bumblebee 是做什麼的?
A read-only supply chain scanner for checking dependencies, MCP servers, and editor extensions for malicious packages.
一個唯讀的供應鏈掃描器,用於檢查依賴項、MCP 伺服器和編輯器擴充功能中是否存在惡意套件。
PerplexityAI 的 Bumblebee 是一個專注於軟體供應鏈安全的唯讀掃描工具。它能自動檢查專案中的各種依賴項,包括 npm、PyPI 等常見套件管理器的依賴、MCP 伺服器以及編輯器擴充功能,偵測其中是否包含已知的惡意或可疑套件。此工具旨在幫助開發人員在將第三方程式碼整合到專案之前,識別潛在的安全威脅,例如惡意軟體、後門或資料竊取行為。Bumblebee 支援多種平台與生態系統,可透過 CLI 或 CI/CD 管道輕鬆整合。其工作原理是查閱已知的惡意套件資料庫和行為分析,以提供準確的掃描結果,而不會修改任何檔案或系統設定,從而確保僅以唯讀方式操作,降低誤報與誤刪的風險。對於注重供應鏈安全的團隊而言,Bumblebee 是增強開發流程安全性的實用工具。
npx skills add perplexityai/bumblebeeInstalled? Explore more 生產力與協作 skills: steipete/gemini, steipete/gh-issues, steipete/skill-creator · View all 6 →
A read-only supply chain scanner for checking dependencies, MCP servers, and editor extensions for malicious packages.
Gemini CLI one-shot prompts, summaries, generation, skills, hooks, MCP, or Gemma routing.
Fetch GitHub issues, select candidates, spawn background fix agents, open PRs, and optionally process PR review comments.
Create, edit, audit, tidy, validate, or restructure AgentSkills and SKILL.md files.
Search, install, update, sync, or publish agent skills with the ClawHub CLI and registry.
Delegate coding work to Codex, Claude Code, or OpenCode as background workers; not simple edits or read-only code lookup.
List, configure, authenticate, call, and inspect MCP servers/tools with mcporter over HTTP or stdio.