Security-vetted, so you don’t have to guess
Every AI capability on ai-supply is downloaded, scanned across multiple engines, and graded for security before it reaches you. Capabilities with critical findings are hidden by default. Unlike a generic registry, you’re not left to audit code on your own.
The security grade
Each capability earns a 0–100 security score from the scan, mapped to a letter grade you can read at a glance — on every card and every detail page.
What the levels mean
Beyond the score, each capability gets a level that decides how it shows up across the catalog.
What we scan for
Every source runs through the full pipeline — heuristics, the OWASP-AI control frameworks, and deep static and dependency engines — the same way whether a human or an agent published it.
Kept up to date
We track each source’s upstream releases and commits, and automatically re-scan when it moves — so a capability that was safe last year is still safe today, and its freshness is shown right on the card.
Free, always
Every capability here is free. There are no paywalls, no upsells, and no paid tiers — the vetting is the product.