Static Analysis for LLM Agent Skills

Navigation

Verified details

These details have been verified by PyPI
Maintainers
Avatar for theinfosecguy from gravatar.com theinfosecguy

Unverified details

These details have not been verified by PyPI
Meta
  • Requires: Python >=3.12
Report project as malware

Project description

Razin - Static Analysis for LLM Agent Skills

razin

Razin is a local scanner for SKILL.md-defined agent skills. It performs static analysis only (no execution) and writes deterministic JSON reports.

Table of Contents

Requirements

  • Python 3.12+

Install

pip install razin

Verify:

razin --help

Usage

Basic scan:

razin scan -r . -o output/

Custom rules directory:

razin scan -r . -R ./enterprise-rules -o output/

Single rule file:

razin scan -r . -f ./enterprise-rules/net_unknown_domain.yaml -o output/

Multiple rule files:

razin scan -r . \
  -f ./enterprise-rules/net_unknown_domain.yaml \
  -f ./enterprise-rules/mcp_endpoint.yaml \
  -o output/

Long-form equivalent (for scripts and clarity):

razin scan --root . --output-dir output/ --profile strict --no-cache

CLI flags:

  • -r, --root <path>: workspace root to scan
  • -o, --output-dir <path>: output root for findings and summaries
  • -c, --config <file>: optional config file path (defaults to <root>/razin.yaml)
  • -m, --mcp-allowlist <domain-or-url>: optional repeatable MCP endpoint/domain allowlist override
  • -p, --profile <strict|balanced|audit>: policy profile
  • -R, --rules-dir <path>: load all custom *.yaml DSL rules from this directory
  • -f, --rule-file <path>: load specific custom *.yaml DSL rule file (repeatable)
  • -n, --no-cache: disable cache reads/writes
  • -v, --verbose: show cache stats and diagnostics
  • --rules-mode <replace|overlay>: rule composition mode (default: replace)
  • --duplicate-policy <error|override>: duplicate rule_id handling in overlay mode (default: error)
  • --max-file-mb <n>: skip files larger than n MB
  • --output-format json: reserved for future formats (currently only json)
  • --no-stdout: silence stdout output
  • --no-color: disable colored output

Rules source behavior:

  • Default mode (no custom flags): bundled rules under src/razin/dsl/rules/
  • Custom directory mode: --rules-dir replaces bundled rules for that scan
  • Custom file mode: one or more --rule-file values replace bundled rules for that scan
  • --rules-dir and --rule-file are mutually exclusive
  • Invalid path, invalid extension, duplicate rule_id, and invalid YAML fail fast

Rule composition with --rules-mode:

  • replace (default): custom source replaces bundled rules entirely
  • overlay: bundled rules are loaded first, then custom rules are merged in

Overlay duplicate handling:

  • By default (--duplicate-policy error), a custom rule with the same rule_id as a bundled rule causes a clear error
  • With --duplicate-policy override, the custom rule replaces the bundled rule

Overlay examples:

# Merge enterprise rules on top of bundled rules
razin scan -r . -R ./enterprise-rules --rules-mode overlay -o output/

# Override a specific bundled rule
razin scan -r . -f ./custom_auth.yaml --rules-mode overlay --duplicate-policy override -o output/

Workflow

Python (Primary)

Use the local Python/uv workflow for day-to-day development:

uv run razin scan -r . -o output/
uv run pytest -q
uv run ruff check src tests
uv run mypy src tests

Docker (Optional)

Prerequisites:

  • Docker Desktop (macOS/Windows) or Docker Engine (Linux)

Build runtime image:

docker build -t razin:local .

Run scanner in Docker:

docker run --rm razin:local --help
docker run --rm razin:local scan --help

docker run --rm \
  -v "$(pwd)":/work \
  -w /work \
  razin:local \
  scan --root /work --output-dir /work/output/docker

Config File

Create razin.yaml in scan root (or pass with --config):

allowlist_domains:
  - api.openai.com
denylist_domains:
  - "*"
mcp_allowlist_domains:
  - rube.app
mcp_denylist_domains:
  - blocked.example.com
tool_prefixes:
  - RUBE_
  - MCP_
detectors:
  enabled:
    - NET_RAW_IP
    - NET_UNKNOWN_DOMAIN
    - SECRET_REF
    - EXEC_FIELDS
    - OPAQUE_BLOB
    - TYPOSQUAT
    - BUNDLED_SCRIPTS
    - MCP_REQUIRED
    - MCP_ENDPOINT
    - MCP_DENYLIST
    - TOOL_INVOCATION
    - DYNAMIC_SCHEMA
    - AUTH_CONNECTION
    - EXTERNAL_URLS
  disabled: []
typosquat:
  baseline:
    - openai-helper
skill_globs:
  - "**/SKILL.md"
max_file_mb: 2

Outputs

Per skill, RAZIN writes:

  • output/<skill-name>/findings.json
  • output/<skill-name>/summary.json

Cache file:

  • output/.razin-cache.json

Skill name derivation precedence:

  1. Frontmatter name (if present)
  2. Nearest folder containing SKILL.md
  3. Sanitized relative path from scan root

Project details

Verified details

These details have been verified by PyPI
Maintainers
Avatar for theinfosecguy from gravatar.com theinfosecguy

Unverified details

These details have not been verified by PyPI
Meta
  • Requires: Python >=3.12

Release history Release notifications | RSS feed

1.5.0

1.4.0

1.3.2

1.3.1

1.3.0

1.2.0

1.1.1

1.1.0

1.0.2

This version

1.0.1

1.0.0

0.2.0

0.1.0

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

razin-1.0.1.tar.gz (95.4 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

razin-1.0.1-py3-none-any.whl (77.8 kB view details)

Uploaded Python 3

File details

Details for the file razin-1.0.1.tar.gz.

File metadata

  • Download URL: razin-1.0.1.tar.gz
  • Upload date:
  • Size: 95.4 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.7

File hashes

Hashes for razin-1.0.1.tar.gz
Algorithm Hash digest
SHA256 a891ee2bfb9b0b4d2f6d929b407dd1015c71b0e848b36e06688529ea4938e54d
MD5 df5c35b968195b7ac17da88ec716a7a3
BLAKE2b-256 1c071be20ef49490e8cd9fe7cc2504f7c44cdeae80a233d43ff1c873ce1cad0f

See more details on using hashes here.

Provenance

The following attestation bundles were made for razin-1.0.1.tar.gz:

Publisher: release-pypi.yml on theinfosecguy/razin

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file razin-1.0.1-py3-none-any.whl.

File metadata

  • Download URL: razin-1.0.1-py3-none-any.whl
  • Upload date:
  • Size: 77.8 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.7

File hashes

Hashes for razin-1.0.1-py3-none-any.whl
Algorithm Hash digest
SHA256 3d85f63ce760a67ed562cacbfc54959286c331ca83f5d0d1a031e18278753296
MD5 ace543ed86cbbb729c4ebaebbe9a15c7
BLAKE2b-256 b1635f93a7d541ef7f95afd51e5a7fecda031d735bbefbec7ee48d91c7ca3ce1

See more details on using hashes here.

Provenance

The following attestation bundles were made for razin-1.0.1-py3-none-any.whl:

Publisher: release-pypi.yml on theinfosecguy/razin

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page