Oversight is a terminal-based security intelligence tool designed to audit shell scripts and commands before they touch your system. It bridges the gap between "blind trust" and "manual auditing" by providing a high-speed, interactive analysis of both local files and remote scripts via Raw URLs.

Live AUR Update



Most system compromises happen because of a leap of faith, such as executing an unverified package upgrade or running raw setup scripts. Oversight gives you clear insight into these buffers, flagging malicious patterns and explaining security risks in plain language so you can make an informed decision before confirming installations.
.install scripts and .patch files from the local build directory.rm $0), silent pipelines (> /dev/null), RAM-only execution paths (/dev/shm), and reload hooks (crontab, systemctl).Oversight is built in Rust for performance and binary isolation. The following native components are required for compilation:
- Rust Toolchain: cargo and rustc (Edition 2021) to compile the native engine.
- OpenSSL: System library required by reqwest for establishing secure remote TLS/SSL fetching operations.
- Core Crates: ratatui, crossterm, tokio, reqwest, clap, and regex.
yay -S oversight-git
git clone [https://aur.archlinux.org/oversight-git.git](https://aur.archlinux.org/oversight-git.git)
cd oversight-git
makepkg -si
git clone https://github.com/Rakosn1cek/oversight.git
cd oversight
~/.local/bin, and injects the necessary hooks into your shell configuration (.zshrc, .bashrc, or config.fish).chmod +x install.sh
./install.sh
source ~/.zshrc or your respective shell config
oversight ./install.shoversight https://raw.githubusercontent.com/...oversight ~/.local/share/oversight/rules.jsoncurl https://... or risky patterns like rm -rf / automatically to offer a multi-option triage menu, and deeply inspects downstream AUR cache profiles before execution.To permanently deploy Oversight as your primary text and upgrade pager, append either configuration rule to your shell profile file (e.g., ~/.zshrc, ~/.bashrc, or ~/.config/fish/config.fish):
Forces your helper to use Oversight specifically for package upgrades without affecting other system commands:
For yay (~/.zshrc or ~/.bashrc):
alias yay="yay --diffpager oversight"
For paru (~/.config/paru/paru.conf): Add these lines to your ~/.config/paru/paru.conf. You must include the CombinedUpgrade option, otherwise paru will strip out the ANSI colour codes before passing the text to Oversight, leaving you with black and white text:
[options]
Pager = oversight
CombinedUpgrade
For other helpers like Shelly If you are using a different helper, you need to tell Oversight where to find the cache files by using the AUDIT_HELPER variable. For example, you can run it like this:
AUDIT_HELPER=shelly shelly -Sua | oversight
Alternatively, you can export the helper variable globally in your shell profile so Oversight always knows which cache path to check:
export AUDIT_HELPER="shelly"
This setup registers Oversight as your default system text pager. This means packages, man pages, and git streams will automatically open inside the interface.
Add these lines to your ~/.zshrc or ~/.bashrc:
export PAGER="oversight"
export MANPAGER="oversight"
The second line is necessary if your system configuration already sets MANPAGER to less or another tool.
git log or git diff inside your local repositories pass through the static rules database. If a commit contains a matching signature pattern, it triggers the engine alerts, otherwise, it presents standard code reviews within the main pane cleanly.Keybinds: - Up / Down Arrow Keys: Navigate through the findings items on the left panel at all times, ensuring the list selection is never trapped. - PageUp / PageDown Keys: Smoothly scroll the central code viewport line by line independently of the list selection. - Tab Key: Cycle focus forward through the active code stream segments, jumping from the combined patch stream directly into the individual PKGBUILD source tabs. - Numeric Keys (0-9): Jump directly to a specific tab index layout instantly. - Left Arrow Key: Instantly reset the viewport vertical scroll coordinate offsets back to the top. - [S] Key: Toggle global suppression to instantly comment out flagged code blocks across the active selection block and re-balance risk parameters in one pass. - [Q] or Esc: Safely close the interface and pass execution control back to the terminal process pipeline.
Note: Oversight is an advisory tool. While it uses robust regex pattern matching, no security tool is 100% bulletproof. Always use the "Final Verdict" as a guide and review the highlighted code manually if you are unsure about a source.
Note2: Oversight is still in active development; therefore, no guarantee is provided regarding its functionality or system impact at this stage.
If you would like to support or contribute to the project you are more than welcome.
If you would like to discuss or ask questions about Oversight please join my Discord server Rakosn1cek <- This is optional, not requirement.
You can also open an Issue or leave a message in the Discussions.
MIT © 2026 Rakosn1cek. Attribution is required for any redistribution or derivative works.
$ claude mcp add oversight \
-- python -m otcore.mcp_server <graph>