.whl.
File metadata
- Download URL: aegis_audit-0.1.3-py3-none-any.whl
- Upload date:
- Size: 216.7 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.12.3
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
74de3bb6a2d88d015cb589b1efe728215590235ae941b3ed8a99f9d0f482a993
|
|
| MD5 |
8785fb1cbad3f2dddd2b803933866e3e
|
|
| BLAKE2b-256 |
cace6b640ad88eb92440ee9ae5583e82c5a5f704ae46e3d14b6ab109ac9754a8
|
