Skip to main content

Static security scanner for AI coding agents and MCP configurations

Project description

AgentSec

AgentSec

Static security scanner for AI coding agents and MCP configurations.

PyPI Python License Tests

AI coding agents have access to your shell, filesystem, network, and secrets. Most agent configurations are never audited for security risks. AgentSec inspects MCP server manifests, Claude Desktop configs, Cursor rules, and agent instruction files for dangerous permissions, prompt injection risks, and secret exposure — with no LLM dependencies and no data leaving your machine.

All findings map to OWASP Top 10 for LLM Applications (LLM01–LLM10) and the OWASP Agentic Security Top 10 (AG01–AG10).

Features

  • 41 security rules covering shell execution, filesystem access, network exfiltration, OAuth scopes, prompt injection, container escape, and credential exposure
  • OWASP LLM + Agentic mapping on every finding
  • 4 output formats: terminal, JSON, Markdown, SARIF v2.1.0
  • CI/CD gating with --fail-on (exit code 1 at severity threshold)
  • Baseline comparison for regression tracking
  • Automatic detection of JSON, YAML, TOML, and Markdown configs
  • Zero runtime dependencies beyond the Python standard library

Installation

pip install agentsec-cli

Requires Python 3.10 or later.

Quick Start

# Scan a project
agentsec scan /path/to/project

# Generate SARIF for CI/CD
agentsec scan . --format sarif > results.sarif

# Gate CI on critical findings
agentsec scan . --fail-on critical

# Baseline comparison
agentsec scan . --update-baseline baseline.json
agentsec scan . --baseline baseline.json

# OWASP mapping
agentsec scan . --show-owasp

Example output:

 Scanning /home/user/dev/mcp-project...

[CRITICAL] MCP shell execution
  File: claude_desktop_config.json
  Server: shell-server
  Description: MCP server can execute shell commands
  Recommendation: Require explicit approval or remove shell access.

[CRITICAL] MCP filesystem write access
  File: claude_desktop_config.json
  Server: filesystem
  Description: MCP server has filesystem write access
  Recommendation: Restrict filesystem access to read-only or specific directories.

Total findings: 4 · Critical: 3 · High: 0 · Medium: 1 · Low: 0

Output Formats

  • terminal (default) — human-readable with severity coloring
  • json — machine-parseable JSON array of findings
  • markdown — formatted report suitable for commit comments
  • sarif — SARIF v2.1.0, compatible with GitHub CodeQL

Supported Config Files

AgentSec automatically detects and scans these file types:

  • MCP servers: mcp.json, mcp.yaml, mcp.toml
  • Claude Desktop: claude_desktop_config.json
  • Cursor: .cursorrules, .cursor/rules/*
  • Codex / Cline: codex.toml, .clinerules
  • Agent instructions: AGENTS.md, CLAUDE.md
  • Infrastructure: Dockerfile, package.json

Documentation

Full documentation: https://locface.github.io/AgentSec/docs/

Contributing

See CONTRIBUTING.md for development setup, testing, and pull request workflow.

Security

Report vulnerabilities privately. See SECURITY.md for our disclosure policy.

License

MIT — see LICENSE.

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

agentsec_cli-1.0.3.tar.gz (28.5 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

agentsec_cli-1.0.3-py3-none-any.whl (22.4 kB view details)

Uploaded Python 3

File details

Details for the file agentsec_cli-1.0.3.tar.gz.

File metadata

  • Download URL: agentsec_cli-1.0.3.tar.gz
  • Upload date:
  • Size: 28.5 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.12

File hashes

Hashes for agentsec_cli-1.0.3.tar.gz
Algorithm Hash digest
SHA256 d3182e9ca1eb2eef6c61a9919cad71e2bf96acedd5700a10572418a72d341924
MD5 ed9ebc9c8e98e7ddd0a4fe3a731d3c2a
BLAKE2b-256 5b4dedc0b3ad2a911312737260e786a8f48f566d658c464d11f2340381124264

See more details on using hashes here.

Provenance

The following attestation bundles were made for agentsec_cli-1.0.3.tar.gz:

Publisher: agentsec.yml on Locface/AgentSec

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file agentsec_cli-1.0.3-py3-none-any.whl.

File metadata

  • Download URL: agentsec_cli-1.0.3-py3-none-any.whl
  • Upload date:
  • Size: 22.4 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.12

File hashes

Hashes for agentsec_cli-1.0.3-py3-none-any.whl
Algorithm Hash digest
SHA256 7ecdb8069fdf941eb8d41f3341636b3d306cb270eb3647cafee5272b53f600e5
MD5 fd72cdfb7a33d71d5603f30b15061047
BLAKE2b-256 9961199268c709962a169aac76574961b456d4b3dee3415cad6f84fc217f80d2

See more details on using hashes here.

Provenance

The following attestation bundles were made for agentsec_cli-1.0.3-py3-none-any.whl:

Publisher: agentsec.yml on Locface/AgentSec

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page