aiclude-vulns-scan

TotalClaw 作者 totalclaw

从 AICLUDE 扫描数据库中搜索 MCP 服务器和 AI 代理技能的安全漏洞扫描结果。

源码 ↗

安装 / 下载方式

TotalClaw CLI推荐

totalclaw install totalclaw:totalclaw~mastergear4824-aiclude-vulns-scan

cURL直接下载，无需登录

curl -fsSL https://skills.taituai.com/api/skills/totalclaw%3Atotalclaw~mastergear4824-aiclude-vulns-scan/file -o mastergear4824-aiclude-vulns-scan.md

Git 仓库获取源码

git clone https://github.com/aiclude/asvs

## 概述（中文）

从 AICLUDE 扫描数据库中搜索 MCP 服务器和 AI 代理技能的安全漏洞扫描结果。

## 原文

# /security-scan - AICLUDE Vulnerability Scanner

Search the AICLUDE security scan database for vulnerability reports on MCP Servers and AI Agent Skills. If no report exists, the target is registered and scanned automatically.

## Usage

```
/security-scan --name <package-name> [--type mcp-server|skill]
```

## Parameters

- `--name`: Package name to search (npm package, GitHub repo, etc.)
- `--type`: Target type (`mcp-server` | `skill`) - auto-detected if omitted

## Examples

```
/security-scan --name @anthropic/mcp-server-fetch
/security-scan --name my-awesome-skill --type skill
```

## How It Works

1. Sends the package name to the AICLUDE scan API
2. If a scan report exists, returns it immediately
3. If not, registers the target for scanning
4. Waits for the scan to complete and returns the results
5. Results are also viewable at https://vs.aiclude.com

Only the package name and type are sent. No source code or credentials are transmitted.

## Output

- **Risk Level** (CRITICAL / HIGH / MEDIUM / LOW / INFO)
- **Vulnerability List** with locations and descriptions
- **Risk Assessment** and remediation recommendations

## Links

- **Web Dashboard**: https://vs.aiclude.com
- **npm**: [`@aiclude/security-skill`](https://www.npmjs.com/package/@aiclude/security-skill)
- **MCP Server**: [`@aiclude/security-mcp`](https://www.npmjs.com/package/@aiclude/security-mcp)

## License

Apache 2.0 - AICLUDE Inc.