Claude Skill
berabuddies/Semia
Semia 是一款开源静态分析工具,用于审计 AI 代理技能(包括 Claude Code 和 Codex)的安全性,检测技能定义中的漏洞。
概览
仓库信息
安装这个 Skill
pip install semia-auditRegistry 信息
项目简介
Semia 是一款专为 AI 代理技能(包括 Claude Code 和 Codex)设计的安全审计工具。它通过静态分析检测技能定义中的漏洞,帮助开发者构建更安全的 AI 代理。
Semia, security audit for AI agent skills.
要点
- 针对 AI 代理技能安全的静态分析
- 支持 Claude Code 和 Codex 技能扫描
- 检测技能定义中的漏洞
- 开源安全审计框架
使用场景
- 审计 Claude Skill 定义中的安全缺陷
- 将安全检查集成到 AI 代理开发流程中
- 防止代理中执行恶意或不安全的技能
README 摘要
# Semia > **Security audit for AI agent skills.** Know what a skill *can* do > before you trust it. [](https://github.com/berabuddies/Semia/actions/workflows/ci.yml) [](https://github.com/berabuddies/Semia/actions/workflows/lint.yml) [](https://codecov.io/gh/berabuddies/Semia) [](LICENSE) [](pyproject.toml) Agent skills are markdown files with embedded shell commands, network calls, and tool invocations. They run with **your credentials, on your machine, with your data**. Semia reads a skill as data — never executes it — and produces an evidence-backed report of every capability it may exercise. It is the difference between > *"I trust this skill because the README looks fine."* and > *"I trust this skill because Semia extracted 14 actions, 6 effects, > and 2 secret reads — and every one is grounded in a specific source line."* --- ## Quick example Pick whichever fits how you already work. ### As a CLI ```bash pip install semia-audit semia scan ./some-skill ``` `scan` does prepare → synthesize (via your configured LLM provider) → detect → report in one shot. Output lands under `.semia/runs/<skill-slug>/` by default — pass `--out <path>` to override. You'll need an LLM provider configured first — see [Set up an LLM provider](#set-up-an-llm-provider) below. ### Inside Codex, Claude Code, or OpenClaw Install the plugin once. Each host has its own flow. **Codex** — pick either path: *Shell (sc