Get the FREE Ultimate OpenClaw Setup Guide →
A

AIclude Security Scanner

Verified

@mastergear4824

npx machina-cli add skill @mastergear4824/aiclude-vulns-scan --openclaw
Files (1)
SKILL.md
1.7 KB

/security-scan - AICLUDE Vulnerability Scanner

Search the AICLUDE security scan database for vulnerability reports on MCP Servers and AI Agent Skills. If no report exists, the target is registered and scanned automatically.

Usage

/security-scan --name <package-name> [--type mcp-server|skill]

Parameters

  • --name: Package name to search (npm package, GitHub repo, etc.)
  • --type: Target type (mcp-server | skill) - auto-detected if omitted

Examples

/security-scan --name @anthropic/mcp-server-fetch
/security-scan --name my-awesome-skill --type skill

How It Works

  1. Sends the package name to the AICLUDE scan API
  2. If a scan report exists, returns it immediately
  3. If not, registers the target for scanning
  4. Waits for the scan to complete and returns the results
  5. Results are also viewable at https://vs.aiclude.com

Only the package name and type are sent. No source code or credentials are transmitted.

Output

  • Risk Level (CRITICAL / HIGH / MEDIUM / LOW / INFO)
  • Vulnerability List with locations and descriptions
  • Risk Assessment and remediation recommendations

Links

License

Apache 2.0 - AICLUDE Inc.

Source

git clone https://clawhub.ai/mastergear4824/aiclude-vulns-scanView on GitHub

Overview

AIclude Security Scanner lets you search the AICLUDE vulnerability database for reports on MCP servers and AI agent skills. If no report exists, the target is registered for automatic scanning and results are available in the web dashboard. This enables proactive security posture checks before deployment.

How This Skill Works

You provide the package name and optional type to /security-scan. The system queries the AICLUDE scan API; if a report exists, it returns immediately. If not, the target is registered for scanning and you later receive the results, which are also viewable at https://vs.aiclude.com. Only the package name and type are transmitted, with no source code or credentials sent.

When to Use It

  • Before deploying an MCP server package to production
  • When onboarding or updating an AI agent skill
  • During security audits of existing MCP servers and skills
  • In CI/CD workflows to auto-scan new packages by name
  • When performing a vulnerability risk assessment for a project

Quick Start

  1. Step 1: Run the command with the package name and optional type, e.g. /security-scan --name <package-name> [--type mcp-server|skill]
  2. Step 2: If a report exists, review immediately; if not, the target will be registered for scanning
  3. Step 3: Open https://vs.aiclude.com to view the results and dashboard details

Best Practices

  • Use the exact package name and type to ensure precise results
  • Review both the reported risk level and remediation recommendations
  • Rely on the web dashboard for detailed vulnerability lists
  • Re-scan periodically to catch newly disclosed vulnerabilities
  • Include scan results in security review reports and release notes

Example Use Cases

  • Run /security-scan --name @anthropic/mcp-server-fetch to check for MCP server vulnerabilities
  • Run /security-scan --name my-awesome-skill --type skill to assess a new AI agent skill
  • View the vulnerability list and risk assessment on the dashboard at https://vs.aiclude.com
  • Check a security-mcp package for known issues before deployment
  • Scan a skill and verify the remediation recommendations before release

Frequently Asked Questions

Add this skill to your agents
Sponsor this space

Reach thousands of developers