AAF AAF Cloud Scan Before you install it, scan it.
Public GitHub repo scanning, safety-first

Public repo scanning, safety-first MVP

Scan agent artifact repos before they reach your workflow.

Paste a public GitHub repository URL and run Agent Artifact Firewall in an isolated scan job. Review verdict, severity, artifact classes, and findings before you install a skill, plugin, hook, MCP config, or repo instruction pack.

Public GitHub repos only Archive-only file analysis GitHub Actions isolation Signed result callbacks
Start a scan

Paste a GitHub repository URL

Submit a public repository, queue a safe isolated scan, then review a clean report page with verdict, findings, and downloadable outputs.

MVP supports public GitHub repositories only.

What the experience should feel like

Simple front door, serious scan path.

The visual pass is intentionally cleaner and lighter. The page should feel trustworthy, modern, and focused on one action, without reading like a prototype or a security dashboard dump.

01

What gets scanned

The page quickly explains the agent artifact classes users actually care about.

  • Agent skills and instruction packs
  • Hooks and helper scripts
  • MCP configuration files
  • Plugin manifests and repo instructions
02

How it works

The interaction stays understandable for non-technical users.

  1. Submit repo URL
  2. Queue isolated scan job
  3. Run AAF against repo files
  4. Review verdict and findings
03

MVP guardrails

The product leads with trust and boundaries, not hype.

  • Strict GitHub URL validation
  • Public repos only
  • Rate limits and size checks
  • No repo code execution

Why this exists

A trust-and-safety layer for agent artifacts.

Agent Artifact Firewall helps teams inspect the files that shape agent behaviour before install, merge, or adoption. The public product should feel calm and credible, with enough polish to inspire trust while staying narrow and useful.

Clear verdict

Users should understand the outcome quickly, not decode security tooling jargon.

Clean findings

Severity, artifact classes, and recommendations need to be readable on first scan.

Downloadable outputs

JSON and Markdown reports should feel like part of a polished product, not an afterthought.