Quick Start
Submit your first behavioral security audit in under 3 minutes. No API key, no signup.
1. Pick a skill to audit
Any public GitHub repository that contains an MCP server, plugin, or agent skill. Example:
https://github.com/anthropics/model-context-protocol2. Submit it
Option A — Website
Go to oathe.ai, paste the URL into the audit bar, and press Scan.
Option B — cURL
curl -X POST https://audit-engine.oathe.ai/api/submit \
-H "Content-Type: application/json" \
-d '{"skill_url": "https://github.com/owner/repo"}'You’ll get back an audit_id:
{
"audit_id": "a1b2c3d4-e5f6-7890-abcd-ef1234567890",
"queue_position": 1
}Option C — MCP Server
npx oathe-mcpThen call submit_audit with the skill URL. See the MCP Server guide for details.
3. Wait for results
Audits take 30–90 seconds. The skill is installed in an isolated environment, its behavior is monitored, and threat patterns are applied.
Poll for status:
curl https://audit-engine.oathe.ai/api/audit/{audit_id}Or watch the progress bar on the website — it uses WebSocket for real-time updates.
4. Read the report
When status is "complete", the response includes a full report:
| Field | What it tells you |
|---|---|
recommendation | What to do: INSTALL, INSTALL_WITH_CAUTION, REVIEW_BEFORE_INSTALL, or DO_NOT_INSTALL |
trust_score | 0–100 composite score |
verdict | SAFE, CAUTION, DANGEROUS, or MALICIOUS |
findings | Specific security issues detected |
summary | One-sentence assessment |
The recommendation field is the single most important signal for decision-making.
What’s next
- How Oathe Works — understand the audit pipeline, threat patterns, and scoring
- MCP Server — check skills directly from your AI agent
- Trust Score — how the 0–100 score is calculated
- CI/CD Integration — automate audits on every push