Offline security scanner for AI-agent repos, skills, plugins, and MCP servers.
Repo Forensics is easy to set up with strong trust signals. Check agent compatibility and use-case fit before adding it to your workflow.
gh repo view alexgreensh/repo-forensics --webOpen the official repository or website.
Check the README for package manager, auth, and platform requirements.
Try it in a small test task inside your agent workflow.
Repo Forensics scans AI agent plugins and skills for security threats before you install them. It works fully offline, has no dependencies, and doesn't send any data to the internet. It checks for malware, suspicious patterns, and known vulnerabilities.
Repo Forensics is a comprehensive offline security scanner designed for AI-agent ecosystems. It audits repositories, plugins, skills, and MCP servers before they are integrated into your agent. With 20 built-in scanners and over 800 detection patterns, it identifies malicious code, suspicious behaviors, and supply-chain risks. The tool integrates seamlessly with Claude Code, Codex CLI, OpenClaw, Cursor, and NanoClaw, providing auto-scan hooks on install. It features zero dependencies, zero telemetry, and works entirely offline. Key capabilities include: static analysis of Python, JavaScript, and shell scripts; detection of obfuscated code, base64-encoded payloads, and suspicious imports; scanning for known CVE and CISA KEV vulnerabilities; correlation rules to link multiple indicators; and package IOC matching. It is ideal for developers who want to vet third-party agent extensions before use.
Strong trust signals; still review the README and permissions before production use.
Last commit was about 1 days ago.
97 GitHub stars indicate community interest.
1 open issues signal maintenance load.
NOASSERTION license detected.
Audit a third-party MCP server before adding it to your agent
Scan a Claude Code skill repository for malware before installation
Check a plugin for suspicious network calls or data exfiltration
Verify the integrity of an open-source agent skill before deployment
Automate security scanning in CI/CD pipelines for agent extensions
The tool itself is safe and has no telemetry, but scanning untrusted repos may trigger malware if executed; always scan in an isolated environment.
97
Stars
15
Forks
1
Issues
NOASSERTION
License
Run large language models locally with a simple CLI. Supports Llama, Mistral, Gemma, and 100+ models with one command.
Universal memory layer for AI agents that enables personalized, context-aware interactions.
An open-source framework to turn HTML, CSS, and animations into deterministic MP4 videos.
1 security/trust notes recorded.
Setup difficulty is 2/5.