🛡️ AgentAudit GitHub Action

Automated security scanning for AI packages in your CI/CD pipeline

Scan MCP servers, AI skills, and npm/pip packages against the AgentAudit Trust Registry on every push and pull request. Fail builds when risky packages are detected.

---

Why?

AI agents install packages on your behalf. MCP servers, skills, and tools often get pulled in without any security review. AgentAudit catches risky packages before they reach your production environment.

This GitHub Action integrates the AgentAudit Trust Registry into your CI/CD pipeline, giving you automated security gates with zero configuration.

---

🚀 Quick Start

name: Security Scan
on: [push, pull_request]

jobs:
  agentaudit:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4

      - name: AgentAudit Security Scan
        uses: agentaudit-dev/agentaudit-github-action@v1
        with:
          packages: 'mcp-server-fetch,desktop-commander'
          fail-on: 'unsafe'

That's it. The action queries the registry, generates a summary table, and fails the build if any package exceeds your risk threshold.

---

📋 Usage

Scan specific packages

- uses: agentaudit-dev/agentaudit-github-action@v1
  with:
    packages: 'mcp-server-fetch,desktop-commander,fastmcp'
    fail-on: 'unsafe'

Auto-detect from project files

Automatically discovers packages from package.json dependencies and requirements.txt:

- uses: agentaudit-dev/agentaudit-github-action@v1
  with:
    scan-config: 'true'
    fail-on: 'caution'

Combined (explicit + auto-detect)

- uses: agentaudit-dev/agentaudit-github-action@v1
  with:
    packages: 'custom-mcp-server'
    scan-config: 'true'
    fail-on: 'unsafe'

Full workflow example

name: CI
on:
  push:
    branches: [main]
  pull_request:

jobs:
  security:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4

      - name: AgentAudit Security Scan
        id: audit
        uses: agentaudit-dev/agentaudit-github-action@v1
        with:
          packages: 'mcp-server-fetch,supabase-mcp'
          scan-config: 'true'
          fail-on: 'caution'

      # Use outputs in subsequent steps
      - name: Check results
        if: steps.audit.outputs.has-issues == 'true'
        run: echo "Security issues detected!"

---

⚙️ Inputs

Input	Description	Required	Default
packages	Comma-separated package slugs to scan	No	''
scan-config	Auto-detect packages from package.json / requirements.txt	No	'false'
fail-on	Risk threshold to fail the build: unsafe, caution, or any	No	'unsafe'
api-url	AgentAudit API base URL	No	https://www.agentaudit.dev

fail-on thresholds

Value	Fails when...
unsafe	Any package is rated 🚨 unsafe
caution	Any package is rated ⚠️ caution or worse
any	Any package is not ✅ safe (including ❓ unknown)

---

📤 Outputs

Output	Description	Example
results	JSON array of scan results per package	[{"slug":"mcp-server-fetch","rating":"safe",...}]
has-issues	'true' if any package exceeds the threshold	'true' / 'false'

---

🚦 Risk Levels

Level	Trust Score	Meaning
✅ safe	≥ 70	No known security issues
⚠️ caution	40-69	Minor concerns found, review recommended
🚨 unsafe	< 40	Significant security risks detected
❓ unknown	--	Package not yet in the AgentAudit database

---

📊 Workflow Summary

The action automatically writes a markdown summary table to your GitHub Actions workflow run:

Package	Rating	Score	Status
mcp-server-fetch	✅ safe	92	Pass
desktop-commander	⚠️ caution	55	❌ Exceeds threshold
unknown-pkg	❓ unknown	--	❌ Exceeds threshold

This appears in your PR checks and workflow run details, giving reviewers instant visibility into package security.

---

🔍 How It Works

Push / PR triggers workflow
        │
        ▼
┌──────────────────┐
│  Collect Packages │  ← from `packages` input + auto-detect
└────────┬─────────┘
         │
         ▼
┌──────────────────┐
│  Query Registry   │  ← agentaudit.dev/api/findings
└────────┬─────────┘
         │
    ┌────┴────┐
    ▼         ▼
  Found    Not Found
    │         │
    ▼         ▼
 Get risk   Mark as
 level      "unknown"
    │         │
    └────┬────┘
         ▼
┌──────────────────┐
│  Generate Summary │  ← Markdown table in workflow run
└────────┬─────────┘
         │
         ▼
┌──────────────────┐
│  Check Threshold  │  ← fail-on: unsafe/caution/any
└────────┬─────────┘
    ┌────┴────┐
    ▼         ▼
  Pass      Fail
   ✅        ❌

Auto-detection

When scan-config: 'true', the action scans:

File	What it reads
package.json	dependencies + devDependencies keys
requirements.txt	Package names (ignores comments, version specifiers)

---

🎯 What AgentAudit Detects

The trust registry contains audit results from LLM-powered 3-pass security analysis covering:

Core Security	AI-Specific
MCP-Specific	Persistence & Obfuscation

50+ detection patterns across 8 categories. See the full pattern list.

---

💡 Tips

Protect your main branch

# Only scan on PRs to main
on:
  pull_request:
    branches: [main]

Use strict mode for production

# Fail on anything that's not explicitly safe
- uses: agentaudit-dev/agentaudit-github-action@v1
  with:
    scan-config: 'true'
    fail-on: 'any'  # strictest setting

Combine with other security tools

AgentAudit focuses on AI-specific threats. Pair it with traditional tools for full coverage:

Tool	Focus
AgentAudit	AI/MCP-specific attacks, prompt injection, tool poisoning
Dependabot / Snyk	Known CVEs, outdated dependencies
CodeQL / Semgrep	General code patterns, bugs

---

🔗 Related

	Project	Description
🌐	agentaudit.dev	Trust Registry -- browse packages, findings, leaderboard
📦	agentaudit (npm)	CLI + MCP Server -- npx agentaudit audit <url>
🛡️	agentaudit-skill	Agent Skill -- pre-install security gate for Claude Code, Cursor, Windsurf
📚	agentaudit-cli	Source repo for CLI + MCP server

---

📄 License

AGPL-3.0 -- Free for open source use. Commercial license available for proprietary integrations.

---

Secure your AI stack in CI/CD. Scan before you ship.

Trust Registry · Leaderboard · Report Issues