All Tools / Companion Tools

Companion Tools

Host-side security tools that complement Toolhub's in-browser utilities.

Toolhub is fully browser-based — nothing runs server-side, nothing needs install. These external tools are different: they run on your own machine or server. We list them here because they fit Toolhub's privacy-first ethos and address use cases that genuinely require host-side execution.

All are built by JXXR1, the same maintainer as Toolhub. MIT licensed. Self-host them. Audit the source. They're not affiliate links — just companion utilities.

🤖 AI Agents & Harnesses

skill-scanner-v2 v3.5.0

Security scanner for AI agent skills (OpenClaw / Claude Code / Hermes ecosystems). 38 detection modules covering pattern matching, AST taint tracking, YARA rules, LLM semantic analysis, supply-chain provenance, hash-pinning, and release-signature verification (PGP).

With AI agent harnesses proliferating, the supply chain for downloadable agent "skills" is the next frontier for malware injection. skill-scanner-v2 statically analyses skill packages across 38 detection modules — pattern matching, AST taint tracking, LLM semantic analysis, YARA rules, and typo-squat detection.

Recent supply-chain wave (v3.4 + v3.5) adds: bundled-content provenance for RAG corpora, external-model-download detection (HuggingFace / replicate / etc.), hash-pinning verification against in-flight tampering, and PGP release-signature verification.

Stack: bash + JavaScript + Python wrapper + YARA. Host-side execution required. Open source, MIT.

🛡️ Security

sentinel-v2 v1.8.0

Lightweight bash security monitor for Linux servers. Three-layer architecture: file-watch (sub-second), watchdog (every 2 min), full audit + intel (every 6 hours).

Open-port allowlist · sensitive-service exposure detection · root-process audit · world-writable scan · SSH-key delta · failed-login spike detection · cron/systemd delta · security-stack health (ClamAV / CrowdSec / Wazuh / fail2ban) · CVE-feed intel · supply-chain skill-scanner integration · LLM-vendor egress audit · backup integrity verification · Tailscale posture audit.

Stack: pure bash + inotify + standard Linux utilities. Probes localhost services + reads /etc. Host-side execution required. Open source, MIT.

Why these and not just "a list of cool tools"?

Both are JXXR1's own work. We recommend tools we've built or audited ourselves. Toolhub doesn't publish a "best Linux security tools" listicle — there are plenty of those, and most are SEO farms. This page is a curated handoff for the specific audiences who arrive at Toolhub and need a host-side companion: school IT admins, agent-builders, sysadmins.

If you'd like a tool added: open an issue on the Toolhub repo. We won't accept paid placements.