The security layer for agentic AI.
Open-source tools for scanning MCP servers, skill files, and agent components before they reach production. Free forever. Apache 2.0.
| Repo | What it is |
|---|---|
| bawbel/scanner | CLI scanner for agentic AI components -- SKILL.md files, MCP servers, system prompts. Confidence and evidence metadata on every finding. |
| bawbel/ave | AVE -- the behavioral classification standard for agentic AI components. 51 published records, scored with OWASP AIVSS v0.8, mapped to OWASP MCP Top 10 and MITRE ATLAS. |
| bawbel/piranha-api | Free, no-auth REST API serving the full AVE record set and threat intelligence. |
| bawbel/integrations | GitHub Action, VS Code extension, and pre-commit hooks. |
pip install "bawbel-scanner[all]"
bawbel scan ./skills/Skill files, MCP server manifests, and system prompts are executable instructions, not documentation. Any process that loads them runs them. There is no compiler, no sandbox, no type checker. The runtime is an LLM that reads natural language and acts on it.
Your CI pipeline scans dependencies for known package vulnerabilities. It does not scan your SKILL.md for prompt injection. Bawbel fixes that, scored against a shared behavioral classification standard rather than a one-off internal taxonomy.
bawbel.io · docs · AVE registry · PiranhaDB · OWASP AIVSS · @bawbel_io