berabuddies

berabuddies / Semia

Public

Semia, security audit for AI agent skills.

claude-code codex openclaw security skill-scanner
27
2
100% credibility
Found May 13, 2026 at 27 stars -- GitGems finds repos before they trend. Get early access to the next one.
Sign Up Free
AI Analysis
Python
AI Summary

Semia audits AI agent skills by statically analyzing their content to report potential capabilities and risks without execution.

How It Works

1
đź’ˇ Discover Semia

You hear about a helpful tool that lets you peek inside AI agent skills to see what they might do, without any risk of running them.

2
📦 Set it up quickly

Grab the tool with a simple download and install, ready to use in moments.

3
đź”— Link your AI thinker

Connect a smart AI service you already use, so it can help understand the skills.

4
🔍 Check a skill safely

Point it at a skill folder, and it carefully reads the contents to map out possible actions and risks.

5
đź“Š Review the clear report

Get a readable summary with highlighted dangers, each tied to exact spots in the skill.

âś… Trust with confidence

Now you know exactly what skills can do, so you install only the safe ones.

Sign up to see the full architecture

4 more

Sign Up Free

Star Growth

See how this repo grew from 27 to 27 stars Sign Up Free
Repurpose This Repo

Repurpose is a Pro feature

Generate ready-to-use prompts for X threads, LinkedIn posts, blog posts, YouTube scripts, and more -- with full repo context baked in.

Unlock Repurpose
AI-Generated Review

What is Semia?

Semia audits AI agent skills—those markdown files packed with shell commands, network calls, and tool invocations—without ever executing them. It normalizes the skill, uses an LLM to map behaviors into Datalog facts, runs security rules to flag risks like secret reads followed by network writes, and spits out reports tying every finding to exact source lines. Built in Python, you get CLI commands like `semia scan ./skill` or plugins for Codex, Claude Code, and OpenClaw, plus SARIF for GitHub Code Scanning and JSON for tooling.

Why is it gaining traction?

In a semiarid landscape of AI agent security where most tools either run the code or miss grounded evidence, Semia delivers precise, non-executing semianalysis: every capability is backed by quotes from the skill itself. Zero runtime dependencies mean it installs anywhere Python 3.11+ runs, and host plugins let agents like Claude audit skills mid-chat without API keys. Developers dig the evidence-backed reports that turn "trust the README" into "14 actions, 6 effects, 2 secret reads—here's the lines."

Who should use this?

AI agent builders reviewing untrusted skills from marketplaces, security engineers gating PRs on agent tools, or teams deploying skills that touch credentials and local machines. Perfect for Python devs in semiaquatisch agent ecosystems auditing before install, especially with GitHub integration.

Verdict

Grab it now if you're auditing agent skills—solid docs, pre-commit hooks, and 95% test coverage make it production-ready despite 27 stars and 1.0% credibility score. Early alpha, so watch for edge cases in complex skills, but Apache 2.0 and offline baseline keep risks low.

(198 words)

Sign up to read the full AI review Sign Up Free

Similar repos coming soon.