Raisin skill risk scanner
Project description
Razin
Razin is a local scanner for SKILL.md-defined agent skills.
It performs static analysis only (no execution) and writes deterministic JSON reports.
Requirements
- Python
3.12+
Install
pip install razin
Verify:
razin --help
Usage
Basic scan:
razin scan --root . --output-dir output/
Custom rules directory:
razin scan --root . --rules-dir ./enterprise-rules --output-dir output/
Single rule file:
razin scan --root . --rule-file ./enterprise-rules/net_unknown_domain.yaml --output-dir output/
Specific rule files:
razin scan --root . \
--rule-file ./enterprise-rules/net_unknown_domain.yaml \
--rule-file ./enterprise-rules/mcp_endpoint.yaml \
--output-dir output/
CLI flags:
--root <path>: workspace root to scan--output-dir <path>: output root for findings and summaries--config <file>: optional config file path (defaults to<root>/razin.yaml)--mcp-allowlist <domain-or-url>: optional repeatable MCP endpoint/domain allowlist override--engine <dsl>: detector engine (dslonly; removed values:legacy,optionc,default)--rules-dir <path>: load all custom*.yamlDSL rules from this directory--rule-file <path>: load specific custom*.yamlDSL rule file (repeatable)--no-cache: disable cache reads/writes--max-file-mb <n>: skip files larger thannMB--output-format json: reserved for future formats (currently onlyjson)
Rules source behavior:
- Default mode (no custom flags): bundled rules under
src/razin/dsl/rules/ - Custom directory mode:
--rules-dirreplaces bundled rules for that scan - Custom file mode: one or more
--rule-filevalues replace bundled rules for that scan --rules-dirand--rule-fileare mutually exclusive- Invalid path, invalid extension, duplicate
rule_id, and invalid YAML fail fast
Config File
Create razin.yaml in scan root (or pass with --config):
allowlist_domains:
- api.openai.com
denylist_domains:
- "*"
mcp_allowlist_domains:
- rube.app
mcp_denylist_domains:
- blocked.example.com
tool_prefixes:
- RUBE_
- MCP_
detectors:
enabled:
- NET_RAW_IP
- NET_UNKNOWN_DOMAIN
- SECRET_REF
- EXEC_FIELDS
- OPAQUE_BLOB
- TYPOSQUAT
- BUNDLED_SCRIPTS
- MCP_REQUIRED
- MCP_ENDPOINT
- MCP_DENYLIST
- TOOL_INVOCATION
- DYNAMIC_SCHEMA
- AUTH_CONNECTION
- EXTERNAL_URLS
disabled: []
typosquat:
baseline:
- openai-helper
skill_globs:
- "**/SKILL.md"
max_file_mb: 2
Outputs
Per skill, Razin writes:
output/<skill-name>/findings.jsonoutput/<skill-name>/summary.json
Cache file:
output/.razin-cache.json
Skill name derivation precedence:
- Frontmatter
name(if present) - Nearest folder containing
SKILL.md - Sanitized relative path from scan root
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file razin-0.2.0.tar.gz.
File metadata
- Download URL: razin-0.2.0.tar.gz
- Upload date:
- Size: 84.9 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: uv/0.7.19
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
d3c2b5ae84e5de034a743b465338b5399330a320ae49eb64ba164d274e5c5a9b
|
|
| MD5 |
0a1c99680e576660b0a9eae3845bc618
|
|
| BLAKE2b-256 |
0a1dac5452c397f37c3f55a47ffd2aa0e53674a89f5e880b451eba8576bbd343
|
File details
Details for the file razin-0.2.0-py3-none-any.whl.
File metadata
- Download URL: razin-0.2.0-py3-none-any.whl
- Upload date:
- Size: 72.8 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: uv/0.7.19
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
f3eae7379fc1b8e20711df5b10649b042981f4ddfe3353b452b0071fc736fa54
|
|
| MD5 |
deb3bae2f8ebb1595cc7fdecbf7dab7f
|
|
| BLAKE2b-256 |
2cc33989e1d2d375da8eab323979bdffae1766d05263e9df762370b1c010a387
|
