with one click
vet-repo
Scan repository agent configuration files for known malicious patterns
Install with Codex or Claude Copy this prompt, paste it into Codex, Claude, or another assistant, and let it review the skill page and install it for you.
Menu
Scan repository agent configuration files for known malicious patterns
Install with Codex or Claude Copy this prompt, paste it into Codex, Claude, or another assistant, and let it review the skill page and install it for you.
Based on SOC occupation classification
| name | vet-repo |
| description | Scan repository agent configuration files for known malicious patterns |
| disable-model-invocation | true |
| allowed-tools | Read, Glob, Grep, Bash |
| context | fork |
Scan all agent configuration files in a repository for known malicious patterns. Use this when entering an unfamiliar codebase to assess agent-level security risks before trusting the repo's configurations.
Run the scanner script against the current project root:
python3 "$SKILL_DIR/scripts/vet_repo.py" "$PROJECT_ROOT"
Where $SKILL_DIR is the directory containing this SKILL.md, and $PROJECT_ROOT is the root of the repository being scanned.
.claude/settings.json -- hook configs (auto-approve, stop loops, env persistence).claude/skills/ -- all SKILL.md files (hidden comments, curl|bash, persistence triggers).mcp.json -- MCP server configs (unknown URLs, env var expansion, broad tools)AGENTS.md, CLAUDE.md, GEMINI.md, .claude/rules/*.md, .github/copilot-instructions.md, .github/instructions/*.instructions.md, Cursor rules, Windsurf rules, and .clinerulesStructured report with findings grouped by severity (CRITICAL, HIGH, MEDIUM, LOW, INFO) and actionable recommendations for each finding.
.claude/ or .mcp.jsonThis repository includes PreToolUse hooks in .claude/settings.json that warn on
dangerous Bash commands (pipe-to-shell, rm -rf /, chmod 777, eval with variables,
base64-to-execution) and sensitive file writes (.ssh/, .aws/, .gnupg/, shell
profiles, settings.json).
These hooks are advisory only -- they produce warning messages but do not block execution. An agent or user can proceed past the warning.
PreToolUse blocking requires returning
hookSpecificOutput.permissionDecision: "deny" or "ask" instead of only showing a warning message.claude/settings.json for the current hook definitions