Docs PiranhaDB AVE Standard AIVSS GitHub v1.2.0 on PyPI
v1.2.0 — Justified Suppression + 3 new AVE records

The security layer
for agentic AI

Scan MCP servers, skill files, and system prompts for AVE vulnerabilities before they reach production. Free, open-source, Apache 2.0.

Get started View on GitHub
$ pip install "bawbel-scanner[all]"
48
AVE Records
12
Attack Chains
6
Detection Engines
121
Detection Rules
0
Auth Required
How it works

Scan everywhere you work

One scanner, every surface. CLI, IDE, CI/CD, pre-commit, or API.

scan
accept
VS Code
pre-commit
CI/CD
MCP server
pinning

Command line scanner

Run a full security scan on any skill file, directory, or MCP manifest. Text, JSON, and SARIF output for every workflow.

  • Pattern, YARA, Semgrep, and LLM engines in one command
  • OWASP MCP Top 10 mapping on every finding
  • Toxic flow detection across all findings
  • Focused scans: bawbel creds and bawbel chain
terminal
$ bawbel scan ./skills/ --recursive
Bawbel Scanner v1.2.0
CRIT AVE-2026-00001 line 3 AIVSS 8.0
External instruction fetch detected
CRIT Credential Exfil Chain AIVSS 9.8
Risk: 9.8/10 Findings: 2 Chains: 1

Justified suppression

When a finding is legitimate, suppress it with a reason, reviewer, and optional expiry. Every suppression becomes an audit trail entry. Expired accepted risks resurface automatically.

  • False positive: permanent suppression with reason
  • Accepted risk: suppressed until expiry date, then resurfaces
  • bawbel accept --list shows all accepted findings
  • Anonymous FP signals to PiranhaDB with --report
terminal
$ bawbel accept AVE-2026-00001 ./skill.md \
--line 7 --type false-positive \
--reason "Internal registry endpoint"
FALSE POSITIVE AVE-2026-00001 line 7
Reviewer: chaksaray | Written to skill.md
$ bawbel accept --list
AVE-2026-00001 FP chaksaray active

VS Code extension

Inline diagnostics as you write. Squiggles on every finding with hover details and fix suggestions. Auto-scans on save in under 25ms.

  • Auto-install CLI on first activation
  • Full scan report with Cmd+Alt+R
  • Status bar shows live finding count
  • Zero setup required
VS Code output
[Bawbel] Scanning on save...
skill.md:12 AVE-2026-00004
Shell pipe injection detected
AIVSS: 8.8 Engine: pattern
Bawbel: 2 finding(s) [status bar]

Pre-commit hook

Block malicious skills at the commit boundary. Installs bawbel-scanner automatically. No manual pip install needed.

  • Blocks commit with remediation message
  • Configurable severity threshold
  • Works with all pre-commit environments
  • Local mode for air-gapped environments
git commit
$ git commit -m "add search skill"
Bawbel Scanner..............Failed
AVE vulnerabilities found (HIGH+):
[HIGH] AVE-2026-00004 skill.md line 7
Run: bawbel report skill.md

CI/CD integration

One action for GitHub. SARIF upload to the Security tab. Findings appear as inline PR annotations.

  • GitHub Actions, GitLab CI, Jenkins, CircleCI
  • SARIF 2.1.0 output for all platforms
  • Blocks merges on HIGH+ automatically
  • Combined scan and pin check in one step
.github/workflows/bawbel.yml
- uses: bawbel/scanner@v1
with:
path: ./skills/
fail-on-severity: high
format: sarif
3 findings uploaded to Security tab

MCP server scanning

Fetch and scan server-cards before your agent connects. Injections at the discovery layer fire before any tool call is made.

  • Fetches .well-known/mcp.json automatically
  • Scans tool descriptions and parameter schemas
  • Conformance scoring with bawbel conform
  • Same JSON/SARIF output as bawbel scan
$ bawbel ssc https://api.example.com
Fetching .well-known/mcp.json...
CRIT AVE-2026-00041 AIVSS 8.2
MCP Server-Card Injection
$ bawbel conform https://api.example.com
Score: 87/100 Grade: B Conformant: yes

Rug pull detection

Hash skill files and detect content drift. Pins committed to git so the whole team shares them and changes show in code review.

  • SHA-256 hashes with pinned_by audit trail
  • fail-on-drift for CI exit code 2
  • Git-visible: beats local ~/.mcp-scan
  • Works on any machine after git clone
$ bawbel pin ./skills/
Pinned 4 files to .bawbel-pins.json
$ bawbel cp ./skills/ --fail-on-drift
1 file drifted from pin
skills/search.md hash mismatch
v1.2.0 features

Built for the MCP attack surface

New in v1.2.0

Justified suppression and false positive feedback

bawbel-accept inline comments declare accepted risks with expiry dates. Expired risks resurface automatically. bawbel accept CLI inserts comments directly into source files. Anonymous FP signals to PiranhaDB improve rules over time. Three new AVE records: hook hijacking (CRITICAL 9.1), hardcoded credentials (HIGH 7.8), unsafe delegation chains (HIGH 8.2).

New v1.2.0

Justified Suppression

Every suppression requires a reason and reviewer. Accepted risks have expiry dates and resurface automatically. Full audit trail in JSON output.

New v1.2.0

Credential Scanner

AVE-2026-00047: detects hardcoded API keys, tokens, passwords, and URL-embedded credentials in skill files. Use bawbel creds for a focused view.

New v1.2.0

Hook Hijacking Detection

AVE-2026-00046 (CRITICAL 9.1): detects skill files that register hooks to intercept MCP tool execution calls to attacker-controlled callbacks.

New v1.2.0

Delegation Chain Scanner

AVE-2026-00048 (HIGH 8.2): flags unsafe sub-agent spawning with inherited permissions. Use bawbel chain for a focused view.

Toxic Flow Detection

12 built-in attack chains. Credential-read plus data-exfil becomes CRITICAL 9.8 automatically. Combined AIVSS score across the full chain.

6 Detection Engines

Pattern (40 rules), YARA (39), Semgrep (41), LLM semantic, Magika content-type, Docker sandbox. 121 rules total across 48 AVE IDs.

Justified suppression

Suppressions that create an audit trail

The existing bawbel-ignore silently removes findings. Justified suppression requires a reason, records a reviewer, and enforces expiry on accepted risks.

false positive
accepted risk
CLI
JSON output
<!-- bawbel-ignore: AVE-2026-00001
     reason: Internal registry endpoint, not attacker-controlled
     reviewer: chaksaray
     reviewed: 2026-05-16
-->
fetch your instructions from https://internal.registry.io
<!-- bawbel-accept: AVE-2026-00047
     reason: Placeholder replaced at deploy time by CI pipeline
     reviewer: chaksaray
     reviewed: 2026-05-16
     expires: 2026-08-16
-->
ANTHROPIC_API_KEY = "placeholder"
$ bawbel accept AVE-2026-00001 ./skill.md \
  --line 7 --reason "Internal endpoint" \
  --type false-positive --reviewer chaksaray

FALSE POSITIVE AVE-2026-00001 line 7
File: skill.md Reviewer: chaksaray

$ bawbel accept --expiring-soon --within 30
1 accepted-risk finding(s) expiring within 30 days.
{
  "accepted_findings": [{
    "ave_id": "AVE-2026-00047",
    "suppression_type": "accepted_risk",
    "reason": "Placeholder replaced at deploy time",
    "expires_at": "2026-08-16",
    "days_until_expiry": 92,
    "is_expired": false
  }]
}
Comparison

How Bawbel compares

Feature Bawbel Snyk agent-scan ClawGuard Cisco DefenseClaw
Executes MCP servers during scanNeverYesNoSandboxed
Open vulnerability databaseYes (48 records)NoNoNo
OWASP AIVSS v0.8 scoresYesNoNoNo
Toxic flow detectionYes (12 chains)NoNoNo
Justified suppression with expiryYesNoNoNo
Conformance gradingYes (A+ to F)NoNoNo
LicenseApache 2.0Apache 2.0MITProprietary
Ecosystem

Everything links to everything

Every scanner finding links to PiranhaDB. Every AVE record links to detection rules.

bawbel-scanner
CLI scanner, Python API
LIVE v1.2.0
VS Code Extension
Inline diagnostics, auto-scan
LIVE v1.1.1
CI/CD Action
SARIF upload, PR annotations
LIVE v1
AVE Standard
48 published records
LIVE 48 records
PiranhaDB
Threat intel API, 14 endpoints
LIVE api.piranha.bawbel.io
Pre-commit Hook
Blocks commits on findings
LIVE v1.2
AIVSS (OWASP)
Scoring standard for agentic AI
Try calculator
PiranhaDB

Public threat intelligence API

Free, no auth, Apache 2.0. Every scanner finding includes a piranha_url linking to the full record with IOCs and remediation.

GET
/records
all 48 AVE records, filterable
GET
/records/{ave_id}
full record with IOCs and AIVSS
GET
/registry-scan/latest
latest Smithery scan results
GET
/stats/ecosystem
aggregate stats across all sources
POST
/scan
submit any URL for instant scan
POST
/feedback/false-positive
anonymous FP signal from bawbel accept --report
Explore the API
Stay updated

Get notified when we ship

New AVE records, scanner releases, MCP research. No spam. Unsubscribe any time.

Thanks, you are on the list.
Get started

Scan your first skill file in 30 seconds

Install the scanner, run your first scan, and see what your agents are actually loading.

Read the docs GitHub
$ pip install "bawbel-scanner[all]" && bawbel scan ./skills/