aegis-bridge Security Report — Trusted | ClawSafe

5 /100

aegis-bridge

Orchestrate Claude Code sessions via Aegis HTTP/MCP bridge

A well-documented orchestration skill for managing local Claude Code sessions via a localhost HTTP API bridge. All capabilities are declared, all operations are local, and no malicious patterns detected.

Skill Nameaegis-bridge

Duration36.1s

Enginepi

✓

Safe to install

This skill is safe to use. No security concerns identified.

Resource	Declared	Inferred	Status	Evidence
Network	`READ`	`READ`	✓ Aligned	SKILL.md: All HTTP calls to http://127.0.0.1:9100
Shell	`WRITE`	`WRITE`	✓ Aligned	scripts/health-check.sh, scripts/setup-mcp.sh
Filesystem	`READ+WRITE`	`READ+WRITE`	✓ Aligned	setup-mcp.sh writes to ~/.claude/settings.json
Environment	`NONE`	`NONE`	—	No environment access detected
Skill Invoke	`NONE`	`NONE`	—	No cross-skill invocation
Clipboard	`NONE`	`NONE`	—	No clipboard access
Browser	`NONE`	`NONE`	—	No browser automation
Database	`NONE`	`NONE`	—	No database access

8 findings

🔗

Medium External URL 外部 URL

http://127.0.0.1:9100/v1/health

SKILL.md:12

🔗

Medium External URL 外部 URL

http://127.0.0.1:9100/v1/sessions

SKILL.md:27

🔗

Medium External URL 外部 URL

http://127.0.0.1:9100/v1/sessions/$SID/send

SKILL.md:42

🔗

Medium External URL 外部 URL

http://127.0.0.1:9100/v1/sessions/$SID/read

SKILL.md:52

🔗

Medium External URL 外部 URL

http://127.0.0.1:9100/v1/sessions/$SID

SKILL.md:87

🔗

Medium External URL 外部 URL

http://127.0.0.1:9100

references/api-quick-ref.md:3

🔗

Medium External URL 外部 URL

http://127.0.0.1:9100/v1/sessions/$SID/approve

references/heartbeat-template.md:53

🔗

Medium External URL 外部 URL

http://127.0.0.1:9100/v1/sessions/$SID/pane

references/heartbeat-template.md:69

File Tree

6 files · 17.8 KB · 566 lines

Markdown 4f · 487L Shell 2f · 79L

├─ ▾ 📁 references

│ ├─ 📝 agent-template.md Markdown 61L · 1.6 KB

│ ├─ 📝 api-quick-ref.md Markdown 115L · 3.8 KB

│ └─ 📝 heartbeat-template.md Markdown 103L · 3.0 KB

├─ ▾ 📁 scripts

│ ├─ 🔧 health-check.sh Shell 32L · 791 B

│ └─ 🔧 setup-mcp.sh Shell 47L · 1.3 KB

└─ 📝 SKILL.md Markdown 208L · 7.4 KB

Security Positives

✓ All network requests are localhost-only (127.0.0.1:9100) - no external connectivity

✓ All shell scripts have clear, documented purposes (health check, MCP setup)

✓ File writes are confined to user config files (~/.claude/settings.json) and are declared

✓ No credential harvesting or sensitive path access (~/.ssh, ~/.aws, .env)

✓ No base64 encoding, eval(), or obfuscated code

✓ No remote code execution patterns (curl|bash, wget|sh)

✓ No hidden functionality - all 21 MCP tools and HTTP endpoints are documented

✓ Includes stall detection and proper session cleanup guidance

Scan Report

File Tree

Security Positives