Free public GitHub scanner

Catch risky agent-facing repo files before they enter your workflow.

Security review for SKILL.md, AGENTS.md, hooks, MCP configs, scripts, and repo instructions.

AAF Cloud Scan helps maintainers, reviewers, and builders inspect public GitHub repositories for files that can steer, poison, or abuse agent workflows before install, merge, or adoption.

Built for trust-sensitive review

Focused on the files that shape agent behaviour, not just the application code underneath them.

No target repo code execution Public repos only Readable verdicts + downloadable reports
Verdict Safe / Review / High risk
Checks Skills · hooks · MCP · scripts
Outputs JSON + Markdown reports
Execution model Isolated workflow with signed callback
Sample report snapshot

Repository review verdict

A believable preview of the kind of signal this tool is meant to surface fast.

Needs review
Risk score 68
Flagged findings 7
Artifact classes 4
run 05a7ffd9 public github repo signed callback

Prompt-injection language in SKILL.md

Approval-bypass phrasing and hidden operator instructions detected in skill guidance.

High

Unsafe hook execution path

Repository hook references shell execution patterns that deserve manual review before trust.

Medium

MCP configuration exposure

Config shape suggests tool access expansion and outbound workflow capability.

Review
Start a repository scan

Paste a public GitHub repository URL

Queue a scan, open a report, and review verdicts, flagged files, and downloadable outputs in one place.

Free right now: built for the GitHub community while the product matures.

Public GitHub repositories only. Private repositories are not supported.

Why this matters

The new attack surface is often outside the application code.

Agent workflows can be compromised by repo-level files that shape what the agent sees, trusts, and executes. That is why this scanner is built to surface risky instructions and automation artifacts early.

Agent risk can hide in repo instructions, hooks, manifests, and config long before anyone notices at runtime.
SKILL.md instruction packs AGENTS.md repo guidance Hooks and bootstrap scripts MCP configs Plugin manifests Prompt-injection phrasing Approval-bypass language Secret access attempts

What the product gives you

Fast review signal, not just a generic scan form.

Designed to make trust decisions easier before install, merge, or adoption.

01

Clear verdicts

Understand quickly whether a repo looks safe, needs review, or carries obvious agent-facing risk.

02

Actionable findings

See flagged files, artifact classes, and why they deserve scrutiny without digging through raw logs.

03

Exportable reports

Download JSON and Markdown outputs for internal review, audit notes, and handoff workflows.

How it works

A narrow, trust-first scan flow.

The product is intentionally scoped to review public GitHub repositories without executing target repo code.

01

Validate the repository

Check that the URL is a supported public GitHub repo and apply size and scope guardrails before queueing.

02

Run an isolated review

Queue an isolated workflow that inspects agent-facing files and returns a signed callback with the result.

03

Review the output

Open a readable report page with verdict, findings, severity context, and downloadable report formats.

Trust model

Built to reduce review friction without pretending to be magic.

Guardrails

  • Strict GitHub URL validation
  • Public repositories only
  • Rate limits and repository size checks
  • No target repo code execution

Trust signals

  • Readable verdict categories
  • Structured findings with context
  • Downloadable JSON and Markdown
  • Signed callback flow for result integrity

Use it your way

Use the hosted scanner, inspect the GitHub repository directly, or wire the command-line and action flow into your own review process.

View the GitHub repository