Security scanner for MCP servers and skill files. Detects AVE vulnerabilities before production.
The only open-source scanner that produces OWASP AIVSS scores for MCP servers and skill files. Never executes code. Bawbel never executes your MCP servers. Command | Description | | Scan a skill file or directory for AVE vulnerabilities. Supports , , , , | | Scan a component and show a full remediation guide with fix guidance per finding | | Focused scan — hardcoded credentials and secret…
Verification confirms publisher identity (repo ownership), not code safety. The security scan covers known CVEs and suspicious install scripts — it cannot prove the absence of malicious code.
The only open-source scanner that produces OWASP AIVSS scores for MCP servers and skill files. Never executes code. Bawbel never executes your MCP servers. Command | Description | | Scan a skill file or directory for AVE vulnerabilities. Supports , , , , | | Scan a component and show a full remediation guide with fix guidance per finding | | Focused scan — hardcoded credentials and secret exposure only | | Focused scan — unsafe agent delegation chains only | | Fetch and scan an MCP server-card…