A behavioral vulnerability standard for skill files, MCP servers, and the agent components the package world cannot see.
AVE is an open standard. The records describe behavior, not packages — so any scanner can map to them. Reference implementation: Bawbel scanner. Build your own →
Search, filter, and inspect every AVE record — severity, attack class, AIVSS, IOCs, framework mappings, and provenance.
Open the registry → InteroperateHow other scanners and the frameworks you already trust map to AVE ids, so findings become comparable across tools.
View crosswalks → ImplementThe structure of the standard: record anatomy, the validation triangle, and the declares-vs-assigns contract any implementer must honor.
Read the guide → ReferenceEvery field, its type, whether it is required, and what it means — plus the v1.1 evidence declarations and an example record.
Open the schema →Found a behavioral vulnerability class the registry does not cover? AVE grows through peer review. Propose a record with a behavioral fingerprint, a detection rule, and positive plus negative fixtures.