Skip to content

v0.16.3

Marketplace
Marketplace

Choose a tag to compare

View all tags
@pezhik pezhik released this 17 Jun 15:46
· 23 commits to main since this release
v0.16.3
8d91eff

SkillTotal statically scans AI components — MCP servers, agent skills/plugins, npm/PyPI
packages, and repositories — for supply-chain risk, dangerous capabilities, prompt-injection
surfaces, and data-exfiltration paths. Deterministic (regex + AST, no LLM), offline, and
evidence-anchored (every finding points at an exact file:line). Uploads SARIF to GitHub Code
Scanning and fails the build on high/critical findings.

Usage

- uses: pezhik/skilltotal@v0.16.3
  with:
    source: .          # a path, a git URL, or an npm:/pypi:<name> spec
    fail-on: high      # fail on a high/critical finding (or 'none')

Highlights (since 0.15)

  • E-mail/SMTP exfiltration channel — catches mail backdoors (e.g. constant-BCC).
  • .pth auto-exec, shell decode-and-exec / curl | bash, defense-evasion idioms, and install-time dropper correlation.
  • MCP: over-broad scope detection + mapping to the OWASP MCP Security Cheat Sheet.
  • Data-flow: lethal-trifecta and malicious-indicator convergence findings.

Changelog: https://github.com/pezhik/skilltotal/blob/main/CHANGELOG.md

Assets 2
Loading