Security scanner for AI agents and MCP configurations - Based on OWASP Agentic Top 10

Navigation

Verified details

These details have been verified by PyPI
Project links
GitHub Statistics
Maintainers
Avatar for HeadyZhang from gravatar.com HeadyZhang

Unverified details

These details have not been verified by PyPI
Meta
  • License: MIT License (MIT)
  • Author: Agent Security Team
  • Tags ai , agent , security , mcp , audit , owasp , vulnerability , scanner
  • Requires: Python <4.0, >=3.9
  • Provides-Extra: tree-sitter
Classifiers
Report project as malware

Project description

Agent Audit

PyPI version Python License: MIT CI

🛡️ Security scanner for AI agents and MCP configurations. Detects vulnerabilities based on the OWASP Agentic Top 10.

🛡️ 基于 OWASP Agentic Top 10 的 AI Agent 和 MCP 配置安全扫描器

✨ Features | 功能特性

  • 🔍 Python AST Scanning - Detects dangerous patterns like shell=True, eval(), and tainted input flows
  • ⚙️ MCP Configuration Scanning - Validates MCP server configurations for security issues
  • 🔐 Secret Detection - Finds hardcoded credentials (AWS keys, API tokens, private keys)
  • 🌐 Runtime MCP Inspection - Probes MCP servers without executing tools ("Agent Nmap")
  • 📊 Multiple Output Formats - Terminal, JSON, SARIF (for GitHub Code Scanning), Markdown
  • 🔍 Python AST 扫描 - 检测危险模式,如 shell=Trueeval()、受污染的输入流
  • ⚙️ MCP 配置扫描 - 验证 MCP 服务器配置的安全问题
  • 🔐 密钥检测 - 发现硬编码凭证(AWS 密钥、API Token、私钥)
  • 🌐 MCP 运行时检查 - 在不执行工具的情况下探测 MCP 服务器
  • 📊 多种输出格式 - 终端、JSON、SARIF、Markdown

🚀 Quick Start | 快速开始

Installation | 安装

pip install agent-audit

Basic Usage | 基本使用

# Scan current directory | 扫描当前目录
agent-audit scan .

# Scan with JSON output | JSON 格式输出
agent-audit scan ./my-agent --format json

# Scan with SARIF output for GitHub Code Scanning
# SARIF 格式输出(用于 GitHub 代码扫描)
agent-audit scan . --format sarif --output results.sarif

# Fail CI on critical findings only | 仅在严重问题时失败
agent-audit scan . --fail-on critical

# Inspect an MCP server at runtime | 运行时检查 MCP 服务器
agent-audit inspect stdio -- npx -y @modelcontextprotocol/server-filesystem /tmp

Development / Local Package | 开发模式

When contributing or validating changes, run the local package instead of the installed one:

cd packages/audit

# Option A: Editable install
pip install -e .

# Option B: PYTHONPATH (no install)
PYTHONPATH="$(pwd):$PYTHONPATH" python -m agent_audit scan /path/to/target

Without this, agent-audit may use an older global install (e.g. v0.2.0) instead of v0.5.x.

🔗 GitHub Action

Add Agent Audit to your CI/CD pipeline | 添加到你的 CI/CD 流程:

name: Security Scan
on: [push, pull_request]

jobs:
  agent-audit:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
      
      - name: Run Agent Audit
        uses: HeadyZhang/agent-audit@v1
        with:
          path: '.'
          fail-on: 'high'
          upload-sarif: 'true'

Action Inputs | Action 参数

Input Description Default
path Path to scan .
format Output format: terminal, json, sarif, markdown sarif
severity Minimum severity: info, low, medium, high, critical low
fail-on Exit with error if findings at this severity high
baseline Path to baseline file for incremental scanning -
upload-sarif Upload SARIF to GitHub Security tab true

🎯 Detected Issues | 检测规则

Rule ID Title Severity
AGENT-001 Command Injection via Unsanitized Input 🔴 Critical
AGENT-002 Excessive Agent Permissions 🟡 Medium
AGENT-003 Potential Data Exfiltration Chain 🟠 High
AGENT-004 Hardcoded Credentials 🔴 Critical
AGENT-005 Unverified MCP Server 🟠 High

⚙️ Configuration | 配置

Create .agent-audit.yaml to customize scanning | 创建 .agent-audit.yaml 自定义扫描:

# Allowed network hosts | 允许的网络主机
allowed_hosts:
  - "*.internal.company.com"
  - "api.openai.com"

# Ignore rules | 忽略规则
ignore:
  - rule_id: AGENT-003
    paths:
      - "auth/**"
    reason: "Auth module legitimately communicates externally"

# Scan settings | 扫描设置
scan:
  exclude:
    - "tests/**"
    - "venv/**"
  min_severity: low
  fail_on: high

📈 Baseline Scanning | 基线扫描

Track new findings incrementally | 增量跟踪新发现:

# Save current findings as baseline | 保存当前发现为基线
agent-audit scan . --save-baseline baseline.json

# Only report new findings | 仅报告新发现
agent-audit scan . --baseline baseline.json

📖 CLI Reference | 命令行参考

Usage: agent-audit [OPTIONS] COMMAND [ARGS]...

Commands:
  scan     Scan agent code and configurations
  inspect  Inspect an MCP server at runtime
  init     Initialize configuration file

Options:
  --version   Show version
  -v          Enable verbose output
  -q          Only show errors
  --help      Show this message

🛠️ Development | 开发

See CONTRIBUTING.md for development setup and guidelines.

查看 CONTRIBUTING.md 了解开发设置和指南。

# Clone the repository | 克隆仓库
git clone https://github.com/HeadyZhang/agent-audit
cd agent-audit

# Install dependencies | 安装依赖
cd packages/audit
poetry install

# Run tests | 运行测试
poetry run pytest tests/ -v

# Run the scanner | 运行扫描器
poetry run agent-audit scan .

📄 License | 许可证

MIT License - see LICENSE for details.

🙏 Acknowledgments | 致谢

Made with ❤️ for the AI agent security community

Project details

Verified details

These details have been verified by PyPI
Project links
GitHub Statistics
Maintainers
Avatar for HeadyZhang from gravatar.com HeadyZhang

Unverified details

These details have not been verified by PyPI
Meta
  • License: MIT License (MIT)
  • Author: Agent Security Team
  • Tags ai , agent , security , mcp , audit , owasp , vulnerability , scanner
  • Requires: Python <4.0, >=3.9
  • Provides-Extra: tree-sitter
Classifiers

Release history Release notifications | RSS feed

0.18.2

0.18.1

0.18.0

0.17.1

0.17.0

0.16.0

0.15.1

0.12.0

0.8.0

0.7.0

This version

0.5.2

0.2.0

0.1.0

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

agent_audit-0.5.2.tar.gz (126.8 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

agent_audit-0.5.2-py3-none-any.whl (144.2 kB view details)

Uploaded Python 3

File details

Details for the file agent_audit-0.5.2.tar.gz.

File metadata

  • Download URL: agent_audit-0.5.2.tar.gz
  • Upload date:
  • Size: 126.8 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.7

File hashes

Hashes for agent_audit-0.5.2.tar.gz
Algorithm Hash digest
SHA256 743868eadfd7dd3cf272be8a2d81f8cb9842d096c5b4a984628f84cee917bbaf
MD5 13cc20cccaedd92cc4186d50af470b84
BLAKE2b-256 670429a3ca0cbb172be824e8ebf6a3b7e5a4a615f131e263e7704470c9868550

See more details on using hashes here.

Provenance

The following attestation bundles were made for agent_audit-0.5.2.tar.gz:

Publisher: publish.yml on HeadyZhang/agent-audit

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file agent_audit-0.5.2-py3-none-any.whl.

File metadata

  • Download URL: agent_audit-0.5.2-py3-none-any.whl
  • Upload date:
  • Size: 144.2 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.7

File hashes

Hashes for agent_audit-0.5.2-py3-none-any.whl
Algorithm Hash digest
SHA256 c7a2b2a2a37294543b31b91be5588963ed29cf34ea7b77bbe84433e4e65bad68
MD5 c737932aa3354138ffa65b201eb77242
BLAKE2b-256 a7ee68f60724fbcc3827b0a9457a669fc11e627598c1a28698fd3aaed4d4e63e

See more details on using hashes here.

Provenance

The following attestation bundles were made for agent_audit-0.5.2-py3-none-any.whl:

Publisher: publish.yml on HeadyZhang/agent-audit

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page