Skip to main content

Open source agent security suite — intercept, scan, and test your AI agents

Project description

dscan

CI coverage PyPI Python license

Security suite for AI agents.

pip install dscan-security

Quick start

from dscan import watch

@watch
async def my_agent(task: str):
    # your agent code unchanged
    ...
dscan dashboard    # localhost:4321 — see every tool call
dscan scan .       # check before you ship
dscan audit .      # check your MCP servers
dscan attack agent.py  # test like an attacker would

What dscan catches

Module What it detects How
dscan watch Every MCP tool call — params, results, timing, secrets in params Runtime decorator
dscan secrets API keys, PII, credentials in traces before they're logged Regex + entropy
dscan scan Dangerous patterns in system prompts and MCP configs Static analysis
dscan shield Prompt injection and jailbreak attempts in real time LlamaFirewall + regex
dscan trail Multi-step attacks invisible at the single-call level Sequence analysis
dscan attack Vulnerabilities in your live agent — 61 adversarial payloads Active testing
dscan audit Poisoned, over-privileged, or CVE-affected MCP servers Supply chain scan

Commands

dscan watch

from dscan import watch, TrailAnalyzer, ShieldMiddleware

@watch  # minimal — just intercept and log
async def my_agent(task: str): ...

@watch(trail=TrailAnalyzer(), shield=ShieldMiddleware())
async def my_agent(task: str): ...  # full protection

dscan scan

dscan scan .                          # scan current directory
dscan scan ./agent.py                 # scan one file
dscan scan --prompt system_prompt.txt # scan a system prompt

Finds: over-broad permissions, injection vectors, hardcoded secrets, dangerous MCP config patterns. Exit 1 if HIGH findings.

dscan audit

dscan audit                           # auto-discovers mcp.json
dscan audit .cursor/mcp.json         # explicit config
dscan audit . --fail-on critical      # CI mode
dscan audit . --server filesystem     # one server only

Checks: tool poisoning, over-privilege, unpinned versions, known CVEs (CVE-2025-6514, CVE-2025-53967), shadow tools. Exit 1 if findings at or above --fail-on threshold.

dscan trail

dscan trail ~/.dscan/traces/          # analyse existing traces
dscan trail traces/ --min-severity high
dscan trail traces/ --json            # machine-readable output

Detects: EXFIL_SEQUENCE, RECON_WALK, INJECTION_RELAY, DATA_STAGING, GOAL_DRIFT.

dscan shield

dscan shield --setup                  # download models
dscan shield check "some input text"  # test a string
dscan shield check "text" --offline   # regex only, no model
dscan shield status                   # show configuration

Requires: pip install dscan-security[shield]

dscan attack

dscan attack agent.py                 # auto-discovers tools
dscan attack --url http://localhost:8080/chat
dscan attack agent.py --categories prompt_injection,jailbreak
dscan attack agent.py --max-payloads 10 --ci

pytest integration:

from dscan.attack import attack_suite

def test_agent_security():
    report = attack_suite(target=my_agent)
    assert report.critical_count == 0
    assert report.high_count == 0

Attack categories: prompt_injection, jailbreak, tool_misuse, indirect_injection, goal_hijacking, privilege_escalation. Exit 1 if findings at or above --fail-on (default: high).

dscan dashboard

dscan dashboard                       # opens localhost:4321
dscan dashboard --port 4322           # custom port
dscan dashboard --no-open             # don't open browser

Three tabs: Traces (live tool calls), Attack Reports, Audit Reports.


CI/CD integration

# .github/workflows/security.yml
- name: Install dscan
  run: pip install dscan-security

- name: Audit MCP servers
  run: dscan audit . --fail-on high --ci

- name: Attack test agent
  run: |
    python agent.py &
    sleep 2
    dscan attack --url http://localhost:8080 \
      --categories prompt_injection,jailbreak \
      --fail-on high \
      --ci

How it works

dscan intercepts MCP tool calls at the decorator layer, analyses them for security patterns, and stores traces locally at ~/.dscan/. Nothing leaves your machine unless you opt in to cloud traces (Team tier).


Installation

pip install dscan-security           # core (all 7 modules)
pip install dscan-security[shield]   # + LlamaFirewall models

Requires Python 3.11+.


Contributing

See CONTRIBUTING.md. Run tests: pytest tests/ -v


License

MIT — built by DeepScan (deepscan.security)

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

dscan_security-0.3.0.tar.gz (111.4 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

dscan_security-0.3.0-py3-none-any.whl (81.6 kB view details)

Uploaded Python 3

File details

Details for the file dscan_security-0.3.0.tar.gz.

File metadata

  • Download URL: dscan_security-0.3.0.tar.gz
  • Upload date:
  • Size: 111.4 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/6.2.0 CPython/3.11.15

File hashes

Hashes for dscan_security-0.3.0.tar.gz
Algorithm Hash digest
SHA256 e8bd49979e7d4c4c5df7c275a9002888f6ce3ba8a4fee75abd1d09a3c93bfe53
MD5 215d7eb076fdcc06105b094c423d156f
BLAKE2b-256 2394d9ba6ff51b6ca76300548088ea614ae02c30f66a6032fb6a0cd0fe4c891a

See more details on using hashes here.

File details

Details for the file dscan_security-0.3.0-py3-none-any.whl.

File metadata

  • Download URL: dscan_security-0.3.0-py3-none-any.whl
  • Upload date:
  • Size: 81.6 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/6.2.0 CPython/3.11.15

File hashes

Hashes for dscan_security-0.3.0-py3-none-any.whl
Algorithm Hash digest
SHA256 47b8b01d324c666f1715433a1f7461122cb35c44bc940cf5da6c8a0b5075bf95
MD5 310904b46b515bdf0fa537b2ce6a3d68
BLAKE2b-256 ca6b9265ada710adc955927c9bbacde5da9596f38c4437e15a4c6e8639a52cee

See more details on using hashes here.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page