Static security scanner for AI coding agents and MCP configurations
Project description
AgentSec
Static security scanner for AI coding agents and MCP configurations.
AI coding agents have access to your shell, filesystem, network, and secrets. Most agent configurations are never audited for security risks. AgentSec inspects MCP server manifests, Claude Desktop configs, Cursor rules, and agent instruction files for dangerous permissions, prompt injection risks, and secret exposure — with no LLM dependencies and no data leaving your machine.
All findings map to OWASP Top 10 for LLM Applications (LLM01–LLM10) and the OWASP Agentic Security Top 10 (AG01–AG10).
Features
- 41 security rules covering shell execution, filesystem access, network exfiltration, OAuth scopes, prompt injection, container escape, and credential exposure
- OWASP LLM + Agentic mapping on every finding
- 4 output formats: terminal, JSON, Markdown, SARIF v2.1.0
- CI/CD gating with
--fail-on(exit code 1 at severity threshold) - Baseline comparison for regression tracking
- Automatic detection of JSON, YAML, TOML, and Markdown configs
- Zero runtime dependencies beyond the Python standard library
Installation
pip install agentsec-cli
Requires Python 3.10 or later.
Quick Start
# Scan a project
agentsec scan /path/to/project
# Generate SARIF for CI/CD
agentsec scan . --format sarif > results.sarif
# Gate CI on critical findings
agentsec scan . --fail-on critical
# Baseline comparison
agentsec scan . --update-baseline baseline.json
agentsec scan . --baseline baseline.json
# OWASP mapping
agentsec scan . --show-owasp
Example output:
Scanning /home/user/dev/mcp-project...
[CRITICAL] MCP shell execution
File: claude_desktop_config.json
Server: shell-server
Description: MCP server can execute shell commands
Recommendation: Require explicit approval or remove shell access.
[CRITICAL] MCP filesystem write access
File: claude_desktop_config.json
Server: filesystem
Description: MCP server has filesystem write access
Recommendation: Restrict filesystem access to read-only or specific directories.
Total findings: 4 · Critical: 3 · High: 0 · Medium: 1 · Low: 0
Output Formats
- terminal (default) — human-readable with severity coloring
- json — machine-parseable JSON array of findings
- markdown — formatted report suitable for commit comments
- sarif — SARIF v2.1.0, compatible with GitHub CodeQL
Supported Config Files
AgentSec automatically detects and scans these file types:
- MCP servers:
mcp.json,mcp.yaml,mcp.toml - Claude Desktop:
claude_desktop_config.json - Cursor:
.cursorrules,.cursor/rules/* - Codex / Cline:
codex.toml,.clinerules - Agent instructions:
AGENTS.md,CLAUDE.md - Infrastructure:
Dockerfile,package.json
Documentation
Full documentation: https://locface.github.io/AgentSec/docs/
Contributing
See CONTRIBUTING.md for development setup, testing, and pull request workflow.
Security
Report vulnerabilities privately. See SECURITY.md for our disclosure policy.
License
MIT — see LICENSE.
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file agentsec_cli-1.0.1.tar.gz.
File metadata
- Download URL: agentsec_cli-1.0.1.tar.gz
- Upload date:
- Size: 28.3 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.12.3
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
d66f0f8ff1146e0696fc1b6d09625a236b2ebdb44de45c8c708a7c2f855ae673
|
|
| MD5 |
4def2619e59083c2d051b0b25f37aaaa
|
|
| BLAKE2b-256 |
9d72811eb67b9200e76327f8a2a9449ac3d914b3f793dcda6a276e5eb32791ea
|
File details
Details for the file agentsec_cli-1.0.1-py3-none-any.whl.
File metadata
- Download URL: agentsec_cli-1.0.1-py3-none-any.whl
- Upload date:
- Size: 22.4 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.12.3
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
09e9779b56f394d96c9331e3f57d2e5873d297bee9438d8a674dea741624f4a6
|
|
| MD5 |
8e4ca8850531e41a1cc5c71d57288c01
|
|
| BLAKE2b-256 |
e77802e04fc0f645dec64069abf03ba8c6f060551ccac1a053469eb3d808a297
|