Security & Self-Audit
AgentVerus scans AI agent skills for security and trust risks. A scanner that enforces a standard has to meet that standard itself — so we adversarially audit our own tooling and publish what we find. This page documents that practice.
0.8.1 — we found and fixed a ReDoS in our own scanner
During an internal adversarial audit, we red-teamed the scanner against itself and found a real denial-of-service: a crafted skill file triggered catastrophic regex backtracking (ReDoS). A roughly 2 MB input took about 104 seconds to scan — long enough to hang any pipeline that scanned attacker-supplied content.
The fix bounded roughly 90 regex patterns to line-confined windows and rewrote the HTML-comment detector as a linear scan. Critically, the change is behavior-preserving: detection is byte-identical on a 224-sample benchmark (F1 0.8425), so the hardening cost nothing in coverage.
Upgrade to 0.8.1
Anyone on 0.8.0 or earlier should upgrade. The fix is published; the upgrade is the mitigation.
npm install agentverus-scanner@latestThe MCP server agentverus-scanner-mcp@0.1.2 depends on the hardened core, so updating it pulls the fix automatically.
Responsible disclosure
Found a vulnerability in the scanner, the API, or this site? Report it privately via GitHub Security Advisories. Please give us a reasonable window to ship a fix before public disclosure.
- We triage reports quickly and credit reporters who want it.
- Security fixes ship with a public changelog entry and, where relevant, an advisory.
- We favor behavior-preserving fixes so a security patch never silently weakens detection.
The standard we hold ourselves to
Published trust findings come from six weighted analyzers (permissions, injection, dependencies, behavioral, content, and code-safety), mapped to the ASST taxonomy. Releases are attestable: CI publishes only on a version-matched tag, so a published version always corresponds to a known commit.