# Sigil > Quarantine and scan every repo, package, and MCP server before it runs. Sigil is a free, open-source CLI that scans AI agent code for supply chain threats. Eight-phase static analysis in under 3 seconds. Built by [NOMARK](https://nomark.ai). ## What Sigil Does - Scans npm, PyPI, ClawHub, and GitHub packages for malicious patterns - Detects install hooks, credential exfiltration, obfuscation, prompt injection - Quarantines code before it touches your system - Returns structured verdicts: LOW RISK, MEDIUM RISK, HIGH RISK, CRITICAL RISK - Runs as a CLI, MCP server, Claude Code plugin, or CI/CD step ## Install ``` curl -sSL https://sigilsec.ai/install.sh | sh ``` ``` brew install nomark/tap/sigil ``` ## Docs - [Quick Start](https://sigilsec.ai/docs/quickstart): Install and scan your first package in under 60 seconds - [CLI Reference](https://sigilsec.ai/docs/cli): Every command, flag, and exit code - [API Reference](https://sigilsec.ai/docs/api): REST API for Pro and Team subscribers - [MCP Server Integration](https://sigilsec.ai/docs/mcp): Six tools for AI agent supply chain security - [Claude Code Plugin](https://sigilsec.ai/docs/claude-code): Slash commands and agents for Claude Code - [CI/CD Integration](https://sigilsec.ai/docs/cicd): GitHub Actions, GitLab CI, Jenkins, CircleCI - [Configuration](https://sigilsec.ai/docs/configuration): Environment variables, config files, ignore patterns - [Troubleshooting](https://sigilsec.ai/docs/troubleshooting): Common issues and FAQ ## Pricing - **Open Source**: Free — all 8 scan phases, full CLI - **Pro**: $29/mo — cloud threat intelligence, web dashboard - **Team**: $99/mo — up to 25 seats, CI/CD integration ## Threat Intelligence - [Scan Database](https://sigilsec.ai/scans): Browse automated scan results across npm, PyPI, ClawHub, GitHub - [Threat Database](https://sigilsec.ai/threats): Known supply chain threats and malicious patterns - [Case Studies](https://sigilsec.ai/case-studies): Real-world attack analysis (OpenClaw, Shai-Hulud, MUT-8694) - [Methodology](https://sigilsec.ai/methodology): How Sigil's eight-phase scan works - [Blog](https://sigilsec.ai/blog): Security research and threat intelligence - [Threat RSS Feed](https://sigilsec.ai/feed.xml) ## MCP Server (for AI agents) Sigil runs as an MCP server with 6 tools for AI agent supply chain security: - `sigil_scan` — scan a local file or directory - `sigil_scan_package` — download and scan an npm or PyPI package - `sigil_clone` — clone and scan a git repository into quarantine - `sigil_quarantine` — list all quarantined items - `sigil_approve` — release a quarantined item for use - `sigil_reject` — permanently delete a quarantined item ## Eight Scan Phases 1. **Install Hooks** (10x weight) — setup.py cmdclass, npm postinstall, Makefile targets 2. **Code Patterns** (5x weight) — eval(), exec(), pickle.loads, child_process 3. **Network / Exfiltration** (3x weight) — outbound HTTP, webhooks, sockets, DNS tunnelling 4. **Credentials** (2x weight) — ENV vars, .aws, .kube, SSH keys, API key patterns 5. **Obfuscation** (5x weight) — Base64, charCode, hex encoding, minified payloads 6. **Provenance** (1-3x weight) — git history, author count, binary files, hidden files 7. **Prompt Injection** (10x weight) — AI agent instruction injection, system prompt overrides 8. **Skill Security** (5x weight) — MCP permission escalation, undeclared tool capabilities ## Scan Attestations Every scan is cryptographically signed (Ed25519, in-toto/DSSE) and recorded in the Sigstore Rekor transparency log. Verify any scan result: - Fetch attestation: `GET /api/v1/attestation/{scan_id}` - Verify signature: `GET /api/v1/verify?scan_id={scan_id}` - Public keys: https://sigilsec.ai/.well-known/sigil-verify.json ## Links - [GitHub](https://github.com/NOMARJ/sigil) - [Agent Card](https://sigilsec.ai/.well-known/agent-card.json): A2A protocol agent discovery (machine-readable) - [Changelog](https://sigilsec.ai/changelog) - [Roadmap](https://sigilsec.ai/roadmap) - [About NOMARK](https://sigilsec.ai/about) - [Security Policy](https://sigilsec.ai/security) - [Privacy Policy](https://sigilsec.ai/privacy) - [Terms of Service](https://sigilsec.ai/terms) ## Full Reference See [llms-full.txt](https://sigilsec.ai/llms-full.txt) for complete CLI commands, API endpoints, MCP tool schemas, configuration options, and verdict system details.