Deployment tool and support utility for AI context. Copies agents, skills, commands, rules, and behaviors into the paths each AI platform reads (Claude Code, Codex, Copilot, Cursor, Warp, OpenClaw, and 6 more) so one source of truth works across 10 platfo
D high
- capability exposureinferred+35
- recent driftinferred+12
- inherited (deps)attested+15
- tool safetyinferred+24
- trust mitigatorsmixed−14
attestedinferredmixed
The A–E grade is our heuristic synthesis — a "review this" prompt, not a verdict. Each factor is tagged by what backs it: attested (a verifiable record), reported (a third party's claim), or inferred (our own heuristic, e.g. permissions). See methodology.
graded 12m ago · see ecosystem CVEs →
Inferred surface — each links to servers holding it:
no known CVEs for this server.
inherited (deps) · grade factor +15
HIGH
@modelcontextprotocol/sdk has cross-client data leak via shared server/transport instance reuse
HIGH
Anthropic's MCP TypeScript SDK has a ReDoS vulnerability
HIGH
Model Context Protocol (MCP) TypeScript SDK does not enable DNS rebinding protection by default
- highdangerous code
env-secret-flows-to-network-js: A process environment value (often a secret/token) flows into a network call — possible credential exfiltration. (/tmp/obs-code-yGvQ7D/package/tools
- highdangerous code
suspicious bundled script in 1 file(s)
- highhidden prompt content
10 file(s) with hidden prompt content: package/agentic/code/frameworks/media-curator/skills/cover-art-embedding/SKILL.md (skill-exfil), package/agentic/code/frameworks/media-curat…
prompt-surface
shipped agent-instruction files + hidden-content / dangerous-code findings —
quoted from the analyzed source
analyzed v2026.6.0 · analyzer v17 · 1d ago
skills & prompt files 183
- ⚠ hidden: skill: skill-exfilpackage/agentic/code/frameworks/media-curator/skills/cover-art-embedding/SKILL.md:61
secret→sink: - ⚠ hidden: skill: skill-exfilpackage/agentic/code/frameworks/media-curator/skills/tag-collection/SKILL.md:105
secret→sink: # Fallback to fanart.tv if CAA unavailable - ⚠ hidden: skill: skill-exfilpackage/agentic/code/frameworks/sdlc-complete/skills/issue-update/SKILL.md:137
secret→sink: ```bash - ⚠ hidden: skill: skill-exfilpackage/agentic/code/frameworks/sdlc-complete/skills/regression-cicd-hooks/SKILL.md:541
secret→sink: -H "Authorization: token ${GITHUB_TOKEN}" \ - ⚠ hidden: skill: skill-exfilpackage/plugins/codex-sdlc/skills/issue-update/SKILL.md:124
secret→sink: ```bash - ⚠ hidden: skill: skill-exfilpackage/plugins/codex-sdlc/skills/regression-cicd-hooks/SKILL.md:541
secret→sink: -H "Authorization: token ${GITHUB_TOKEN}" \ - ⚠ hidden: skill: skill-exfilpackage/plugins/media-curator/skills/cover-art-embedding/SKILL.md:61
secret→sink: - ⚠ hidden: skill: skill-exfilpackage/plugins/media-curator/skills/tag-collection/SKILL.md:105
secret→sink: # Fallback to fanart.tv if CAA unavailable - ⚠ hidden: skill: skill-exfilpackage/plugins/sdlc/skills/issue-update/SKILL.md:124
secret→sink: ```bash - ⚠ hidden: skill: skill-exfilpackage/plugins/sdlc/skills/regression-cicd-hooks/SKILL.md:541
secret→sink: -H "Authorization: token ${GITHUB_TOKEN}" \
- skillpackage/agentic/code/addons/agent-loop/skills/agent-loop-ext/SKILL.md
- skillpackage/agentic/code/addons/agent-loop/skills/agent-loop/SKILL.md
- skillpackage/agentic/code/addons/agent-loop/skills/auto-test-execution/SKILL.md
- skillpackage/agentic/code/addons/agent-loop/skills/cross-task-learner/SKILL.md
- skillpackage/agentic/code/addons/agent-loop/skills/debug-memory/SKILL.md
- skillpackage/agentic/code/addons/agent-loop/skills/execute-feedback/SKILL.md
- skillpackage/agentic/code/addons/agent-loop/skills/infer-completion-criteria/SKILL.md
- skillpackage/agentic/code/addons/agent-loop/skills/mission-control/SKILL.md
- skillpackage/agentic/code/addons/agent-loop/skills/ralph-abort/SKILL.md
- skillpackage/agentic/code/addons/agent-loop/skills/ralph-analytics/SKILL.md
- skillpackage/agentic/code/addons/agent-loop/skills/ralph-attach/SKILL.md
- skillpackage/agentic/code/addons/agent-loop/skills/ralph-config/SKILL.md
- skillpackage/agentic/code/addons/agent-loop/skills/ralph-external/SKILL.md
- skillpackage/agentic/code/addons/agent-loop/skills/ralph-memory/SKILL.md
- skillpackage/agentic/code/addons/agent-loop/skills/ralph-reflect/SKILL.md
- skillpackage/agentic/code/addons/agent-loop/skills/ralph-resume/SKILL.md
- skillpackage/agentic/code/addons/agent-loop/skills/ralph-status/SKILL.md
- skillpackage/agentic/code/addons/agent-loop/skills/ralph/SKILL.md
- skillpackage/agentic/code/addons/agent-loop/skills/reflection-injection/SKILL.md
- skillpackage/agentic/code/addons/agentic-installer/skills/setup-generate/SKILL.md
- skillpackage/agentic/code/addons/agentic-installer/skills/setup-run/SKILL.md
- skillpackage/agentic/code/addons/agentic-installer/skills/setup-validate/SKILL.md
- skillpackage/agentic/code/addons/aiwg-dev/skills/dev-doctor/SKILL.md
- skillpackage/agentic/code/addons/aiwg-dev/skills/dev-mode-init/SKILL.md
- skillpackage/agentic/code/addons/aiwg-dev/skills/devkit-create-addon/SKILL.md
- skillpackage/agentic/code/addons/aiwg-dev/skills/devkit-create-agent/SKILL.md
- skillpackage/agentic/code/addons/aiwg-dev/skills/devkit-create-command/SKILL.md
- skillpackage/agentic/code/addons/aiwg-dev/skills/devkit-create-extension/SKILL.md
- skillpackage/agentic/code/addons/aiwg-dev/skills/devkit-create-framework/SKILL.md
- skillpackage/agentic/code/addons/aiwg-dev/skills/devkit-create-skill/SKILL.md
- skillpackage/agentic/code/addons/aiwg-dev/skills/devkit-test/SKILL.md
- skillpackage/agentic/code/addons/aiwg-dev/skills/devkit-validate/SKILL.md
- skillpackage/agentic/code/addons/aiwg-dev/skills/link-check/SKILL.md
- skillpackage/agentic/code/addons/aiwg-dev/skills/validate-addon/SKILL.md
- skillpackage/agentic/code/addons/aiwg-dev/skills/validate-component/SKILL.md
- skillpackage/agentic/code/addons/aiwg-evals/skills/eval-agent/SKILL.md
- skillpackage/agentic/code/addons/aiwg-evals/skills/eval-report/SKILL.md
- skillpackage/agentic/code/addons/aiwg-evals/skills/eval-workflow/SKILL.md
- prompt-filepackage/agentic/code/addons/aiwg-utils/prompts/README.md
- skillpackage/agentic/code/addons/aiwg-utils/skills/activity-log/SKILL.md
- skillpackage/agentic/code/addons/aiwg-utils/skills/add-agent/SKILL.md
- skillpackage/agentic/code/addons/aiwg-utils/skills/add-behavior/SKILL.md
- skillpackage/agentic/code/addons/aiwg-utils/skills/add-command/SKILL.md
- skillpackage/agentic/code/addons/aiwg-utils/skills/add-skill/SKILL.md
- skillpackage/agentic/code/addons/aiwg-utils/skills/add-template/SKILL.md
- skillpackage/agentic/code/addons/aiwg-utils/skills/aiwg-delivery-pr/SKILL.md
- skillpackage/agentic/code/addons/aiwg-utils/skills/aiwg-doctor/SKILL.md
- skillpackage/agentic/code/addons/aiwg-utils/skills/aiwg-guide/SKILL.md
- skillpackage/agentic/code/addons/aiwg-utils/skills/aiwg-help/SKILL.md
- skillpackage/agentic/code/addons/aiwg-utils/skills/aiwg-init/SKILL.md
- skillpackage/agentic/code/addons/aiwg-utils/skills/aiwg-issue/SKILL.md
- skillpackage/agentic/code/addons/aiwg-utils/skills/aiwg-language-map/SKILL.md
- skillpackage/agentic/code/addons/aiwg-utils/skills/aiwg-mcp-server/SKILL.md
- skillpackage/agentic/code/addons/aiwg-utils/skills/aiwg-mission/SKILL.md
- skillpackage/agentic/code/addons/aiwg-utils/skills/aiwg-pr/SKILL.md
- skillpackage/agentic/code/addons/aiwg-utils/skills/aiwg-refresh/SKILL.md
- skillpackage/agentic/code/addons/aiwg-utils/skills/aiwg-regenerate-agents/SKILL.md
- skillpackage/agentic/code/addons/aiwg-utils/skills/aiwg-regenerate-claude/SKILL.md
- skillpackage/agentic/code/addons/aiwg-utils/skills/aiwg-regenerate-codex/SKILL.md
- skillpackage/agentic/code/addons/aiwg-utils/skills/aiwg-regenerate-copilot/SKILL.md
- skillpackage/agentic/code/addons/aiwg-utils/skills/aiwg-regenerate-cursorrules/SKILL.md
- skillpackage/agentic/code/addons/aiwg-utils/skills/aiwg-regenerate-factory/SKILL.md
- skillpackage/agentic/code/addons/aiwg-utils/skills/aiwg-regenerate-opencode/SKILL.md
- skillpackage/agentic/code/addons/aiwg-utils/skills/aiwg-regenerate-warp/SKILL.md
- skillpackage/agentic/code/addons/aiwg-utils/skills/aiwg-regenerate-windsurfrules/SKILL.md
- skillpackage/agentic/code/addons/aiwg-utils/skills/aiwg-regenerate/SKILL.md
- skillpackage/agentic/code/addons/aiwg-utils/skills/aiwg-status/SKILL.md
- skillpackage/agentic/code/addons/aiwg-utils/skills/aiwg-sync/SKILL.md
- skillpackage/agentic/code/addons/aiwg-utils/skills/aiwg-utils-quickref/SKILL.md
- skillpackage/agentic/code/addons/aiwg-utils/skills/artifact-metadata/SKILL.md
- skillpackage/agentic/code/addons/aiwg-utils/skills/behavior/SKILL.md
- skillpackage/agentic/code/addons/aiwg-utils/skills/catalog/SKILL.md
- skillpackage/agentic/code/addons/aiwg-utils/skills/checkpoint/SKILL.md
- skillpackage/agentic/code/addons/aiwg-utils/skills/claims-validator/SKILL.md
- skillpackage/agentic/code/addons/aiwg-utils/skills/cleanup-audit/SKILL.md
- skillpackage/agentic/code/addons/aiwg-utils/skills/commit-and-push/SKILL.md
- skillpackage/agentic/code/addons/aiwg-utils/skills/config-validator/SKILL.md
- skillpackage/agentic/code/addons/aiwg-utils/skills/config/SKILL.md
- skillpackage/agentic/code/addons/aiwg-utils/skills/contribute-start/SKILL.md
- skillpackage/agentic/code/addons/aiwg-utils/skills/cost-history/SKILL.md
- skillpackage/agentic/code/addons/aiwg-utils/skills/cost-report/SKILL.md
- skillpackage/agentic/code/addons/aiwg-utils/skills/customize-contribute-back/SKILL.md
- skillpackage/agentic/code/addons/aiwg-utils/skills/customize-rebuild/SKILL.md
- skillpackage/agentic/code/addons/aiwg-utils/skills/customize-setup/SKILL.md
- skillpackage/agentic/code/addons/aiwg-utils/skills/customize-status/SKILL.md
- skillpackage/agentic/code/addons/aiwg-utils/skills/customize-upstream-sync/SKILL.md
- skillpackage/agentic/code/addons/aiwg-utils/skills/daemon-init/SKILL.md
- skillpackage/agentic/code/addons/aiwg-utils/skills/deploy-gen/SKILL.md
- skillpackage/agentic/code/addons/aiwg-utils/skills/doc-consolidate/SKILL.md
- skillpackage/agentic/code/addons/aiwg-utils/skills/doc-sync/SKILL.md
- skillpackage/agentic/code/addons/aiwg-utils/skills/execution-mode/SKILL.md
- skillpackage/agentic/code/addons/aiwg-utils/skills/feedback/SKILL.md
- skillpackage/agentic/code/addons/aiwg-utils/skills/git-mirror-audit/SKILL.md
- skillpackage/agentic/code/addons/aiwg-utils/skills/hook-disable/SKILL.md
- skillpackage/agentic/code/addons/aiwg-utils/skills/hook-enable/SKILL.md
- skillpackage/agentic/code/addons/aiwg-utils/skills/hook-regenerate/SKILL.md
- skillpackage/agentic/code/addons/aiwg-utils/skills/hook-status/SKILL.md
- skillpackage/agentic/code/addons/aiwg-utils/skills/index/SKILL.md
- skillpackage/agentic/code/addons/aiwg-utils/skills/install-plugin/SKILL.md
- skillpackage/agentic/code/addons/aiwg-utils/skills/install/SKILL.md
- skillpackage/agentic/code/addons/aiwg-utils/skills/list/SKILL.md
- skillpackage/agentic/code/addons/aiwg-utils/skills/mention-conventions/SKILL.md
- skillpackage/agentic/code/addons/aiwg-utils/skills/mention-lint/SKILL.md
- skillpackage/agentic/code/addons/aiwg-utils/skills/mention-report/SKILL.md
- skillpackage/agentic/code/addons/aiwg-utils/skills/mention-validate/SKILL.md
- skillpackage/agentic/code/addons/aiwg-utils/skills/mention-wire/SKILL.md
- skillpackage/agentic/code/addons/aiwg-utils/skills/metrics-tokens/SKILL.md
- skillpackage/agentic/code/addons/aiwg-utils/skills/migrate-hook/SKILL.md
- skillpackage/agentic/code/addons/aiwg-utils/skills/migrate-workspace/SKILL.md
- skillpackage/agentic/code/addons/aiwg-utils/skills/new-project/SKILL.md
- skillpackage/agentic/code/addons/aiwg-utils/skills/nl-router/SKILL.md
- skillpackage/agentic/code/addons/aiwg-utils/skills/ops/SKILL.md
- skillpackage/agentic/code/addons/aiwg-utils/skills/package-all-plugins/SKILL.md
- skillpackage/agentic/code/addons/aiwg-utils/skills/package-plugin/SKILL.md
- skillpackage/agentic/code/addons/aiwg-utils/skills/packages/SKILL.md
- skillpackage/agentic/code/addons/aiwg-utils/skills/parallel-dispatch/SKILL.md
- skillpackage/agentic/code/addons/aiwg-utils/skills/plugin-status/SKILL.md
- skillpackage/agentic/code/addons/aiwg-utils/skills/prefill-cards/SKILL.md
- skillpackage/agentic/code/addons/aiwg-utils/skills/project-awareness/SKILL.md
- skillpackage/agentic/code/addons/aiwg-utils/skills/project-status/SKILL.md
- skillpackage/agentic/code/addons/aiwg-utils/skills/remove/SKILL.md
- skillpackage/agentic/code/addons/aiwg-utils/skills/reproducibility-validate/SKILL.md
- skillpackage/agentic/code/addons/aiwg-utils/skills/roko-voice/SKILL.md
- skillpackage/agentic/code/addons/aiwg-utils/skills/rollback-workspace/SKILL.md
- skillpackage/agentic/code/addons/aiwg-utils/skills/run/SKILL.md
- skillpackage/agentic/code/addons/aiwg-utils/skills/runtime-info/SKILL.md
- skillpackage/agentic/code/addons/aiwg-utils/skills/scaffold-addon/SKILL.md
- skillpackage/agentic/code/addons/aiwg-utils/skills/scaffold-extension/SKILL.md
- skillpackage/agentic/code/addons/aiwg-utils/skills/scaffold-framework/SKILL.md
- skillpackage/agentic/code/addons/aiwg-utils/skills/schedule/SKILL.md
- skillpackage/agentic/code/addons/aiwg-utils/skills/sdlc-accelerate/SKILL.md
- skillpackage/agentic/code/addons/aiwg-utils/skills/session/SKILL.md
- skillpackage/agentic/code/addons/aiwg-utils/skills/skills/SKILL.md
- skillpackage/agentic/code/addons/aiwg-utils/skills/snapshot/SKILL.md
- skillpackage/agentic/code/addons/aiwg-utils/skills/soul-apply/SKILL.md
- skillpackage/agentic/code/addons/aiwg-utils/skills/soul-blend/SKILL.md
- skillpackage/agentic/code/addons/aiwg-utils/skills/soul-create/SKILL.md
- skillpackage/agentic/code/addons/aiwg-utils/skills/soul-disable/SKILL.md
- skillpackage/agentic/code/addons/aiwg-utils/skills/soul-enable/SKILL.md
- skillpackage/agentic/code/addons/aiwg-utils/skills/soul-enhance/SKILL.md
- skillpackage/agentic/code/addons/aiwg-utils/skills/soul-status/SKILL.md
- skillpackage/agentic/code/addons/aiwg-utils/skills/soul-to-voice/SKILL.md
- skillpackage/agentic/code/addons/aiwg-utils/skills/soul-validate/SKILL.md
- skillpackage/agentic/code/addons/aiwg-utils/skills/steward-prep-delivery/SKILL.md
- skillpackage/agentic/code/addons/aiwg-utils/skills/steward/SKILL.md
- skillpackage/agentic/code/addons/aiwg-utils/skills/summarize-transcript/SKILL.md
- skillpackage/agentic/code/addons/aiwg-utils/skills/team/SKILL.md
- skillpackage/agentic/code/addons/aiwg-utils/skills/template-engine/SKILL.md
- skillpackage/agentic/code/addons/aiwg-utils/skills/uninstall-plugin/SKILL.md
- skillpackage/agentic/code/addons/aiwg-utils/skills/update/SKILL.md
- skillpackage/agentic/code/addons/aiwg-utils/skills/use/SKILL.md
- skillpackage/agentic/code/addons/aiwg-utils/skills/validate-metadata/SKILL.md
- skillpackage/agentic/code/addons/aiwg-utils/skills/version/SKILL.md
- skillpackage/agentic/code/addons/aiwg-utils/skills/voice-to-soul/SKILL.md
- skillpackage/agentic/code/addons/aiwg-utils/skills/workspace-health/SKILL.md
- skillpackage/agentic/code/addons/aiwg-utils/skills/workspace-prune-working/SKILL.md
- skillpackage/agentic/code/addons/aiwg-utils/skills/workspace-realign/SKILL.md
- skillpackage/agentic/code/addons/aiwg-utils/skills/workspace-reset/SKILL.md
- skillpackage/agentic/code/addons/browser-control/skills/browser-doctor/SKILL.md
- skillpackage/agentic/code/addons/browser-control/skills/browser-reset/SKILL.md
- skillpackage/agentic/code/addons/browser-control/skills/browser-setup/SKILL.md
- prompt-filepackage/agentic/code/addons/context-curator/prompts/context-classification.md
- prompt-filepackage/agentic/code/addons/context-curator/prompts/scope-enforcement.md
- skillpackage/agentic/code/addons/daemon/skills/daemon-status/SKILL.md
- skillpackage/agentic/code/addons/doc-intelligence/skills/doc-scraper/SKILL.md
- skillpackage/agentic/code/addons/doc-intelligence/skills/doc-splitter/SKILL.md
- skillpackage/agentic/code/addons/doc-intelligence/skills/llms-txt-support/SKILL.md
- skillpackage/agentic/code/addons/doc-intelligence/skills/pdf-extractor/SKILL.md
- skillpackage/agentic/code/addons/doc-intelligence/skills/source-unifier/SKILL.md
- skillpackage/agentic/code/addons/guided-implementation/skills/iteration-control/SKILL.md
- skillpackage/agentic/code/addons/nlp-prod/skills/cost-optimizer/SKILL.md
- skillpackage/agentic/code/addons/nlp-prod/skills/eval-loop/SKILL.md
- skillpackage/agentic/code/addons/nlp-prod/skills/pattern-selector/SKILL.md
danger signals1
- suspicious bundled scriptsuspicious bundled scriptpackage/agentic/code/addons/aiwg-utils/skills/steward-prep-delivery/find-duplicates.sh:81
eval "$(python3 -c "
- recent drift+12 capability drift →
[](https://mcpobservatory.com/servers/npm:aiwg/security) Heuristic, inferred signals — false positives (legitimately powerful tools, forks, language ports) are expected. Treat each as "review this", not a verdict. See the ecosystem-wide picture on the security hub, or the fleet security of roctinam.