Open source agent security suite — intercept, scan, and test your AI agents
Project description
dscan
Security suite for AI agents.
pip install dscan-security
Quick start
from dscan import watch
@watch
async def my_agent(task: str):
# your agent code unchanged
...
dscan dashboard # localhost:4321 — see every tool call
dscan scan . # check before you ship
dscan audit . # check your MCP servers
dscan attack agent.py # test like an attacker would
What dscan catches
| Module | What it detects | How |
|---|---|---|
dscan watch |
Every MCP tool call — params, results, timing, secrets in params | Runtime decorator |
dscan secrets |
API keys, PII, credentials in traces before they're logged | Regex + entropy |
dscan scan |
Dangerous patterns in system prompts and MCP configs | Static analysis |
dscan shield |
Prompt injection and jailbreak attempts in real time | LlamaFirewall + regex |
dscan trail |
Multi-step attacks invisible at the single-call level | Sequence analysis |
dscan attack |
Vulnerabilities in your live agent — 61 adversarial payloads | Active testing |
dscan audit |
Poisoned, over-privileged, or CVE-affected MCP servers | Supply chain scan |
Commands
dscan watch
from dscan import watch, TrailAnalyzer, ShieldMiddleware
@watch # minimal — just intercept and log
async def my_agent(task: str): ...
@watch(trail=TrailAnalyzer(), shield=ShieldMiddleware())
async def my_agent(task: str): ... # full protection
dscan scan
dscan scan . # scan current directory
dscan scan ./agent.py # scan one file
dscan scan --prompt system_prompt.txt # scan a system prompt
Finds: over-broad permissions, injection vectors, hardcoded secrets, dangerous MCP config patterns. Exit 1 if HIGH findings.
dscan audit
dscan audit # auto-discovers mcp.json
dscan audit .cursor/mcp.json # explicit config
dscan audit . --fail-on critical # CI mode
dscan audit . --server filesystem # one server only
Checks: tool poisoning, over-privilege, unpinned versions, known CVEs (CVE-2025-6514, CVE-2025-53967), shadow tools. Exit 1 if findings at or above --fail-on threshold.
dscan trail
dscan trail ~/.dscan/traces/ # analyse existing traces
dscan trail traces/ --min-severity high
dscan trail traces/ --json # machine-readable output
Detects: EXFIL_SEQUENCE, RECON_WALK, INJECTION_RELAY, DATA_STAGING, GOAL_DRIFT.
dscan shield
dscan shield --setup # download models
dscan shield check "some input text" # test a string
dscan shield check "text" --offline # regex only, no model
dscan shield status # show configuration
Requires: pip install dscan-security[shield]
dscan attack
dscan attack agent.py # auto-discovers tools
dscan attack --url http://localhost:8080/chat
dscan attack agent.py --categories prompt_injection,jailbreak
dscan attack agent.py --max-payloads 10 --ci
pytest integration:
from dscan.attack import attack_suite
def test_agent_security():
report = attack_suite(target=my_agent)
assert report.critical_count == 0
assert report.high_count == 0
Attack categories: prompt_injection, jailbreak, tool_misuse, indirect_injection, goal_hijacking, privilege_escalation. Exit 1 if findings at or above --fail-on (default: high).
dscan dashboard
dscan dashboard # opens localhost:4321
dscan dashboard --port 4322 # custom port
dscan dashboard --no-open # don't open browser
Three tabs: Traces (live tool calls), Attack Reports, Audit Reports.
CI/CD integration
# .github/workflows/security.yml
- name: Install dscan
run: pip install dscan-security
- name: Audit MCP servers
run: dscan audit . --fail-on high --ci
- name: Attack test agent
run: |
python agent.py &
sleep 2
dscan attack --url http://localhost:8080 \
--categories prompt_injection,jailbreak \
--fail-on high \
--ci
How it works
dscan intercepts MCP tool calls at the decorator layer, analyses them for security patterns, and stores traces locally at ~/.dscan/. Nothing leaves your machine unless you opt in to cloud traces (Team tier).
Installation
pip install dscan-security # core (all 7 modules)
pip install dscan-security[shield] # + LlamaFirewall models
Requires Python 3.11+.
Contributing
See CONTRIBUTING.md. Run tests: pytest tests/ -v
License
MIT — built by DeepScan (deepscan.security)
Project details
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file dscan_security-0.3.0.tar.gz.
File metadata
- Download URL: dscan_security-0.3.0.tar.gz
- Upload date:
- Size: 111.4 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.11.15
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
e8bd49979e7d4c4c5df7c275a9002888f6ce3ba8a4fee75abd1d09a3c93bfe53
|
|
| MD5 |
215d7eb076fdcc06105b094c423d156f
|
|
| BLAKE2b-256 |
2394d9ba6ff51b6ca76300548088ea614ae02c30f66a6032fb6a0cd0fe4c891a
|
File details
Details for the file dscan_security-0.3.0-py3-none-any.whl.
File metadata
- Download URL: dscan_security-0.3.0-py3-none-any.whl
- Upload date:
- Size: 81.6 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.11.15
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
47b8b01d324c666f1715433a1f7461122cb35c44bc940cf5da6c8a0b5075bf95
|
|
| MD5 |
310904b46b515bdf0fa537b2ce6a3d68
|
|
| BLAKE2b-256 |
ca6b9265ada710adc955927c9bbacde5da9596f38c4437e15a4c6e8639a52cee
|