@getvetai/cli 0.2.0 → 0.3.0

package/README.md

@@ -1,8 +1,8 @@
 # @getvetai/cli
 
-Security audit CLI for AI skills and MCP servers. Scan, audit, and score tools before you install them.
+Security audit CLI for AI skills and MCP servers. Scan, audit, and discover tools before you install them.
 
-🌐 **Registry:** [getvet.ai](https://getvet.ai) — 12,000+ AI tools cataloged and scored
+🌐 **Registry:** [getvet.ai](https://getvet.ai) — 20,000+ AI tools cataloged and scored
 
 ## Install
 
@@ -10,58 +10,49 @@ Security audit CLI for AI skills and MCP servers. Scan, audit, and score tools b
 npm install -g @getvetai/cli
 ```
 
-## What's New in v0.2.0
+Or run without installing:
 
-- **Registry integration** — instant results for known tools from the getvet.ai catalog
-- **Expanded MCP config discovery** — Claude, Cursor, VS Code, Windsurf, Cline, Zed, Continue, OpenClaw
-- **`--offline` flag** — skip registry lookup for air-gapped environments
-- **`--deep` flag** — request a deep scan from the registry
-- **Better display** — trust score bars, registry links, badge indicators
+```bash
+npx @getvetai/cli scan .
+```
+
+## What's New in v0.3.0
+
+- **`vet find --limit <n>`** — control how many results to return (default: 10, max: 48)
+- **`vet find --type <type>`** — filter by `skill`, `mcp`, or `all`
+- **20,000+ tools** in the registry (up from 12K) — now indexing 10 sources including Smithery, mcp.so, MCP Registry, PyPI, npm, GitHub, and more
 
 ## Commands
 
 ### `vet scan <target>`
 
-Scan a single tool for security issues. Accepts file paths, URLs, npm packages, or GitHub repos.
-
-For npm packages, the CLI first checks the getvet.ai registry for existing scan results. If a deep scan is available, it returns instantly without local analysis.
+Scan a tool for security issues. Checks the [getvet.ai](https://getvet.ai) registry first for instant results.
 
 ```bash
 # Scan an npm package (checks registry first)
 vet scan @modelcontextprotocol/server-filesystem
 
-# Skip registry, local analysis only
+# Local analysis only (skip registry)
 vet scan @modelcontextprotocol/server-filesystem --offline
 
 # Request a deep scan from registry
 vet scan @modelcontextprotocol/server-filesystem --deep
 
-# Scan a local SKILL.md
-vet scan ./my-skill/SKILL.md
+# Scan a local project
+vet scan ./my-mcp-server
 
 # Scan a GitHub repo
 vet scan https://github.com/modelcontextprotocol/servers
 
-# Output JSON
+# JSON output
 vet scan ./SKILL.md --json
 ```
 
-**Output includes:** trust score, badge (certified/reviewed/unverified/flagged), detected permissions, security issues, risk factors, tools list, and registry link.
-
 ### `vet audit [path]`
 
-Audit all AI tools in a project. Discovers tools from:
+Audit all AI tools in a project. Auto-discovers MCP configurations from:
 
-- `package.json` (MCP dependencies)
-- Cursor (`.cursor/mcp.json`)
-- Claude Desktop (`claude_desktop_config.json`)
-- VS Code (`settings.json` → `mcp.servers`)
-- Windsurf (`mcp.json`)
-- Cline (`mcp_settings.json`)
-- Zed (`settings.json` → `mcp`)
-- Continue (`config.json` → `mcpServers`)
-- OpenClaw (`openclaw.json`)
-- `SKILL.md` files
+**Claude Desktop** · **Cursor** · **VS Code** · **Windsurf** · **Cline** · **Zed** · **Continue** · **OpenClaw**
 
 ```bash
 # Audit current directory
@@ -70,7 +61,7 @@ vet audit
 # Audit a specific project
 vet audit ./my-project
 
-# Strict mode — exit code 1 if any tool is unverified or flagged
+# Strict mode — exit 1 if any tool is unverified/flagged
 vet audit --strict
 
 # JSON output
@@ -79,12 +70,18 @@ vet audit --json
 
 ### `vet find <query>`
 
-Search the getvet.ai registry by description.
+Search the getvet.ai registry for tools by description.
 
 ```bash
 # Search for tools
-vet find "file management"
-vet find "database query tool"
+vet find "web scraping"
+vet find "database access"
+
+# Limit results
+vet find "browser automation" --limit 20
+
+# Filter by type
+vet find "file management" --type mcp
 
 # JSON output
 vet find "weather" --json
@@ -92,17 +89,14 @@ vet find "weather" --json
 
 ### `vet install <package>`
 
-Install a package with a pre-install security audit. Shows the security report and asks for confirmation if the tool is flagged.
+Install a package with a pre-install security audit.
 
 ```bash
-# Audit + install npm package
+# Audit + install
 vet install @modelcontextprotocol/server-github
 
 # Install globally
 vet install -g some-mcp-server
-
-# Install as OpenClaw skill
-vet install --skill weather
 ```
 
 ## Trust Scores
@@ -110,18 +104,21 @@ vet install --skill weather
 | Score | Badge | Meaning |
 |-------|-------|---------|
 | 75+ | ✅ Certified | No critical issues, good practices |
-| 50-74 | 🔍 Reviewed | Some concerns, use with caution |
-| 25-49 | ⚠️ Unverified | Not yet reviewed or limited info |
-| 0-24 | 🚫 Flagged | Critical security issues found |
+| 50–74 | 🔍 Reviewed | Some concerns, use with caution |
+| 25–49 | ⚠️ Unverified | Not yet reviewed or limited info |
+| 0–24 | 🚫 Flagged | Critical security issues found |
 
 ## What It Detects
 
-**Permissions:** shell execution, file read/write, network access, browser control, message sending, device access (camera, screen, location), database queries, crypto operations.
+- **Permissions:** shell execution, file I/O, network access, browser control, database queries, crypto operations
+- **Security issues:** destructive commands, remote code execution, dynamic eval, credential patterns, elevated privileges
+- **MCP-specific:** tool parameter analysis, transport detection (stdio/http/sse), runtime detection
 
-**Security Issues:** destructive commands (`rm -rf`), remote code execution (`curl | bash`), dynamic code eval, credential patterns, elevated privileges (`sudo`), permissive file permissions.
+## Links
 
-**MCP-specific:** tool parameter analysis, transport detection (stdio/http/sse), runtime detection, environment variable scanning.
+- 🌐 [getvet.ai](https://getvet.ai) — Browse the registry
+- 📦 [npm](https://www.npmjs.com/package/@getvetai/cli) — Package page
 
 ## License
 
-MIT — [getvet.ai](https://getvet.ai)
+MIT

package/dist/commands/find.d.ts

@@ -1,3 +1,5 @@
 export declare function findCommand(query: string, options: {
     json?: boolean;
+    limit?: string;
+    type?: string;
 }): Promise<void>;

package/dist/commands/find.js

@@ -4,7 +4,7 @@ import { displayFindResults } from '../utils/display.js';
 export async function findCommand(query, options) {
     const spinner = ora(`Searching "${query}"...`).start();
     try {
-        const items = await searchTools(query);
+        const items = await searchTools(query, { limit: Number(options.limit) || 10, type: options.type });
         const results = items.map((x) => ({
             name: x.name,
             slug: x.slug,

package/dist/index.js

@@ -30,6 +30,8 @@ program
     .command('find')
     .description('Search for tools by description')
     .argument('<query>', 'Natural language search query')
+    .option('--limit <n>', 'Max results to return (default: 10, max: 48)', '10')
+    .option('--type <type>', 'Filter by type: skill, mcp, or all (default: all)')
     .option('--json', 'Output JSON')
     .action(findCommand);
 program

package/dist/utils/api.d.ts

@@ -1,3 +1,6 @@
 export declare function lookupTool(slug: string): Promise<any | null>;
-export declare function searchTools(query: string): Promise<any[]>;
+export declare function searchTools(query: string, options?: {
+    limit?: number;
+    type?: string;
+}): Promise<any[]>;
 export declare function requestDeepScan(slug: string): Promise<any | null>;

package/dist/utils/api.js

@@ -2,7 +2,7 @@ const API_BASE = 'https://getvet.ai';
 export async function lookupTool(slug) {
     try {
         const resp = await fetch(`${API_BASE}/api/skills/${encodeURIComponent(slug)}`, {
-            headers: { 'User-Agent': 'vet-cli/0.2.0' },
+            headers: { 'User-Agent': 'vet-cli/0.3.0' },
             signal: AbortSignal.timeout(5000),
         });
         if (resp.ok)
@@ -13,10 +13,14 @@ export async function lookupTool(slug) {
         return null;
     }
 }
-export async function searchTools(query) {
+export async function searchTools(query, options) {
     try {
-        const resp = await fetch(`${API_BASE}/api/skills/search?q=${encodeURIComponent(query)}`, {
-            headers: { 'User-Agent': 'vet-cli/0.2.0' },
+        const limit = Math.min(Math.max(Number(options?.limit) || 10, 1), 48);
+        const params = new URLSearchParams({ q: query, limit: String(limit) });
+        if (options?.type && options.type !== 'all')
+            params.set('type', options.type);
+        const resp = await fetch(`${API_BASE}/api/skills/search?${params}`, {
+            headers: { 'User-Agent': 'vet-cli/0.3.0' },
             signal: AbortSignal.timeout(5000),
         });
         if (resp.ok) {
@@ -33,7 +37,7 @@ export async function requestDeepScan(slug) {
     try {
         const resp = await fetch(`${API_BASE}/api/tools/${encodeURIComponent(slug)}/deep-scan`, {
             method: 'POST',
-            headers: { 'User-Agent': 'vet-cli/0.2.0', 'Content-Type': 'application/json' },
+            headers: { 'User-Agent': 'vet-cli/0.3.0', 'Content-Type': 'application/json' },
             signal: AbortSignal.timeout(10000),
         });
         if (resp.ok)

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@getvetai/cli",
-  "version": "0.2.0",
+  "version": "0.3.0",
   "description": "Security audit CLI for AI skills and MCP servers — scan, audit, and score tools before you install them",
   "type": "module",
   "license": "MIT",
@@ -12,13 +12,7 @@
     "README.md",
     "LICENSE"
   ],
-  "repository": {
-    "type": "git",
-    "url": "https://github.com/getvetai/vet.git",
-    "directory": "cli"
-  },
   "homepage": "https://getvet.ai",
-  "bugs": "https://github.com/getvetai/vet/issues",
   "keywords": [
     "ai",
     "security",