agent-bom

Scans AI infrastructure for vulnerabilities, generates SBOMs, and enforces compliance across multiple AI platforms.

Install this skill

73/100

Security score

The agent-bom skill was audited on Jun 8, 2026 and we found 9 security issues across 4 threat categories, including 1 high-severity. Review the findings below before installing.

Categories Tested

Security Issues

high line 172

Template literal with variable interpolation in command context

SourceSKILL.md

172	- Use `${env:VAR}` references, never literal credential values

medium line 169

Access to .env file

SourceSKILL.md

169	- API keys, tokens, passwords, or `.env` contents

low line 27

Unicode escape sequences

SourceSKILL.md

27	emoji: "\U0001F6E1"

low line 19

External URL reference

SourceSKILL.md

19	smithery: https://smithery.ai/server/agent-bom/agent-bom

low line 20

External URL reference

SourceSKILL.md

20	scorecard: https://securityscorecards.dev/viewer/?uri=github.com/msaad00/agent-bom

low line 38

External URL reference

SourceSKILL.md

38	- url: "https://trustworthy-solace-production-14a6.up.railway.app/sse"

low line 89

External URL reference

SourceSKILL.md

89	# Connect: { "type": "sse", "url": "http://localhost:8080/sse" }

low line 147

External URL reference

SourceSKILL.md

147	"url": "https://trustworthy-solace-production-14a6.up.railway.app/sse"

low line 181

External URL reference

SourceSKILL.md

181	- OpenSSF Scorecard: [securityscorecards.dev](https://securityscorecards.dev/viewer/?uri=github.com/msaad00/agent-bom)

Scanned on Jun 8, 2026

View Security Dashboard

Installation guide →

GitHub Stars 1

Rate this skill

Categorydevelopment

UpdatedJune 15, 2026

openclaw api devops security-engineer devops-sre data-engineer ml-ai-engineer product-manager docker development product

Zeno-sole/zeno-skills