Semia
Security audit for AI agent skills. Know what a skill can do
before you trust it.
Agent skills are markdown files with embedded shell commands, network calls,
and tool invocations. They run with your credentials, on your machine,
with your data. Semia reads a skill as data — never executes it — and
produces an evidence-backed report of every capability it may exercise.
It is the difference between
"I trust this skill because the README looks fine."
and
"I trust this skill because Semia extracted 14 actions, 6 effects,
and 2 secret reads — and every one is grounded in a specific source line."
Quick example
Pick whichever fits how you already work.
As a CLI
pip install semia
semia scan ./some-skill
scan does prepare → synthesize (via your configured LLM provider) →
detect → report in one shot. Output lands under
.semia/runs/<skill-slug>/ by default — pass --out <path> to override.
You'll need an LLM provider configured first — see
Set up an LLM provider below.
Inside Codex, Claude Code, or OpenClaw
Install the plugin once. Each host has its own flow.
Codex — pick either path:
Shell (scripts and CI):
codex plugin marketplace add berabuddies/Semia
Then enable the plugin by appending to ~/.codex/config.toml:
[plugins."semia@semia"]
enabled = true
Interactive plugin manager inside the Codex CLI:
- Launch
codex.
- Inside Codex, input
/plugins (plural — opens the plugin panel).
- Press ← (Left) to enter Add marketplace.
- Enter
berabuddies/Semia.
- Back in the plugin panel, toggle
semia on from the
newly-added marketplace.
Claude Code — pick either path:
Shell (one-liner):
claude plugin marketplace add berabuddies/Semia
Interactive plugin manager inside the Claude Code CLI:
- Launch
claude.
- Inside Claude Code, input
/plugins (plural — opens the plugin panel).
- Press → (Right) twice and select Add Marketplace.
- Enter
berabuddies/Semia.
Either path registers the marketplace; finish installing semia from
the panel or with claude plugin install semia@semia.
OpenClaw — one shell command registers the marketplace and installs:
openclaw plugins install clawhub:semia
Then in any chat with the host agent just ask:
Run Semia audit on ./some-skill
The host agent itself acts as the synthesize step — no API key needed.
The bundled semia.pyz handles prepare / detect / report deterministically.
Outputs
You get report.md — findings ranked by severity, every one tied to a
specific source line. Need SARIF 2.1.0
for GitHub Code Scanning, or structured JSON for downstream tooling? One
more command:
semia report .semia/runs/some-skill --format sarif # for GitHub Code Scanning
semia report .semia/runs/some-skill --format json # structured payload
Set up an LLM provider
semia scan needs an LLM for the synthesize step (the other three
stages are deterministic, no key required). If you run Semia via a host
plugin (Codex / Claude Code / OpenClaw) skip this — the host agent already
does synthesize for you.
Four providers are supported. Pick one and export its credentials:
# OpenAI Responses API — default; also works for DeepSeek / OpenRouter / vLLM
export OPENAI_API_KEY=sk-...
# optional: export OPENAI_BASE_URL=https://api.deepseek.com/v1
# Anthropic Messages API
export SEMIA_LLM_PROVIDER=anthropic
export ANTHROPIC_API_KEY=sk-ant-...
# optional: export ANTHROPIC_BASE_URL=https://api.anthropic.com
# Locally-installed Claude Code CLI (uses your Claude Code login)
export SEMIA_LLM_PROVIDER=claude
# Locally-installed Codex CLI (uses your Codex login)
export SEMIA_LLM_PROVIDER=codex
Override the model with --model <name> on any semia scan invocation, or
persist it via SEMIA_LLM_MODEL. Models are free-form strings — anything
the endpoint accepts (gpt-5.5, deepseek-v4, claude-opus-4-7, …).
See Configuration for the full provider matrix, base-URL
support, timeout/retry knobs, and synthesis-loop tuning.
What you get
A run writes everything under .semia/runs/<run-id>/. Most users only
ever open the reports:
