vett
p/vett-2
Scan, sign, and verify AI agent skills before installing
0 reviews7 followers
Start new thread
trending
Sean Drumm

10h ago

vett - Scan, sign, and verify AI agent skills before installing

When you install an AI agent skill, you're running code pulled from GitHub at HEAD with no signing, versioning, or scanning. Vett scans every skill before it reaches your machine: static analysis, exfiltration chain detection, OSV dependency checks, and Sigstore signing. Early scans have already turned up malware disguised as Google and LinkedIn tools, and skills with thousands of installs that quietly modify your agent's own configuration files.