1
    🗂️ Model Inventory Auditor

    🗂️ Model Inventory Auditor

    by JustHandled Labs

    Inventory every LLM model and provider your code depends on, the AI bill of materials, and flag the dependency risk. It lists each provider, model, and where it's used, then flags hardcoded model ids, single-provider dependency with no alternative, the same model referenced by different ids, model ids with no config or env indirection, and providers pinned in your manifests. Recognizes OpenAI, Anthropic, Google Gemini, and more from an editable list.

    Updated Jun 2026
    Security scanned
    Cursor

    $13

    · or 65 credits

    30-day refund guarantee

    Secure checkout via Stripe

    Included in download

    • Generate a complete AI Bill of Materials (AIBOM) for compliance audit
    • Identify hardcoded model IDs that should be moved to environment variables
    • terminal, file_read automation included
    • Ready for Cursor
    • Instant install

    Sample input

    Evaluate my repository and give me an AI model bill of materials.

    Sample output

    AI Model Inventory

    • OpenAI: gpt-4o, gpt-3.5-turbo (Hardcoded in LLMService.ts)
    • Anthropic: claude-3-5-sonnet-20240620 (Env: CLAUDE_MODEL_ID)

    Risk Findings

    • [MIA001] Hardcoded 'gpt-4o' literal found in services/openai.py
    • [MIA005] OpenAI pinned in package.json with no fallback.

    About This Skill

    What it does

    The Model Inventory Auditor scans your entire codebase to generate an "AI Bill of Materials" (AIBOM). It identifies every LLM provider, model ID, and API configuration used across your scripts, dependency manifests, and environment files. It goes beyond a simple search by mapping logical models to specific providers and detecting architectural risks.

    Why use this skill

    Manually tracking every model call in a sprawling application is error-prone. This skill automates the audit process to protect you from vendor lock-in and production failures. It flags hardcoded model IDs, inconsistent naming conventions, and dangerous single-provider dependencies that could represent a single point of failure for your AI features.

    Supported tools

    • Languages: Python, JavaScript, TypeScript
    • Config: JSON, YAML, .env files
    • Package Managers: pip (requirements.txt, pyproject.toml), npm/yarn (package.json)
    • Frameworks: Compatible with any LLM integration (LangChain, OpenAI SDK, Anthropic SDK, etc.)

    The Output

    You receive a structured inventory of all detected AI dependencies followed by a set of targeted findings (MIA codes). These findings highlight specific risks like pinned versions without fallbacks or model IDs missing environment-based indirection.

    Use Cases

    • Generate a complete AI Bill of Materials (AIBOM) for compliance audit
    • Identify hardcoded model IDs that should be moved to environment variables
    • Detect single-provider concentration risks to plan for multi-model failover
    • Find inconsistent model references across different microservices

    Reviews

    No reviews yet - be the first to share your experience.

    Only users who have downloaded or purchased this skill can leave a review.

    Security Scanned

    Passed automated security review

    Permissions

    Terminal / Shell
    Read Files

    File Scopes

    model-inventory-auditor/**
    **/*.py
    **/*.js
    **/*.ts
    **/*.json
    **/*.yaml
    **/*.yml
    requirements.txt
    package.json
    pyproject.toml
    .env
    .env.example

    Notes: Read-only. Provider and model-id patterns load from an editable references/model-providers.json. It references API keys only by env-var name, never a value, and reads no environment variables itself.

    Tags

    llm-ops
    security
    audit
    dependency-analysis
    ai-governance

    Works with any agent that can read a repo and run a local Python script (Claude Code, Cursor, Codex CLI, and other SKILL.md-compatible agents). Standard library only, no install step. Read-only, no network.

    Creator

    JustHandled Labs

    JustHandled Labs builds focused agent skills for the work nobody wants to do by hand. Each one is a single repeatable job done well: catching the security and data mistakes that quietly ship, keeping docs and tests honest, gating the commands an agent is about to run, sharpening writing, and handling the founder chores around launches, outreach, and brand setup. Not generic AI productivity. Specific workflows that are easy to run, review, and repeat. Maintained by H.J. Westerfield, with a background in communications, editing, project coordination, customer support, and practical AI systems. Tools for people who want useful automation without theatrical complexity.

    Frequently Asked Questions

    Learn More About AI Agent Skills

    More Premium Skills

    designing-hybrid-context-layers

    Architects the right retrieval strategy for every query — teaching your agent when to use RAG, a knowledge graph, or a temporal index instead of defaulting to vector search for everything.

    $1016 installs

    ai-automation-qa-pack

    Professional QA & UAT documentation generator for AI automation agencies and complex agent deployments.

    $510 installs

    Bounty Security Pattern Master Library — 399 Vulnerability Patterns

    A premium library of 399 vulnerability patterns and DeFi attack vectors for AI-driven bug hunting and security audits.

    $759 installs

    cinematic-sites

    Turn any basic business URL into a high-end cinematic landing page with AI-generated 4K assets and GSAP animations.

    $128 installs

    $13