The state of AI-capability security
Most registries never read the code they list. We extract and read the source of every capability, then grade it on a two-axis model: only malicious or tampered code lowers the score, while dangerous-by-capability traits (shell, network, injection strings, pickle) are surfaced as risk surface. Here is what reading 246 real capabilities shows — computed live from the current scans.
Grades: 173 A · 0 B · 0 C · 73 D. 54 awaiting scan (source too large to fetch).
What these code-executing capabilities can actually do, from static analysis of their source. This is the surface an agent grants when it installs one — and what an install-time policy should gate on.
Every verdict is reproducible on the listing Security tab, and agents can query it before installing: GET /api/v1/trust/{slug}.