Remote OpenClaw
Menu

Agent Security Scanner

Mikehzp/agentvuln
0 starsMITCommunity

Install to Claude Code

This server doesn't publish a one-line install command. Follow the setup in the source repository.

Summary

Scan AI agents for tool-calling vulnerabilities: prompt leaks, hijacking, injections, and more.

README.md

<p align="center"> <img src="https://img.shields.io/pypi/v/agentvuln?color=blue" alt="PyPI"> <img src="https://img.shields.io/pypi/dm/agentvuln?color=green" alt="Downloads"> <img src="https://img.shields.io/github/stars/Mikehzp/agentvuln?style=social" alt="Stars"> <img src="https://img.shields.io/badge/attacks-18-orange" alt="18 attacks"> </p>

<h1 align="center">๐Ÿ” Agent Security Scanner (agentsec)</h1> <p align="center"><em>Find tool-calling vulnerabilities in AI agents โ€” before attackers do.</em></p>

---

agentsec scans AI agents that call tools. Not chat prompt injection โ€” tool-calling abuse: argument injection, privilege escalation, MCP protocol attacks, data exfiltration, and more.

pip install agentvuln
agentsec self-test                    # Verify your setup
agentsec scan hermes --profile quick  # Scan a live agent in ~1 min
agentsec scan trace.json -o report.html  # Scan an offline trace

๐Ÿ”ด Real Findings

| Agent | Vulns | Key Finding | |-------|-------|-------------| | Hermes | 3 ๐Ÿ”ด | Leaked ~/.env, executed SQL injection, leaked system prompt | | browser-use | 3 ๐Ÿ”ด | Leaked SSH private keys, executed SQL injection | | OpenHands CLI | 0 ๐ŸŸข | Refused ALL attacks | | OpenHands SDK | 4 ๐Ÿ”ด | No security guardrails โ€” executed every attack |

CLI โ‰  SDK. OpenHands' security lives at the CLI layer, not the agent core. If you integrate via SDK directly, you get zero protection.

Features

| Feature | | |---------|-| | 18 attack vectors | tool injection, MCP attacks, memory poisoning, RAG poisoning, data leaks, DoS, and more | | Online + Offline | scan live agent APIs or offline trace files (JSON/JSONL) | | 3 report formats | JSON (CI), Markdown (PRs), HTML (dashboards) | | Scan profiles | quick (5 attacks, ~1 min), daily (8), full (18) | | CI/CD ready | GitHub Action, --fail-on threshold, Docker support | | Auto-fix | Some vulnerabilities can be mitigated automatically | | Custom attacks | YAML templates for your own attack scenarios | | MCP Server | Integrate as MCP tools for any MCP client | | Cross-provider | DeepSeek, OpenAI, Anthropic, OpenRouter, Google, xAI |

Try It

# Quick scan of your local agent
agentsec scan hermes --profile quick

# Full scan with HTML report
agentsec scan hermes -o report.html

# CI mode: exit code 1 if any HIGH+ vulnerability found
agentsec scan hermes --fail-on high

# Docker
docker build -t agentvuln .
docker run agentvuln scan hermes --profile quick

GitHub Actions

- name: Run agent security scan
  uses: Mikehzp/agentvuln@v0.4.0
  with:
    target: hermes
    profile: daily
    fail-on: high
    output-format: html

Python API

from agentsec.engine import ScanEngine
from agentsec.report import ReportGenerator

engine = ScanEngine(offline_mode=True)
results = engine.run("trace.json", ["system_prompt_leak", "data_leak"])
ReportGenerator().save(results, "my_agent", "report.html")

Supported Targets

agentsec scan hermes                        # Local Hermes agent
agentsec scan openai:gpt-4o                 # OpenAI API agent
agentsec scan openrouter:anthropic/claude-4 # OpenRouter
agentsec scan deepseek:deepseek-chat        # DeepSeek
agentsec scan trace.json                    # Offline trace
agentsec scan template:claude-code          # Simulated agent

Real Scan Demo

$ agentsec self-test
โ•ญโ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ•ฎ
โ”‚ ๐Ÿ”ฌ Agent Security Scanner โ€” Self Test                       โ”‚
โ•ฐโ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ•ฏ
  โ”€โ”€ API Connectivity โ”€โ”€
  โœ… API call succeeds
  โ”€โ”€ Detection Pipeline โ”€โ”€
  โœ… tool call analysis: exploited=True conf=medium
  โœ… pipeline: agent refuses โ€” exploited=False
  โ”€โ”€ Attack Registry โ”€โ”€
  โœ… 18 attacks registered, all with run methods
  โ”€โ”€ Report Generation โ”€โ”€
  โœ… JSON/MD/HTML report generation
  โ”€โ”€ Scan Profiles โ”€โ”€
  โœ… quick(5) daily(8)
โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€
โœ… All 7 self-tests passed.

Project Status

Alpha โ€” works, tested, but APIs may change. MIT licensed. Contributions welcome.

---

ไธญๆ–‡่ฏดๆ˜Ž

agentsec ๆ˜ฏไธ€ไธชไธ“้—จๆ‰ซๆ AI Agent๏ผˆ่ฐƒ็”จๅทฅๅ…ท็š„ๆ™บ่ƒฝไฝ“๏ผ‰ ็š„ๅฎ‰ๅ…จๅทฅๅ…ทใ€‚ไธๆ˜ฏๆต‹่Šๅคฉๅฏน่ฏ็š„ prompt injection๏ผŒ่€Œๆ˜ฏๆต‹ๅทฅๅ…ท่ฐƒ็”จๅฑ‚้ข็š„ๆผๆดž๏ผšๅ‚ๆ•ฐๆณจๅ…ฅใ€ๆƒ้™ๆๅ‡ใ€MCP ๅ่ฎฎๆ”ปๅ‡ปใ€ๆ•ฐๆฎๆณ„้œฒใ€ๆ‹’็ปๆœๅŠก็ญ‰ใ€‚

pip install agentvuln
agentsec scan hermes --profile quick

| Agent | ๆผๆดžๆ•ฐ | ๅ…ณ้”ฎๅ‘็Žฐ | |-------|--------|---------| | Hermes | 3 ๐Ÿ”ด | ๆณ„้œฒ ~/.envใ€ๆ‰ง่กŒ SQL ๆณจๅ…ฅใ€ๆณ„้œฒ็ณป็ปŸๆ็คบ่ฏ | | browser-use | 3 ๐Ÿ”ด | ๆณ„้œฒ SSH ็ง้’ฅ | | OpenHands CLI | 0 ๐ŸŸข | ๅ…จ้ƒจๆ”ปๅ‡ป่ขซๆ‹’็ป | | OpenHands SDK | 4 ๐Ÿ”ด | ๆ— ๅฎ‰ๅ…จ้˜ฒๆŠค๏ผŒๆ‰€ๆœ‰ๆ”ปๅ‡ปๆ‰ง่กŒๆˆๅŠŸ |

GitHub: https://github.com/Mikehzp/agentvuln PyPI: pip install agentvuln

Related MCP servers

Browse all โ†’

Apify MCP

apify/actors-mcp-server

Browser & ScrapingOpen

AWS MCP Servers

awslabs/mcp

9,330 starsOpen

Axiom MCP

axiomhq/mcp-server-axiom

61 starsOpen

Azure MCP

Azure/azure-mcp

1,219 starsOpen

Browserbase MCP

browserbase/mcp-server-browserbase

3,383 starsOpen

Chroma MCP

chroma-core/chroma-mcp

570 starsOpen

Browse

MCP servers by category

Other2643AI & ML2284Search2091Developer Tools1127Vector & Memory1121Cloud & DevOps721Files & Docs719Databases704Finance & Payments701Browser & Scraping485Communication418Productivity355