Claude Skill

berabuddies/Semia

Semia 是一款开源静态分析工具,用于审计 AI 代理技能(包括 Claude Code 和 Codex)的安全性,检测技能定义中的漏洞。

概览

Stars552
Forks58
语言Python
最后更新2026-06-30
最近同步2026-07-03
前往 GitHub

仓库信息

拥有者berabuddies
仓库Semia
完整名称berabuddies/Semia
Repo ID1,229,574,762

安装这个 Skill

pip install semia-audit

Registry 信息

类型openclaw_skill
质量分85/100
验证状态readme_parsed
最近验证2026-06-11
平台
ClaudeOpenClawCodex
能力
pdfterminalworkflowclaude-codecodexopenclawsecurityskill-scannerstatic-analysis
识别文件
README.mddocspyproject.tomltests
配置键
OPENAI_API_KEYOPENAI_BASE_URLANTHROPIC_API_KEYANTHROPIC_BASE_URLURL

项目简介

Semia 是一款专为 AI 代理技能(包括 Claude Code 和 Codex)设计的安全审计工具。它通过静态分析检测技能定义中的漏洞,帮助开发者构建更安全的 AI 代理。

英文描述

Semia, security audit for AI agent skills.

要点

  • 针对 AI 代理技能安全的静态分析
  • 支持 Claude Code 和 Codex 技能扫描
  • 检测技能定义中的漏洞
  • 开源安全审计框架

使用场景

  • 审计 Claude Skill 定义中的安全缺陷
  • 将安全检查集成到 AI 代理开发流程中
  • 防止代理中执行恶意或不安全的技能

README 摘要

# Semia > **Security audit for AI agent skills.** Know what a skill *can* do > before you trust it. [![CI](https://github.com/berabuddies/Semia/actions/workflows/ci.yml/badge.svg)](https://github.com/berabuddies/Semia/actions/workflows/ci.yml) [![Lint](https://github.com/berabuddies/Semia/actions/workflows/lint.yml/badge.svg)](https://github.com/berabuddies/Semia/actions/workflows/lint.yml) [![codecov](https://codecov.io/gh/berabuddies/Semia/graph/badge.svg)](https://codecov.io/gh/berabuddies/Semia) [![License: Apache-2.0](https://img.shields.io/badge/license-Apache--2.0-blue.svg)](LICENSE) [![Python](https://img.shields.io/badge/python-3.11%2B-blue.svg)](pyproject.toml) Agent skills are markdown files with embedded shell commands, network calls, and tool invocations. They run with **your credentials, on your machine, with your data**. Semia reads a skill as data — never executes it — and produces an evidence-backed report of every capability it may exercise. It is the difference between > *"I trust this skill because the README looks fine."* and > *"I trust this skill because Semia extracted 14 actions, 6 effects, > and 2 secret reads — and every one is grounded in a specific source line."* --- ## Quick example Pick whichever fits how you already work. ### As a CLI ```bash pip install semia-audit semia scan ./some-skill ``` `scan` does prepare → synthesize (via your configured LLM provider) → detect → report in one shot. Output lands under `.semia/runs/<skill-slug>/` by default — pass `--out <path>` to override. You'll need an LLM provider configured first — see [Set up an LLM provider](#set-up-an-llm-provider) below. ### Inside Codex, Claude Code, or OpenClaw Install the plugin once. Each host has its own flow. **Codex** — pick either path: *Shell (sc

话题

探索更多

数据来自 GitHub,同步时间:2026-07-03