Command Palette

Search for a command to run...

UnylyUnyly
Весь каталог

Agentguard

БесплатноНе проверен

Enables scanning of AI agent code for security vulnerabilities such as prompt injection, tool abuse, and data exfiltration, directly from MCP-compatible clients

GitHubEmbed

Описание

Enables scanning of AI agent code for security vulnerabilities such as prompt injection, tool abuse, and data exfiltration, directly from MCP-compatible clients like Claude Code.

README

Autonomous security scanner for AI agents. Detects prompt injection, tool abuse, data exfiltration, and OWASP ASI Top 10 vulnerabilities in agent code.

PyPI Python 3.10+ License: LGPL v3 CI OWASP ASI


Why AgentGuard?

AI agents are being deployed at scale -- in coding tools, customer support, trading bots, and autonomous systems. Nobody is scanning their code for security vulnerabilities.

Existing tools (Bandit, Semgrep, CodeQL) scan for traditional vulnerabilities. AgentGuard scans for agent-specific attack vectors that traditional SAST tools miss.

Comparison

Feature AgentGuard Semgrep CodeQL Bandit
Prompt Injection (ASI01) Yes + AST taint No No No
Tool Abuse (ASI02) Yes No No Partial
Data Exfiltration (ASI03) Yes No No No
Excessive Agency (ASI04) Yes No No No
Supply Chain (ASI05) Yes No No No
Insecure Output (ASI06) Yes No No No
Credential Exposure (ASI07) Yes Partial Partial Yes
Context Manipulation (ASI08) Yes No No No
Agent Loop Exploitation (ASI09) Yes No No No
Trust Boundary (ASI10) Yes No No No
AST Taint Tracking Yes No No No
OWASP ASI Top 10 Coverage 10/10 1/10 1/10 2/10
MCP Server Mode Yes No No No
SARIF Output Yes Yes Yes No
Pre-commit Hook Yes Yes No No
GitHub Action Yes Yes Yes No

Comparison based on author's assessment of default rule sets (v0.8.1 vs Semgrep OSS v1.x, CodeQL default queries, Bandit v1.7). "Partial" indicates some coverage via general-purpose rules but no agent-specific detection.

Live Demo

See AgentGuard in action on the demo repo. The CI runs AgentGuard on every push, and findings appear in GitHub Code Scanning.

Precision & Validation

AgentGuard's precision has been independently measured:

Metric Value
Precision (independent sample) 88% (44 TP / 6 FP)
Sample size 50 CONFIRMED findings
Frameworks covered 7 (CAMEL, Qwen-Agent, LangChain, CrewAI, AutoGen, LlamaIndex, Dify)
Validation method Manual source code inspection at each reported line
FP filter effectiveness 32 systematic FP patterns eliminated (from 36% to 88%)
License LGPL v3 — free for individuals and OSS, paid for enterprise

All 6 remaining FPs fixed in v0.8.1 (single pattern: def _update_prompts).

Methodology: 50 findings were randomly sampled from 951 CONFIRMED results, completely disjoint from the development/fix sample. Each finding was verified by reading the actual source code at the reported line with surrounding context.

Roadmap

See ROADMAP.md for the full 2026–2027 roadmap. Current phase: Phase 1 — Prove Technical Value (complete). Next: Phase 2 — Build Audience.

Sovereign Security Audit 2026

AgentGuard was deployed against 7 major AI agent frameworks:

Framework Files Findings CONFIRMED Risk Score
Dify 2,030 1,687 216 12,570
LlamaIndex 2,951 1,080 294 6,341
CrewAI 1,042 1,317 99 6,392
LangChain 1,831 436 132 2,653
AutoGen 553 696 98 2,696
CAMEL 355 147 62 946
Qwen-Agent 238 242 50 1,325
TOTAL 9,000 5,605 951 32,923

Full report: AUDIT_REPORT_2026.md

AgentGuard is the first and only static analysis tool with dedicated OWASP ASI Top 10 rules. Traditional SAST tools (Semgrep, CodeQL, Bandit) lack agent-specific detection rules -- they were designed for traditional vulnerabilities, not AI agent attack vectors.

Benchmark Dashboard

Security Specification: specification.md — the formal standard for AI agent code security.

Quick Start

pip install dfx-agentguard

# Scan a directory
agentguard .

# JSON output for CI/CD
agentguard src/ --format json

# SARIF for GitHub Code Scanning
agentguard . --format sarif > results.sarif

# Only show HIGH and above
agentguard . --min-severity HIGH

# Include test files in scan
agentguard . --include-tests

CLI Usage

agentguard [OPTIONS] [TARGET]

Arguments:
  TARGET                   Directory or file to scan (default: current directory)

Options:
  --format [text|json|sarif]   Output format (default: text)
  --exit-code / --no-exit-code  Exit non-zero if findings found (default: on)
  --min-severity [CRITICAL|HIGH|MEDIUM|LOW|INFO]  Minimum severity to report
  --include-tests               Include test files in scan (default: skip)
  --no-fp-filter                Disable false positive filtering
  --no-classify                 Disable finding classification
  --auto-report PATH            Generate auto Markdown audit report
  --ci                          CI/CD concise output mode
  --help                        Show help

OWASP ASI Top 10 Coverage

ID Vulnerability Status Detection Method
ASI01 Prompt Injection Detected f-string, .format(), messages array, context stuffing, tool description poisoning
ASI02 Tool Abuse / Unintended Tool Use Detected os.system, subprocess, shell tools, unrestricted registration
ASI03 Data Exfiltration Detected External URLs, variable URL correlation, fetch/axios, subprocess curl, DNS exfil
ASI04 Unauthorized Actions / Excessive Agency Detected Auto-execute, no confirmation, autonomous actions
ASI05 Supply Chain / Untrusted Components Detected Dynamic import, unpinned deps, untrusted pip install
ASI06 Insecure Output Handling Detected LLM output in HTML/JSX/DOM, innerHTML, document.write, markdown.render
ASI07 Credential / Secret Exposure Detected API keys (sk-, ghp_, AKIA, AIza, xox), private keys, passwords, connection strings
ASI08 Context Window Manipulation Detected Unbounded context, token stuffing, missing limits
ASI09 Agent Loop Exploitation Detected Recursive calls without depth limit, while True, no max iterations
ASI10 Trust Boundary Violation Detected Root access, host filesystem mounts, no sandbox, self-modification

CI/CD Integration

Docker — Run Anywhere

docker run --rm -v $(pwd):/workspace ghcr.io/dockfixlabs/agentguard .

Works in any CI/CD pipeline. No Python needed.

GitHub Action

name: Security Scan
on: [push, pull_request]

jobs:
  agentguard:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
      - uses: actions/setup-python@v5
        with:
          python-version: '3.12'
      - run: pip install dfx-agentguard
      - run: agentguard . --format sarif > results.sarif
      - uses: github/codeql-action/upload-sarif@v3
        with:
          sarif_file: results.sarif

Drop-in GitHub Action

- uses: dockfixlabs/[email protected]
  with:
    path: src/
    format: sarif

Pre-commit Hook

repos:
  - repo: https://github.com/dockfixlabs/agentguard
    rev: v0.8.1
    hooks:
      - id: agentguard
        args: ["--min-severity", "HIGH"]

Programmatic Usage

from agentguard.scanner import scan_directory

result = scan_directory("src/")

print(f"Found {len(result.findings)} issues")
print(f"Critical: {result.critical_count}")
print(f"High: {result.high_count}")

for finding in result.findings:
    print(f"  [{finding.severity}] {finding.rule_name} at {finding.file}:{finding.line}")

MCP Server Mode

Scan agent code directly from Claude Code, Cursor, or any MCP-compatible client:

{
  "mcpServers": {
    "agentguard": {
      "command": "python3",
      "args": ["-m", "agentguard.mcp_server"]
    }
  }
}

Then ask Claude: "Scan my agent code for security vulnerabilities"

Benchmark Results

Tested against 28 vulnerable code samples + 8 real-world attack patterns:

Category      Total   Detected     Coverage
ASI01             6          6    Covered
ASI02             5          5    Covered
ASI03             4          4     Covered
ASI07             6          6     Covered
ASI10             5          5     Covered
clean             2          0    Verified clean
TOTAL            28         26    —

The complete benchmark suite contains 56 hand-crafted samples covering all detection rules.

Project Ecosystem

Repository Description
agentguard Core scanner + CLI + MCP server
mcp-scanner MCP server configuration scanner
agentguard-app GitHub App for automated PR reviews
agentguard-vscode VS Code extension
agentguard-benchmark Benchmark suite (56 samples)

Roadmap

  • OWASP ASI Top 10 -- all 10 categories covered
  • MCP server mode -- scan from Claude Code/Cursor
  • SARIF output -- GitHub Code Scanning integration
  • PyPI publication -- dfx-agentguard
  • VS Code extension
  • GitHub App for PR reviews
  • Benchmark suite (28 samples, covering all detection rules)
  • Pre-commit hook (.pre-commit-hooks.yaml)
  • GitHub Action (action.yml)
  • Dockerfile for agentguard-app
  • PyPI Trusted Publishing (OIDC)
  • AST-based taint tracking (v0.5.0) -- traces source-to-sink data flow
  • Language support: Rust, Go, Java
  • Web dashboard (SaaS)
  • REST API (Scan-as-a-Service)

See the full ROADMAP.md.

Contributing

See CONTRIBUTING.md. Bug reports and feature requests welcome.

Security

See SECURITY.md. Report vulnerabilities privately -- do not open public issues.

License

LGPL v3 -- see LICENSE. AI agent SAST is a new category. The LGPL ensures the core remains open while protecting against cloud vendor appropriation (learned from Bandit's Apache 2.0 → $0 revenue path).


Built by Dockfix Labs. Built for the AI agent era.


AgentGuard Ecosystem

AgentGuard is the core security scanner. Companion tools:

Tool Purpose Install
agentguard AI agent code security scanner pip install dfx-agentguard
mcp-scanner MCP server security audit pip install dfx-mcp-scanner
agentguard-app GitHub App for PR reviews Install from Marketplace
agentguard-vscode VS Code inline diagnostics Install from VS Code
agentguard-benchmark Detection benchmark suite git clone
agentguard-demo Live demo with Code Scanning git clone

22 detection rules | 139 tests | 28 benchmark samples | OWASP ASI Top 10 | 88% precision GitHub Action: dockfixlabs/agentguard@v1

from github.com/dockfixlabs/agentguard

Установить Agentguard в Claude Desktop, Claude Code, Cursor

Рекомендуется · одна команда, все IDE
unyly install agentguard

Ставит в Claude Desktop, Claude Code, Cursor и VS Code — сам разбирается с npx, uvx и сборкой из исходников.

Впервые? Поставь CLI: curl -fsSL https://unyly.org/install | sh

Или настроить вручную

Выполни в терминале:

claude mcp add agentguard -- uvx dfx-agentguard

FAQ

Agentguard MCP бесплатный?

Да, Agentguard MCP бесплатный — установка в пару кликов через Unyly без оплаты.

Нужен ли API-ключ для Agentguard?

Нет, Agentguard работает без API-ключей и переменных окружения.

Agentguard — hosted или self-hosted?

Self-hosted: сервер запускается локально на твоей машине командой из раздела установки.

Как установить Agentguard в Claude Desktop, Claude Code или Cursor?

Открой Agentguard на unyly.org, выбери вкладку своего клиента (Claude Desktop, Claude Code, Cursor) и нажми Install — конфиг сгенерируется автоматически, без правки JSON.

Похожие MCP

Compare Agentguard with

Не уверен что выбрать?

Найди свой стек за 60 секунд

Автор?

Embed-бейдж для README

Похожее

Все в категории development