Skip to content

bawbel/bawbel.github.io

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

29 Commits
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

Bawbel logo

Bawbel

The security layer for agentic AI.

Open-source tools for scanning MCP servers, skill files, and agent components before they reach production. Free forever. Apache 2.0.

Scanner Downloads AVE Records License


What we build

Repo What it is
bawbel/scanner CLI scanner for agentic AI components -- SKILL.md files, MCP servers, system prompts. Confidence and evidence metadata on every finding.
bawbel/ave AVE -- the behavioral classification standard for agentic AI components. 51 published records, scored with OWASP AIVSS v0.8, mapped to OWASP MCP Top 10 and MITRE ATLAS.
bawbel/piranha-api Free, no-auth REST API serving the full AVE record set and threat intelligence.
bawbel/integrations GitHub Action, VS Code extension, and pre-commit hooks.

Quick start

pip install "bawbel-scanner[all]"
bawbel scan ./skills/

The problem

Skill files, MCP server manifests, and system prompts are executable instructions, not documentation. Any process that loads them runs them. There is no compiler, no sandbox, no type checker. The runtime is an LLM that reads natural language and acts on it.

Your CI pipeline scans dependencies for known package vulnerabilities. It does not scan your SKILL.md for prompt injection. Bawbel fixes that, scored against a shared behavioral classification standard rather than a one-off internal taxonomy.


Links

bawbel.io  ·  docs  ·  AVE registry  ·  PiranhaDB  ·  OWASP AIVSS  ·  @bawbel_io

Releases

No releases published

Packages

 
 
 

Contributors

Languages