Our Checks

What Vettd checks, at a high level.

Vettd reviews different kinds of AI assets in different ways. This page is a plain-language overview of the signals we look for today across skills, prompts, MCP servers, agents, and agentic apps.

We keep this overview intentionally high level. It is meant to help you understand the categories of evidence Vettd uses without overstating certainty or publishing internal implementation details.

Explore the Directory

High level by design

This page describes the categories of evidence Vettd looks at. It does not publish internal thresholds, scoring logic, or implementation details.

Evidence-based, not absolute

Vettd reports what it can observe from submitted packages, repository content, and scan data available at the time. Missing evidence does not automatically mean something is safe or unsafe.

Asset Type

Skills

For public skills in the directory, Vettd focuses on package hygiene, documentation quality, and obvious safety signals in the submitted files.

What Vettd Looks At

  • Whether required structure is present, such as SKILL.md and supporting directories like scripts, references, assets, or evals.
  • Whether the description is clear enough to explain what the skill does and when it should be used.
  • Whether the instructions appear to include concrete workflow guidance, examples, validation steps, or checklists.
  • Whether the package contains obvious red flags like embedded secrets, unsafe shell patterns, destructive commands, or environment files that should not ship.

Why It Matters

  • These checks help users judge whether a skill looks maintainable, testable, and worth reviewing before they install it.
  • They also help separate well-documented submissions from packages that need more review or cleanup.

Important: A skill score is not a guarantee that the skill is safe in every environment. It is a summary of the evidence Vettd can see in the submitted package.

Asset Type

Prompts

For prompts discovered in repository scans, Vettd summarizes what kind of prompt it appears to be and what control surfaces it may touch.

What Vettd Looks At

  • Whether a prompt looks like a system, user, or tool prompt.
  • Whether the prompt appears to reference sensitive values, credentials, or other secret-like material.
  • Whether the prompt has broad input or interpolation surfaces that deserve closer review.
  • Whether the prompt suggests elevated capabilities such as shell, file, browser, or network-oriented behavior.

Why It Matters

  • Prompt review helps teams find instruction layers that carry more control than they first appear to.
  • It also helps highlight prompts that deserve manual review before being reused in production workflows.

Asset Type

MCP Servers

For MCP servers, Vettd focuses on how the server is exposed, how it is configured, and how much operational surface area it appears to have.

What Vettd Looks At

  • What transport or connection style the server appears to use.
  • Whether the server looks local-only or network reachable based on the available configuration evidence.
  • What authentication or credential dependencies are visible at a high level.
  • What tools, environment-variable dependencies, or verification metadata are visible when that information is available.

Why It Matters

  • MCP servers can become high-value control surfaces, so exposure and auth posture matter as much as the code itself.
  • These checks help teams understand where an MCP server may need tighter review, stronger isolation, or clearer ownership.

Asset Type

Agents

For agents, Vettd looks at how the agent is meant to operate, what kind of work it appears to perform, and what systems it may be connected to.

What Vettd Looks At

  • Whether the agent appears autonomous, supervised, scheduled, or otherwise user-gated.
  • What broad category of work the agent seems designed to do, such as code, automation, research, or system tasks.
  • What tool or system connections are visible from the current source and scan context.
  • Whether the current signals suggest a tighter review posture or a need for deeper verification.

Why It Matters

  • Execution model and access shape the real risk profile of an agent more than branding or naming does.
  • These checks help teams understand which agents need clearer guardrails, narrower permissions, or more oversight.

Asset Type

Agentic Apps

For multi-agent applications and workflows, Vettd summarizes the visible orchestration pattern rather than claiming to fully validate the full runtime behavior.

What Vettd Looks At

  • What orchestration framework or workflow pattern appears to be in use.
  • Which agents appear to participate in the app and how complex the overall setup looks.
  • What review status, verification checks, or risk tags are present in the current asset record.
  • What high-level purpose the system appears to serve based on the source and scan context.

Why It Matters

  • Multi-agent systems often combine the risk of several components at once, so teams need an understandable high-level map before digging deeper.
  • These checks help reviewers see whether a workflow looks simple and constrained or layered enough to warrant a more careful audit.

Important: Vettd does not claim to prove every execution path in a live multi-agent system from a high-level asset summary alone.

Reference Frameworks

How to read framework labels in the directory.

The directory currently surfaces framework labels as reference context. They tell you which standards or policy lenses a submitter or reviewer may be using when describing an asset.

Important: These labels are not an automated Vettd certification that an asset satisfies a full compliance framework end to end.

OWASP

A broad application security reference used to reason about common software and web risk patterns.

  • It is often used as shorthand for issues like injection, broken access control, unsafe defaults, and weak validation.
  • In Vettd today, this label is reference context for reviewers and submitters, not an automated certification claim.

NIST 800-53

A large control catalog for security and privacy programs, frequently used in regulated or enterprise environments.

  • It covers control families such as access control, audit logging, configuration management, incident response, and system integrity.
  • When shown in the directory, it should be read as alignment context or reviewer intent, not proof that Vettd has mapped every control.

CMMC

A maturity model used in the defense industrial base to assess cybersecurity practices and process rigor.

  • It builds on structured security domains and is typically relevant when software or workflows touch controlled defense data or supplier requirements.
  • Vettd does not currently perform a formal CMMC assessment on assets surfaced in the public directory.

ISO 42001

An AI management system standard focused on governance, accountability, risk management, and organizational controls for AI.

  • It is more about management processes and oversight than a narrow code-only checklist.
  • A directory tag here should be interpreted as reference framing for AI governance conversations, not a completed ISO 42001 audit.

EU AI Act

A regulatory framework that classifies AI use cases by risk and imposes obligations based on how the system is used.

  • It matters most when an AI system is deployed into regulated contexts, user-facing decision flows, or high-risk operational domains.
  • Vettd can surface signals relevant to review, but a public label is not a legal determination that an asset satisfies the Act.

CISA

A practical security reference point associated with US cyber defense guidance, advisories, and operational best practices.

  • Teams often use it as a shorthand for security hygiene expectations around hardening, exposure reduction, and response readiness.
  • In the directory, this tag is descriptive context rather than evidence of a formal CISA review.