We got scared shitless
Why Aescut exists
The moment it clicked
We were building with Claude Code, Cursor, Codex — installing skills and MCP servers as fast as we found them. A filesystem tool here, a GitHub integration there, a Slack connector for good measure. The workflow was great. The speed was incredible.
Then someone on the team asked: "Wait — what permissions does that skill actually have?"
The answer was: all of them. Every skill runs with your agent's full permissions. File read. File write. Shell execution. Network access. And we'd been installing them from random GitHub repos with nothing more than a skim of the README.
It's worse than you think
A skill is code that your AI agent executes on your behalf. It reads your files. It makes HTTP requests. It runs shell commands. It has access to your credentials, your environment variables, your entire project.
A single compromised skill can exfiltrate your SSH keys, inject a backdoor into your codebase, or open a reverse shell to an attacker — and your agent will do it without hesitation, because you told it to install the tool.
This isn't theoretical. Skills and MCP servers are the largest unvetted attack vector in AI-assisted development. There's no npm audit for them. No signature verification. No review process. You install, you trust, you hope.
So we stopped hoping
At Aeptus, we built an internal rule: nothing gets installed until it's been checked. We created a registry. We wrote an automated analyzer that reads the source code and flags permissions, network access, destructive operations, and supply chain signals. We added human review on top.
It worked. Our agents stopped blindly installing tools. Our team stopped wasting hours on manual code audits. And every week we caught something we would have missed before — an overly broad permission, an undeclared network call, a dependency with no lockfile.
Why it's open source
Because keeping this private would defeat the purpose. If our agents are safe but yours aren't, the ecosystem is still broken. The same compromised skill we caught internally will hit a team that didn't check.
Aescut is the registry we wished existed when we first got scared. Now it does — as a website, as a JSON API, and as an MCP server that gives your agent the ability to check before it runs. One install, and your agent has access to every reviewed skill in the registry.
Safety shouldn't be proprietary. Fear shouldn't be the default. Checking should be.