com um clique
vet-repo
Scan repository agent configuration files for known malicious patterns
Instalar com Codex ou Claude Copie este prompt, cole no Codex, Claude ou outro assistente e deixe que ele revise a página da skill e instale para você.
Menu
Scan repository agent configuration files for known malicious patterns
Instalar com Codex ou Claude Copie este prompt, cole no Codex, Claude ou outro assistente e deixe que ele revise a página da skill e instale para você.
Baseado na classificação ocupacional SOC
| name | vet-repo |
| description | Scan repository agent configuration files for known malicious patterns |
| disable-model-invocation | true |
| allowed-tools | Read, Glob, Grep, Bash |
| context | fork |
Scan all agent configuration files in a repository for known malicious patterns. Use this when entering an unfamiliar codebase to assess agent-level security risks before trusting the repo's configurations.
Run the scanner script against the current project root:
python3 "$SKILL_DIR/scripts/vet_repo.py" "$PROJECT_ROOT"
Where $SKILL_DIR is the directory containing this SKILL.md, and $PROJECT_ROOT is the root of the repository being scanned.
.claude/settings.json -- hook configs (auto-approve, stop loops, env persistence).claude/skills/ -- all SKILL.md files (hidden comments, curl|bash, persistence triggers).mcp.json -- MCP server configs (unknown URLs, env var expansion, broad tools)AGENTS.md, CLAUDE.md, GEMINI.md, .claude/rules/*.md, .github/copilot-instructions.md, .github/instructions/*.instructions.md, Cursor rules, Windsurf rules, and .clinerulesStructured report with findings grouped by severity (CRITICAL, HIGH, MEDIUM, LOW, INFO) and actionable recommendations for each finding.
.claude/ or .mcp.jsonThis repository includes PreToolUse hooks in .claude/settings.json that warn on
dangerous Bash commands (pipe-to-shell, rm -rf /, chmod 777, eval with variables,
base64-to-execution) and sensitive file writes (.ssh/, .aws/, .gnupg/, shell
profiles, settings.json).
These hooks are advisory only -- they produce warning messages but do not block execution. An agent or user can proceed past the warning.
PreToolUse blocking requires returning
hookSpecificOutput.permissionDecision: "deny" or "ask" instead of only showing a warning message.claude/settings.json for the current hook definitions