SuperLocalMemory Logo
SuperLocalMemory
v0.3.1 — 22 Frameworks

Formal Verification
for Every Agent Framework

22 frameworks. One command. Mathematical proof that your agent skills are safe. Not just scanning — formal verification with soundness guarantees.

terminal
$ pip install skillfortify $ skillfortify scan
Get Started Read the Paper GitHub
1,818
Tests
22
Frameworks
96.95%
F1 Score
0%
False Positives
540
Benchmark Skills
MIT
License

Agent Skills Are the New npm Packages.
The Supply Chain Is Already Under Attack.

The Attack

In January 2026, ClawHavoc planted 1,200+ malicious skills into the largest AI agent marketplace. Data exfiltration. Credential theft. Remote code execution.

CVE-2026-25253 — First RCE in Agent Software

Researchers catalogued 6,000+ malicious tools that traditional security scanners cannot detect. The attack surface grows with every framework and marketplace.

The Gap

The industry responded with 12+ heuristic scanners in February 2026 alone. Pattern matching. LLM-as-judge. YARA rules. Regex. They all share the same limitation:

"No findings does not mean no risk."

Using a heuristic scanner for agent security is like using a spell-checker when you need a type system. It catches known mistakes but cannot prove correctness.

SkillFortify is the type system for agent skills.

Not heuristics. Not pattern matching. Formal verification with five mathematical soundness theorems.

Auto-Discovery

One Command.
Every AI Tool on Your System.

skillfortify — system scan
$ skillfortify scan
[*] Auto-discovering AI tools on system...
[+] Found: Claude Code (12 skills)
[+] Found: Cursor (8 skills)
[+] Found: VS Code MCP (5 servers)
[+] Found: Windsurf (3 skills)
[+] Found: n8n (4 workflows)
[*] Scanning 32 skills across 5 tools...
RESULTS
Critical: 2 skills with capability violations
High: 4 skills with excessive permissions
Medium: 6 skills with unverified provenance
Low: 3 skills with minor issues
Clean: 17 skills passed all checks

Run skillfortify scan with no arguments. It automatically discovers every AI agent tool installed on your machine — Claude Code, Cursor, VS Code, Windsurf, Gemini, and 17 more.

No paths. No configuration files. No setup. Just run it.

23+
IDE Profiles
22
Frameworks

New framework released yesterday? SkillFortify's auto-discovery finds it. No waiting for updates. No manual configuration.

Nine Commands

Complete Supply Chain Security

Scan

$ skillfortify scan

Auto-discover and analyze every AI agent skill on your system. No arguments needed — finds Claude Code, Cursor, VS Code, and 19 more automatically.

Verify

$ skillfortify verify ./skills/deploy.md

Formally verify a single skill against its capability declaration. Returns a detailed report with findings categorized by severity.

Lock

$ skillfortify lock ./my-agent

Generate skill-lock.json for reproducible, auditable agent configurations across environments.

Trust

$ skillfortify trust ./skills/deploy.md

Compute formal trust scores with provenance, behavioral analysis, and community signals. Trust propagates through dependency chains.

SBOM

$ skillfortify sbom ./my-agent

Generate CycloneDX 1.6 Agent Skill Bill of Materials. Lists every skill, version, capabilities, dependencies, and trust level.

Frameworks

$ skillfortify frameworks

List all 22 supported frameworks and their detection status on your system. Shows installed locations and skill counts.

Dashboard

$ skillfortify dashboard ./my-agent

Generate a standalone HTML security dashboard. Interactive report with filters, risk charts, and capabilities matrix. Share as one file.

Registry Scan

$ skillfortify registry-scan --source mcp

Scan MCP registry, PyPI, and npm for malicious skills before you install them. Catch threats before they reach your system.

Batch Verify

$ skillfortify verify ./skills/ --recursive

Recursively verify every skill in a directory tree. Parallel analysis with aggregated results. Ideal for CI/CD pipelines.

Security Dashboard

One File. Zero Dependencies.

Interactive Security Report

Generate a complete security report as a standalone HTML file. No server. No SaaS subscription. Just open it in your browser.

$ skillfortify dashboard ./my-agent

Share the HTML file with your security team. They don't need to install anything. One file tells the full story of your agent supply chain security posture.

Risk distribution overview
Interactive filters by framework & severity
Capabilities matrix per skill
Per-skill drill-down with findings
Export-ready for compliance audits
Works offline — no server required
96.95%
F1 Score
100%
Precision
94.07%
Recall
~2.5ms
Per Skill
22
Frameworks
540
Benchmark Skills
1,818
Tests
9
CLI Commands
Universal Support

22 Frameworks. Every Major Platform.

Claude Code
Cursor
VS Code
Windsurf
Gemini
OpenCode
Cline
Continue
Copilot
n8n
Roo
Trae
Kiro
Kode
Jules
Junie
Codex
SuperVS
Zencoder
CommandCode
Factory
Qoder

+ auto-discovery of unknown tools — new framework released yesterday? SkillFortify finds it across 23+ IDE profiles without any update needed.

Comparison

How SkillFortify Compares

Feature SkillFortify Snyk agent-scan Cisco skill-scanner Other Scanners
Formal Verification
Soundness Theorems 5 theorems None None None
False Positive Rate 0% Not published Not published Varies
Agent Frameworks 22 Unknown 2-3 1-2
System Auto-Discovery
HTML Dashboard
Dependency Graph (SAT) Partial
Lockfile Generation
Trust Score Algebra
CycloneDX ASBOM Partial
Registry Scanning MCP, PyPI, npm Unknown
Peer-Reviewed Paper
Open Source Some
"No findings ≠ no risk" caveat No — soundness proven N/A Yes (stated in docs) Yes
Trust Framework

Graduated Trust for Agent Skills

Inspired by SLSA (Supply-chain Levels for Software Artifacts), adapted for the agent skills ecosystem.

L0

UNSIGNED

No provenance information. Unknown origin. Treat as untrusted.

HIGH RISK
L1

SIGNED

Cryptographic signature from a known author. Identity verified.

MODERATE
L2

COMMUNITY VERIFIED

Signed + behavioral analysis passed + community review threshold met.

LOW RISK
L3

FORMALLY VERIFIED

Mathematical guarantee that the skill cannot exceed declared capabilities.

MINIMAL
Enterprise Ready

Enterprise-Grade Agent
Supply Chain Security

Compliance Ready

Built for the regulatory frameworks governing AI in production.

EU AI Act (Article 15)
NIST AI RMF
Executive Order 14028

CycloneDX ASBOM

Machine-readable Agent Software Bill of Materials for every project.

CycloneDX 1.6 format
JSON + XML output
Integrates with existing SBOM tooling

CI/CD + Dashboard

Drop into your pipeline. Share interactive HTML reports with your security team.

Exit codes for CI gates
Lockfile + SBOM verification
Standalone HTML dashboard
Formal Methods

Grounded in
Formal Methods Research

SkillFortify: Formal Analysis and Supply Chain Security for Agentic AI Skills

Varun Pratap Bhardwaj, 2026

DOI: 10.5281/zenodo.18787663

Read on Zenodo
T1

Attacker Completeness

The DY-Skill threat model captures all possible symbolic attacks on the skill supply chain. Any real-world attack maps to a sequence of operations in the model.

T2

Analysis Soundness

If SkillFortify reports no capability violations, the skill provably does not exceed its declared capabilities. No false negatives for capability-level threats.

T3

Non-Amplification

A skill executing within SkillFortify's capability sandbox cannot acquire capabilities beyond those explicitly granted. Authority cannot be amplified.

T4

Resolution Soundness

If the dependency resolver finds a valid configuration, all version constraints, conflict constraints, and security bounds are satisfied simultaneously.

T5

Trust Monotonicity

Adding positive evidence to a skill's trust assessment never decreases its trust score. Trust propagation through dependency chains preserves ordering.

Research Portfolio

Part of the AgentAssert Research Suite

AgentAssert

Behavioral Contracts

How to SPECIFY and ENFORCE agent behavior. Design-by-Contract for autonomous AI agents. Published on Zenodo and arXiv.

arXiv:2602.22302

SkillFortify

Supply Chain Security

How to VERIFY and SECURE the agent supply chain. 22 frameworks. 1,818 tests. Zero false positives.

YOU ARE HERE

SuperLocalMemory

Agent Memory

Privacy-preserving multi-agent memory with adaptive learning. Local-first, zero cloud dependencies.

Explore
Get Started in 30 Seconds

Quick Start

skillfortify — quick start
# 1. Install SkillFortify
$ pip install skillfortify
# 2. Scan your entire system (auto-discovers all AI tools)
$ skillfortify scan
# 3. Or scan a specific project
$ skillfortify scan ./my-agent-project
# 4. Verify a specific skill formally
$ skillfortify verify ./skills/deploy.md
# 5. Generate a visual security dashboard
$ skillfortify dashboard ./my-agent-project
# 6. Lock your configuration for reproducibility
$ skillfortify lock ./my-agent-project
# 7. Check trust level and provenance
$ skillfortify trust ./skills/deploy.md
# 8. Generate compliance ASBOM
$ skillfortify sbom ./my-agent-project --format cyclonedx
# 9. Scan registries before installing
$ skillfortify registry-scan --source mcp

Requires Python 3.11+. No cloud dependencies. No API keys. Runs entirely on your machine.

$ pip install skillfortify
GitHub PyPI Paper (DOI: 10.5281/zenodo.18787663) Wiki (12 pages)

Built by Varun Pratap Bhardwaj · Part of the AgentAssert Research Suite

Star on GitHub
COMMON QUESTIONS

Frequently Asked Questions

What is SkillFortify?

+
SkillFortify is a formal verification tool for AI agent skills that supports 22 agent frameworks. It auto-discovers every AI tool on your system and mathematically proves that agent skills cannot exceed their declared capabilities — protecting against supply chain attacks with soundness guarantees.

How is SkillFortify different from regular security scanners?

+
Traditional scanners use heuristic pattern matching — they only catch what they've seen before. SkillFortify uses formal verification with five mathematical soundness theorems. If SkillFortify says a skill is safe, it provably cannot exceed its capabilities. Zero false positives across 540-skill benchmarks.

Which agent frameworks does SkillFortify support?

+
SkillFortify supports 22 frameworks including Claude Code, Cursor, VS Code, Windsurf, Gemini, OpenCode, Cline, Continue, Copilot, n8n, Roo, Trae, Kiro, Kode, Jules, Junie, Codex, SuperVS, Zencoder, CommandCode, Factory, and Qoder. Plus auto-discovery of unknown tools across 23+ IDE profiles.

Is SkillFortify free?

+
Yes, completely free and open source under MIT license. Install with pip install skillfortify. No cloud dependencies, no API keys, no subscription required.

What is the auto-discovery feature?

+
Run skillfortify scan with no arguments. It automatically finds every AI agent tool installed on your machine by checking 23+ IDE profiles and configuration paths. No paths, no config files, no setup — just run it.

Can I use SkillFortify in CI/CD pipelines?

+
Yes. SkillFortify analyzes skills at ~2.5ms each, making it fast enough for CI gates. It supports exit codes for pass/fail, JSON/SARIF output formats, lockfile verification, and batch processing with recursive directory scanning.