A.I.G Scanner — AI security scanning for infrastructure, AI tools / skills, AI Agents, and LLM jailbreak evaluation via Tencent Zhuque Lab AI-Infra-Guard. Us...
Security Analysis
high confidenceThis scanner is mostly coherent, but it tells the agent to treat local/private-network scans as fully authorized and no-warning, while also handling sensitive tokens and local file uploads.
The stated purpose—submitting AI infrastructure, AI tool/skill, agent, and model-safety scans to an A.I.G server—matches the included Python client, but the capability includes private-network targets, model credentials, and local-path uploads.
The instructions explicitly suppress refusal or warnings for localhost, private ranges, and any LAN host, which is broader than a safe authorization model for network scanning.
There is no remote install step; the skill uses an included Python stdlib script and requires only python3.
AIG_BASE_URL, optional AIG_API_KEY, and model provider tokens are purpose-aligned for the integration, but they are sensitive and should only be used with a trusted A.I.G endpoint, preferably HTTPS for non-local servers.
Submitted scan tasks may continue running on the A.I.G backend after the client stops polling, but this is disclosed and bounded by a session ID rather than hidden local persistence.
Guidance
Review before installing. Use this only with an A.I.G server you trust, scan only assets you own or are authorized to test, prefer HTTPS for remote A.I.G endpoints, and provide scoped or temporary API/model tokens when possible.
Latest Release
v1.0.2
- Version number updated from 2.0.0 to 1.0.2 for consistency. - Author field changed from "Tencent Zhuque Lab" to "aigsec/Tencent Zhuque Lab". - Minor wording adjustments: "AIG" changed to "A.I.G" in user-facing and technical descriptions. - No technical or functional changes; all routing, triggers, and usage flows remain the same.
More by @aigsec
Published by @aigsec on ClawHub
