The trust layer for the agent internet
Every skill scanned for malicious patterns. Permissions inferred automatically. Artifacts immutably versioned.
terminallooping demo
▍
34K+
Skills indexed
17
Agent platforms
100%
Scanned
<50ms
Install time
Why Vett?
Skills are pulled directly from GitHub with no versioning, no signing, no scanning. We fix that.
01
Security Scanning
Pattern matching for malicious code, credential theft, data exfiltration, and cognitive hijacking attempts.
02
Permission Inference
Automatically detect filesystem, network, shell, and environment access requirements before installation.
03
Artifact Mirroring
Immutable, content-addressed storage. No force-push risk. No upstream deletions or tampering.
04
Instant Response
Malicious skills yanked immediately. Real-time threat intelligence shared across the ecosystem.
One command.
Full visibility.
Before you install, know exactly what a skill can do.
1
Cryptographic verification
Every artifact has a unique hash. What we scanned is what you install.
2
Static analysis
Pattern matching for known threats and suspicious behaviors.
3
Permission manifest
Clear declaration of all access requirements upfront.
vett info
cursor/skills/web-scraper@2.1.0
Web scraping utilities for agents
Permissions
network: write
filesystem: read
shell: none
Security
⚠ 1 finding
net-fetch: Makes HTTP requests
Trust, then install.
The agent supply chain attack is coming. The trust layer is being built now.