agent-bom
Scans AI infrastructure for vulnerabilities, generates SBOMs, and enforces compliance across multiple AI platforms.
Install this skill
or
73/100
Security score
The agent-bom skill was audited on Jun 8, 2026 and we found 9 security issues across 4 threat categories, including 1 high-severity. Review the findings below before installing.
Categories Tested
Security Issues
high line 172
Template literal with variable interpolation in command context
SourceSKILL.md
| 172 | - Use `${env:VAR}` references, never literal credential values |
medium line 169
Access to .env file
SourceSKILL.md
| 169 | - API keys, tokens, passwords, or `.env` contents |
low line 27
Unicode escape sequences
SourceSKILL.md
| 27 | emoji: "\U0001F6E1" |
low line 19
External URL reference
SourceSKILL.md
| 19 | smithery: https://smithery.ai/server/agent-bom/agent-bom |
low line 20
External URL reference
SourceSKILL.md
| 20 | scorecard: https://securityscorecards.dev/viewer/?uri=github.com/msaad00/agent-bom |
low line 38
External URL reference
SourceSKILL.md
| 38 | - url: "https://trustworthy-solace-production-14a6.up.railway.app/sse" |
low line 89
External URL reference
SourceSKILL.md
| 89 | # Connect: { "type": "sse", "url": "http://localhost:8080/sse" } |
low line 147
External URL reference
SourceSKILL.md
| 147 | "url": "https://trustworthy-solace-production-14a6.up.railway.app/sse" |
low line 181
External URL reference
SourceSKILL.md
| 181 | - **OpenSSF Scorecard**: [securityscorecards.dev](https://securityscorecards.dev/viewer/?uri=github.com/msaad00/agent-bom) |
Scanned on Jun 8, 2026
View Security DashboardGitHub Stars 1
Rate this skill
Categorydevelopment
UpdatedJune 15, 2026
openclawapidevopssecurity-engineerdevops-sredata-engineerml-ai-engineerproduct-managerdockerdevelopmentproduct
Zeno-sole/zeno-skills