v0.2.0 — Full AVE coverage, LiteLLM Stage 2, --watch #17
chaksaray
announced in
Announcements
Replies: 0 comments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Uh oh!
There was an error while loading. Please reload this page.
-
Bawbel Scanner v0.2.0
Open-source CLI scanner for agentic AI components — SKILL.md files, MCP servers, system prompts, and plugins.
Install
What's new in v0.2.0
Full AVE ID coverage — 15/15 rules
Every pattern rule now maps to a published AVE record. All findings in scan output show a linked AVE ID instead of
—.New records added:
AVE-2026-00009— AI identity jailbreak (HIGH 8.3)AVE-2026-00010— Covert instruction concealment (HIGH 7.9)AVE-2026-00011— Dynamic tool call injection (HIGH 8.2)AVE-2026-00012— False permission grant (HIGH 7.8)AVE-2026-00013— PII exfiltration (HIGH 8.0)AVE-2026-00014— Trust escalation / authority impersonation (MEDIUM 6.5)AVE-2026-00015— System prompt extraction (MEDIUM 6.2)LLM Stage 2 — any provider via LiteLLM
Semantic analysis that catches nuanced injections regex cannot. Works with any LiteLLM-supported provider.
Supported providers:
claude-haiku-4-5-20251001(default)gpt-4o-miniBAWBEL_LLM_MODELbawbel scan --watchFile watcher for development — re-scans automatically on every change.
Semgrep fixed
Fixed
code=7error on semgrep v1.159.0 caused by YAML escaping and float metadata values inave_rules.yaml. Also fixed the URL fetch regex which missed natural language patterns.Full detection coverage
All 15 rules mapped to AVE records at github.com/bawbel/bawbel-ave
Documentation
Full docs at bawbel.io/docs
Contributing
See CONTRIBUTING.md. Detection rule contributions welcome. Every accepted AVE record earns a $10 researcher bounty.
Report security issues privately: bawbel.io@gmail.com
This discussion was created from the release v0.2.0 — Full AVE coverage, LiteLLM Stage 2, --watch.
Beta Was this translation helpful? Give feedback.
All reactions