BytesAgain is a curated directory of 60,000+ AI agent skills from ClawHub, GitHub, LobeHub, and Dify. Search skills by keyword in 7 languages, browse by role (developer, creator, trader, marketer) or by use case.

How do I find AI skills on BytesAgain?

Use the search bar on BytesAgain.com to search by keyword in 7 languages. You can also browse by role (developer, creator, trader, marketer) or by use case. Each skill shows install instructions for Claude, Cursor, OpenClaw, Continue, and more.

Yes, BytesAgain is completely free. No registration required for searching skills. The MCP API is also free with rate limits.

Does BytesAgain have an API for AI agents?

Yes! BytesAgain provides a free MCP SSE endpoint at /api/mcp/sse for AI agents, plus a REST API at /api/mcp?action=search&q= . No authentication needed.

Can I request a new AI skill on BytesAgain?

Yes! Visit the Requests page on BytesAgain.com to submit a skill request. Your request will be visible to the community and notified to the site admin.

🦀 ClawHub

agent-bom ingest

by @msaad00

Validate and ingest operator-pushed agent-bom inventory JSON from AWS, Azure, GCP, Snowflake, CMDB, or endpoint collectors. Use when a user has canonical inv...

Versionv0.88.4

Downloads803

#devops #api #data #ecommerce #legal

View on ClawHub →

TERMINAL

clawhub install agent-bom-ingest

📖 About This Skill

name: agent-bom-ingest description: >- Validate and ingest operator-pushed agent-bom inventory JSON from AWS, Azure, GCP, Snowflake, CMDB, or endpoint collectors. Use when a user has canonical inventory JSON and wants local findings, graph, policy, provenance, or auditor-ready exports without giving agent-bom direct cloud credentials. version: 0.86.1 license: Apache-2.0 compatibility: >- Requires Python 3.11+ and agent-bom 0.84.4+. Inventory must conform to the packaged inventory.schema.json contract. metadata: author: msaad00 homepage: https://github.com/msaad00/agent-bom source: https://github.com/msaad00/agent-bom pypi: https://pypi.org/project/agent-bom/ openclaw: requires: bins: - agent-bom env: [] credentials: none credential_policy: "No cloud credentials are required. Optional control-plane push uses an operator-provided agent-bom API token; never ask users to paste that token into chat and never print it." optional_env: - AGENT_BOM_API_KEY - AGENT_BOM_PUSH_URL optional_bins: [] emoji: "inbox" homepage: https://github.com/msaad00/agent-bom source: https://github.com/msaad00/agent-bom license: Apache-2.0 os: - darwin - linux - windows credential_handling: "Inventory is schema-validated before it is trusted. Env var values, URL credentials, launch arguments, discovery_provenance, permissions_used, and security intelligence pass through the sanitizer/redaction contract before display/export." data_flow: "Operator-generated inventory JSON -> packaged inventory.schema.json validation -> local agent-bom scan/graph/export. Optional push to an operator-owned control plane goes only to the URL the operator provided." file_reads: - "operator-selected inventory JSON file" - "packaged agent_bom/data/inventory.schema.json" file_writes: - "operator-selected JSON/SARIF/HTML/Markdown export path" network_endpoints: - url: "operator-provided AGENT_BOM_PUSH_URL" purpose: "Optional push into the operator-owned agent-bom control plane" auth: true optional: true - url: "https://api.osv.dev/v1" purpose: "Optional package vulnerability lookup during local scan" auth: false optional: true - url: "https://api.github.com/advisories" purpose: "Optional GitHub Advisory enrichment during local scan" auth: false optional: true telemetry: false persistence: false privilege_escalation: false always: false autonomous_invocation: restricted

agent-bom-ingest

Use this skill when the operator already produced canonical inventory JSON with an operator-pull adapter, endpoint collector, CMDB export, or AI-agent workflow. The default path is local validation plus local scan/export.

Guardrails

Validate inventory with the packaged schema before treating it as evidence.

Require discovery_provenance and permissions_used where the source claims

cloud/operator-pushed discovery.

Require a trustworthy discovery_provenance.source_type such as

operator_pushed_inventory or skill_invoked_pull; do not infer it from prose.

Do not invent provenance, permissions, cloud scopes, or credential posture.

Do not push to a control plane unless the operator provides the destination

URL and auth method explicitly.

Do not print raw tokens, URL credentials, private keys, or env var values.

Workflow

Validate first:

agent-bom inventory validate inventory.json

Scan locally:

agent-bom agents --inventory inventory.json --format json --output agent-bom-findings.json

Choose output by consumer:

SARIF for CI/code-scanning gates

JSON for graph, API, and automation

HTML or Markdown for human review

CycloneDX/SPDX for SBOM consumers

Evidence Contract

Valid inventory preserves discovery_provenance, permissions_used, cloud_origin, redaction state, package identity, server identity, tools, and security intelligence. If the inventory is malformed or missing required trust fields, stop and ask the operator to regenerate it rather than scanning a best-effort summary.