Living Websites

A provably safe agent skill: no network, no credentials

Before you install any agent skill, one question matters more than what it does: what can it reach? A skill that runs on your machine can, in principle, read your credentials, write to your disk, or send your files somewhere. de-AI gate is built so it can do none of those, and it backs the claim with a test that reads its own source and fails if the claim is ever false.

The risk with agent skills

A lot of skills quietly do more than they advertise. Some run automatically when a session starts. Some read environment variables or tokens. Some make network calls to send data off the machine. None of that is visible from a description; it lives in the code, which most people never read.

So the honest way to earn trust is not to promise good behavior. It is to remove the ability to misbehave, and then prove the removal in a way anyone can run.

Safe by construction

de-AI gate is read-only. It scans files, writes nothing, and exits with a code. It has no auto-run hook, so it only does anything when you invoke it directly. It reads no credentials and holds no keys. It makes no network calls; it is pure local regex over local files. And it ships zero third-party dependencies, so there is no supply chain riding along.

Proven in code, not just claimed

The repository includes a publish-safety test that strips comments and docstrings, then scans the remaining executable source and fails if any unsafe surface appears. It checks three things.

No network surface: the source must contain none of fetch(, http, socket., urllib, requests., or XMLHttpRequest. No credential or process surface: none of process.env, os.environ, cookie, credential, child_process, subprocess, execSync, or spawn. No write surface: none of writeFileSync, appendFile, unlink, rmSync, or mkdir, because the gate must stay read-only. If any of these ever appeared in the code, the test would fail and the release would stop.

It even gates itself

The safety test is not the only self-check. The gate also runs against its own tell catalog, so its own definitions and documentation cannot smuggle in a tell. A tool that checks other content for honesty holds itself to the same rule first. You can clone the repository and run both checks yourself in a few seconds.

Keep reading, then read the source.

de-AI gate is open source under the MIT license. Clone it, read every line, and run the publish-safety test yourself.

Get de-AI gate on GitHub

FAQ

How do I know de-AI gate does not exfiltrate my content?

A publish-safety test asserts that the executable source contains no network surface at all: no fetch, no http calls, no sockets. You do not have to trust the claim; you can run the test against the source yourself and see it pass.

Does it run automatically or read my environment?

No. It has no auto-run hook, so it acts only when you invoke it, and the safety test checks that the source reads no environment variables, tokens, or credentials. It scans local files and exits with a code.

Does it write to my disk?

No. It is read-only by construction, and the publish-safety test fails if any write function such as writeFileSync or appendFile appears in the code. It reports results to standard output and changes nothing on disk.

Does it pull in third-party dependencies?

No. The JavaScript engine needs only Node 18 or newer, or Bun, and the Python surface needs only the standard library, so there is no third-party package supply chain to trust.