Skip to content

SuvenSeo/agentguard

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

1 Commit
.github/workflows
.github/workflows
 
 
agentguard
agentguard
 
 
templates
templates
 
 
tests
tests
 
 
.gitignore
.gitignore
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
SECURITY.md
SECURITY.md
 
 
pyproject.toml
pyproject.toml
 
 

Repository files navigation

AgentGuard

Local-first security scanner for AI-agent repos, MCP configs, and developer workstations.

AgentGuard is a preflight CLI for developers who let AI agents work on real repositories. It scans the repo and, when requested, known local AI-agent config locations for exposed secrets, risky MCP servers, broad filesystem access, dangerous shell permissions, suspicious agent instructions, and code paths where model output reaches sensitive sinks.

It is designed to be local-first: no account, no cloud upload, and no telemetry.

Install

From this repo:

python -m pip install -e .

Then run:

agentguard scan .
agentguard scan --include-user-configs
agentguard explain AG001
agentguard report --format html
agentguard report --format sarif
agentguard init-ci

You can also run without installing:

python -m agentguard scan .

Example Output

AgentGuard Security Report

High
  AG001 Potential exposed secret - .env:2
  AG014 MCP server can execute arbitrary shell commands - .cursor/mcp.json
  AG021 Agent instruction asks model to ignore safety rules - AGENTS.md:8

Medium
  AG032 Broad filesystem mount or path exposure - .cursor/mcp.json
  AG041 Tool config may leak secrets to an external API - claude_desktop_config.json

Low
  AG070 Missing SECURITY.md - .
  AG071 No CI secret scan detected - .

What v0.1 Scans

  • Secret patterns in repo and config files
  • Private key blocks
  • MCP configs using shell commands or inline command execution
  • Unpinned MCP package runners such as npx, uvx, pipx, or docker
  • Broad filesystem mounts such as user home directories or drive roots
  • Dangerous local agent permission modes such as danger-full-access with approval disabled
  • Risky environment variable passthrough
  • Agent instructions that resemble prompt injection or system prompt leakage
  • Destructive command patterns
  • Code where LLM or agent output appears near shell, eval, SQL, or similar execution sinks
  • Missing SECURITY.md
  • Missing CI secret scanning

Reports

By default, agentguard scan . prints text output and writes:

.agentguard/agentguard-report.json

Generate other formats:

agentguard scan . --format html
agentguard scan . --format sarif --output agentguard.sarif
agentguard report --format html
agentguard report --format sarif

SARIF output can be uploaded to GitHub code scanning.

CI

Create a GitHub Actions workflow:

agentguard init-ci

The generated workflow runs AgentGuard and uploads SARIF. Until AgentGuard is published to a package index, change the install step to install from your repository URL or a checked-out local package.

Rule Explanations

agentguard explain AG014

Each rule includes severity, category, description, remediation, and tags.

Design Position

AgentGuard is not a generic LLM red-teaming framework. It focuses on the developer preflight moment:

Before you give an AI agent access to your repo, run AgentGuard.

That makes the MVP small enough to ship but concrete enough to demonstrate AI security, static analysis, CLI engineering, SARIF reporting, and DevSecOps thinking.

About

Local-first security scanner for AI-agent repos, MCP configs, and developer workstations.

Topics

cli mcp sarif devsecops ai-security llm-security

Resources

Readme

License

MIT license

Security policy

Security policy
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

 
 
 

Contributors

Languages