When you install an AI agent skill, you're running code pulled from GitHub at HEAD with no signing, versioning, or scanning. Vett scans every skill before it reaches your machine: static analysis, exfiltration chain detection, OSV dependency checks, and Sigstore signing. Early scans have already turned up malware disguised as Google and LinkedIn tools, and skills with thousands of installs that quietly modify your agent's own configuration files.see more
Founder
Screenshots
About
In the rapidly expanding world of AI agents, installing new skills feels like a leap of faith. You find an exciting new capability on GitHub, hit install, and suddenly you are executing code pulled directly from the main branch, often without any real assurance of what that code is actually doing. This is where 101. vett steps in, fundamentally changing how you interact with the AI ecosystem. Think of vett as your essential security checkpoint, designed to bring trust and transparency back to agent deployment. Before any potentially risky code ever touches your machine, vett performs a deep, multi-layered inspection. We go far beyond a simple glance, running comprehensive static analysis to understand the code's intent, meticulously detecting any hidden exfiltration chains designed to steal sensitive data, and performing rigorous dependency checks against known vulnerabilities using OSV databases. This proactive defense is crucial because we have already uncovered alarming threats, including sophisticated malware disguised cleverly as legitimate tools from major providers like Google and LinkedIn, and even seemingly popular skills with massive user bases that were quietly altering their own core configuration files in dangerous ways. vett ensures you are in complete control of what your agents are allowed to execute.