SkillSpector is a security scanner designed to detect vulnerabilities and malicious patterns in AI agent plugins and extensions before they are installed. It functions as a runtime guardrail that calculates numeric risk scores and assigns severity labels to provide installation recommendations or block risky external extensions. The project distinguishes itself by using language models to perform semantic code analysis, evaluating code intent and context to reduce false positives. It also employs fingerprint-based issue suppression to track and ignore previously accepted risks across repeated
Trivy is a comprehensive security scanner designed to identify vulnerabilities and misconfigurations across container images, filesystems, and infrastructure as code files. It functions as a software composition analysis tool and an infrastructure security scanner, providing automated checks for CI/CD pipelines and cloud environments to ensure the integrity of the software supply chain. The tool distinguishes itself through a modular, plugin-based architecture that allows for the independent inspection of diverse targets. It utilizes a declarative policy engine to evaluate configurations agai
ChatGPT-CodeReview is an AI-driven code analysis tool and bot that uses a large language model to automatically review pull request diffs and post feedback on code changes. It functions as a system for detecting bugs and suggesting improvements in source code. The tool provides a containerized runtime for deployment as a background process or through a GitHub Action. Users can customize the analysis behavior, style, and technical depth by adjusting model parameters and system prompts. The system handles automated code review workflows by triggering analysis via webhooks and CI pipelines, upd
waka-readme-stats is an automated profile README updater and developer statistics dashboard. It integrates with the WakaTime API and compatible self-hosted endpoints to synchronize time-tracking data, which it then transforms into a formatted display of coding hours, languages, and operating systems. The tool operates as a GitHub Action that fetches metrics and automatically updates a profile README file by replacing marker comments with dynamic content via git commits. It allows for custom API endpoint integration to support self-hosted services. The system provides capabilities for metrics