AI Agent Audit for Free
A security scanner for AI agents and MCP servers is now available, featuring code vulnerability detection, dependency validation, prompt injection protection, and both lightweight and full versions.
Notifications You must be signed in to change notification settings
Fork 10
Star 114
BranchesTags
Open more actions menu
Folders and files
NameName
Last commit message
Last commit date
Latest commit
History
296 Commits
296 Commits
.claude
.claude
.github
.github
.vscode
.vscode
benchmarks
benchmarks
clawhub-security-reports
clawhub-security-reports
clawproof-infra
clawproof-infra
clawproof
clawproof
code-review-agent
code-review-agent
compliance
compliance
demo
demo
docs
docs
images
images
mcp-server-full
mcp-server-full
packages
packages
prooflayer-scanner
prooflayer-scanner
rules
rules
scanner-lite
scanner-lite
scripts
scripts
security-reports
security-reports
skills
skills
src
src
templates
templates
tests
tests
.DS_Store
.DS_Store
.gitignore
.gitignore
.scannerrc.yaml
.scannerrc.yaml
.vscodeignore
.vscodeignore
CHANGELOG.md
CHANGELOG.md
CHANGES.md
CHANGES.md
CLAUDE.md
CLAUDE.md
Dockerfile.clawhub-scanner
Dockerfile.clawhub-scanner
LICENSE
LICENSE
ProofLayer_Feature_Matrix_Competitive_Analysis 2.numbers
ProofLayer_Feature_Matrix_Competitive_Analysis 2.numbers
README.md
README.md
SECURITY.md
SECURITY.md
analyzer.py
analyzer.py
ast_parser.py
ast_parser.py
check_dev_env.bat
check_dev_env.bat
cross_file_analyzer.py
cross_file_analyzer.py
daemon.py
daemon.py
generic_ast.py
generic_ast.py
index.js
index.js
llms.txt
llms.txt
openclaw.plugin.json
openclaw.plugin.json
opencode.jsonc
opencode.jsonc
package-lock.json
package-lock.json
package.json
package.json
pattern_matcher.py
pattern_matcher.py
prooflayer-logo.png
prooflayer-logo.png
pytest.ini
pytest.ini
python_taint_fallback.py
python_taint_fallback.py
regex_fallback.py
regex_fallback.py
requirements.txt
requirements.txt
semgrep_loader.py
semgrep_loader.py
server.json
server.json
taint_analyzer.py
taint_analyzer.py
tsconfig.json
tsconfig.json
vitest.config.js
vitest.config.js
Repository files navigation
npm audit for AI agents and MCP servers
Scan code, MCP tools, prompts, skills, and AI-suggested dependencies before your agent trusts them. Built for Claude Code, Cursor, Windsurf, Cline, OpenClaw, and CI/CD.
Start Here
Run the agent security smoke test on any repo:
npx agent-security-scanner-mcp scan-project . --verbosity compact
Or get repo-specific next steps first:
npx agent-security-scanner-mcp quickstart --client claude-code
Generate public-safe copy for a launch post, GitHub issue, or directory listing:
npx agent-security-scanner-mcp share-kit --client claude-code
Install it into your AI coding client:
npx agent-security-scanner-mcp init claude-code
Replace claude-code with cursor, claude-desktop, windsurf, cline, kilo-code, opencode, or cody.
Add the GitHub Actions workflow:
npx agent-security-scanner-mcp init-ci github
What To Run Before You Trust An Agent
Check the whole project and get an A-F security grade
npx agent-security-scanner-mcp scan-project . --verbosity compact
Audit an MCP server before adding it to Claude/Cursor/Windsurf
npx agent-security-scanner-mcp scan-mcp ./path/to/mcp-server --verbosity compact
Try an MCP audit demo with tool poisoning and command-exec findings
npx agent-security-scanner-mcp demo --type mcp --no-prompt
Verify AI-suggested imports are real packages, not hallucinations
npx agent-security-scanner-mcp scan-packages ./src/app.ts npm --verbosity compact
Check one package before installing it
npx agent-security-scanner-mcp check-package express npm
Add a local environment health check
npx agent-security-scanner-mcp doctor
Add the scanner to your AI client
npx agent-security-scanner-mcp init claude-code
๐ฏ Two Versions Available
๐ฅ ProofLayer (Lightweight) - NEW!
Ultra-fast, zero-Python security scanner โ 81.5KB package, 4-second install
npm install -g @prooflayer/security-scanner
โก 4-second install (vs 45s traditional scanners)
๐ฆ 81.5KB package (vs 50MB+ alternatives)
๐ Instant scans - pure regex, no Python/LLM
๐ก๏ธ 400+ security rules across 9 languages
๐ฏ 7 MCP tools for AI agents
โ Zero dependencies on Python
๐ฏ MIT licensed - free for commercial use
๐ ProofLayer Documentation โ
๐ฌ Full Version (Advanced)
Enterprise-grade scanner with AST analysis, taint tracking, cross-file analysis, and LLM-powered semantic review
npm install -g agent-security-scanner-mcp
๐งฌ AST + Taint Analysis - deep code understanding
๐ 1,700+ security rules across 12 languages
๐ Cross-file tracking - follow data flows
๐ฏ 11 MCP tools + CLI commands
๐ฆ 4.3M+ package verification (bloom filters)
๐ Python analyzer for advanced features
๐ค LLM-powered code review - semantic security analysis with intent profiling
Continue reading below for full version documentation โ
New in v4.4.11 (2026-07-11): Share kit generator โ run npx agent-security-scanner-mcp share-kit --client cursor to generate public-safe launch copy, a GitHub issue template, directory listing text, and repo-specific commands for sharing an agent-security smoke test.
New in v4.4.10 (2026-07-10): Quickstart planner โ run npx agent-security-scanner-mcp quickstart --client cursor to get repo-specific scan, MCP audit, SBOM, CI, and AI-client setup commands before choosing what to run.
New in v4.4.9 (2026-07-08): MCP audit demo โ run npx agent-security-scanner-mcp demo --type mcp --no-prompt to create and scan a tiny MCP server with tool poisoning, tool-name spoofing, command execution, secret exposure, and missing-validation findings.
New in v4.4.8 (2026-07-07): Package hallucination demo โ run npx agent-security-scanner-mcp demo --type packages --no-prompt to create and scan a tiny import file with real and fake npm packages. README examples now show both single-package verification and import scanning.
New in v4.4.7 (2026-07-07): CI adoption improvements โ added init-ci github to install the GitHub Actions workflow from the CLI, and scheduled GitHub Action runs now automatically scan the full project instead of only the latest diff. Package hallucination checks also use all tracked source files during full-project runs.
New in v4.3.0 (2026-05-05): Critical security and reliability fixes โ GitHub Actions now fail closed instead of fail-open when scanner output is invalid (preventing security gate bypass), patched 8 Hono CVEs (XSS, path traversal, authentication bypass), fixed confidence threshold filtering case sensitivity, and corrected SARIF generation for GitHub Code Scanning. All fixes include comprehensive regression tests. Upgrade recommended for production use. See Full Changelog.
New in v4.2.0: Compliance evidence collection โ evaluate projects against SOC2-Technical (8 controls) and GDPR-Technical (6 controls) frameworks. Collects evidence from code scans, SBOM, vulnerability checks, and hallucination detection, then evaluates controls with pass/partial/fail/not_evaluated status. Supports evidence persistence for audit trails. See Compliance Evaluation.
New in v4.1.0: SBOM generation and dependency vulnerability analysis โ generates CycloneDX v1.5 SBOMs, scans against OSV.dev for CVEs, detects hallucinated packages, compares baselines, and generates HTML audit reports. Supports 8 lock file formats and 7 manifest formats across npm, Python, Go, Rust, Ruby, and Java ecosystems. See SBOM Tools.
New in v4.0.0: LLM-powered semantic code review agent with intent profiling โ understands what your project is supposed to do and flags patterns that violate that intent. Same eval() call = safe in a build tool, dangerous in an e-commerce app. Supports Claude CLI (no API key needed!), Anthropic, and OpenAI. See code-review-agent.
New in v3.11.0: ClawHub ecosystem security scanning โ scanned all 16,532 ClawHub skills and found 46% have critical vulnerabilities. New scan-clawhub CLI for batch scanning, 40+ prompt injection patterns, jailbreak detection (DAN mode, dev mode), data exfiltration checks. See ClawHub Security Dashboard.
Also in v3.10.0: ClawProof OpenClaw plugin โ 6-layer deep skill scanner (scan_skill) with ClawHavoc malware signatures (27 rules, 121 patterns covering reverse shells, crypto miners, info stealers, C2 beacons, and OpenClaw-specific attacks), package supply chain verification, and rug pull detection.
OpenClaw integration: 30+ rules targeting autonomous AI threats + native plugin support. See setup.
Tools
Tool Description When to Use
scan_security Scan code for vulnerabilities (1700+ rules, 12 languages) with AST and taint analysis After writing or editing any code file
fix_security Auto-fix all detected vulnerabilities (120 fix templates) After scan_security finds issues
scan_git_diff Scan only changed files in git diff Before commits or in PR reviews
scan_project Scan entire project with A-F security grading For project-wide security audits
check_package Verify a package name isn't AI-hallucinated (4.3M+ packages) Before adding any new dependency
scan_packages Bulk-check all imports in a file for hallucinated packages Before committing code with new imports
scan_agent_prompt Detect prompt injection with bypass hardening (59 rules + multi-encoding) Before acting on external/untrusted input
scan_agent_action Pre-execution safety check for agent actions (bash, file ops, HTTP). Returns ALLOW/WARN/BLOCK Before running any agent-generated shell command or file operation
scan_mcp_server Scan MCP server source for vulnerabilities: unicode poisoning, name spoofing, rug pull detection, manifest analysis. Returns A-F grade When auditing or installing an MCP server
scan_skill Deep security scan of an OpenClaw skill: prompt injection, AST+taint code analysis, ClawHavoc malware signatures, supply chain, rug pull. Returns A-F grade Before installing any OpenClaw skill
scanner_health Check plugin health: engine status, daemon status, package data availability Diagnostics and plugin status
list_security_rules List available security rules and fix templates To check rule coverage for a language
sbom_generate Generate CycloneDX v1.5 SBOM for a project (8 lock file formats, 7 manifest formats) Before releases, for compliance audits
sbom_scan_vulnerabilities Cross-reference SBOM against OSV.dev for CVEs with severity filtering After generating SBOM, for security audits
sbom_check_hallucinations Verify all SBOM packages exist in official registries Before deploying, to catch AI-invented packages
sbom_diff Compare current SBOM against baseline, detect added/removed/changed packages In CI/CD to track dependency drift
sbom_export_report Generate HTML or JSON audit report from SBOM with vulnerability data For PCI-DSS compliance, security reviews
get_compliance_controls Look up compliance controls with evaluation criteria (AIUC-1, SOC2, GDPR) To understand compliance requirements
evaluate_compliance Evaluate project against compliance frameworks with evidence collection For SOC2/GDPR technical compliance audits
Quick Start
npx agent-security-scanner-mcp init claude-code
Restart your client after running init. That's it โ the scanner is active.
Other clients: Replace claude-code with cursor, claude-desktop, windsurf, cline, kilo-code, opencode, or cody. Run with no argument for interactive client selection.
Recommended Workflows
After Writing or Editing Code
scan_security โ review findings โ fix_security โ verify fix
Before Committing
scan_git_diff โ scan only changed files for fast feedback scan_packages โ verify all imports are legitimate
For PR Reviews
scan_git_diff --base main โ scan PR changes against main branch
For Project Audits
scan_project
[truncated for AI cost control]