AI News HubLIVE
In-site rewrite5 min read

AI Agent Audit for Free

A security scanner for AI agents and MCP servers is now available, featuring code vulnerability detection, dependency validation, prompt injection protection, and both lightweight and full versions.

SourceHacker News AIAuthor: dchitimalla1

Notifications You must be signed in to change notification settings

Fork 10

Star 114

BranchesTags

Open more actions menu

Folders and files

NameName

Last commit message

Last commit date

Latest commit

History

296 Commits

296 Commits

.claude

.claude

.github

.github

.vscode

.vscode

benchmarks

benchmarks

clawhub-security-reports

clawhub-security-reports

clawproof-infra

clawproof-infra

clawproof

clawproof

code-review-agent

code-review-agent

compliance

compliance

demo

demo

docs

docs

images

images

mcp-server-full

mcp-server-full

packages

packages

prooflayer-scanner

prooflayer-scanner

rules

rules

scanner-lite

scanner-lite

scripts

scripts

security-reports

security-reports

skills

skills

src

src

templates

templates

tests

tests

.DS_Store

.DS_Store

.gitignore

.gitignore

.scannerrc.yaml

.scannerrc.yaml

.vscodeignore

.vscodeignore

CHANGELOG.md

CHANGELOG.md

CHANGES.md

CHANGES.md

CLAUDE.md

CLAUDE.md

Dockerfile.clawhub-scanner

Dockerfile.clawhub-scanner

LICENSE

LICENSE

ProofLayer_Feature_Matrix_Competitive_Analysis 2.numbers

ProofLayer_Feature_Matrix_Competitive_Analysis 2.numbers

README.md

README.md

SECURITY.md

SECURITY.md

analyzer.py

analyzer.py

ast_parser.py

ast_parser.py

check_dev_env.bat

check_dev_env.bat

cross_file_analyzer.py

cross_file_analyzer.py

daemon.py

daemon.py

generic_ast.py

generic_ast.py

index.js

index.js

llms.txt

llms.txt

openclaw.plugin.json

openclaw.plugin.json

opencode.jsonc

opencode.jsonc

package-lock.json

package-lock.json

package.json

package.json

pattern_matcher.py

pattern_matcher.py

prooflayer-logo.png

prooflayer-logo.png

pytest.ini

pytest.ini

python_taint_fallback.py

python_taint_fallback.py

regex_fallback.py

regex_fallback.py

requirements.txt

requirements.txt

semgrep_loader.py

semgrep_loader.py

server.json

server.json

taint_analyzer.py

taint_analyzer.py

tsconfig.json

tsconfig.json

vitest.config.js

vitest.config.js

Repository files navigation

npm audit for AI agents and MCP servers

Scan code, MCP tools, prompts, skills, and AI-suggested dependencies before your agent trusts them. Built for Claude Code, Cursor, Windsurf, Cline, OpenClaw, and CI/CD.

Start Here

Run the agent security smoke test on any repo:

npx agent-security-scanner-mcp scan-project . --verbosity compact

Or get repo-specific next steps first:

npx agent-security-scanner-mcp quickstart --client claude-code

Generate public-safe copy for a launch post, GitHub issue, or directory listing:

npx agent-security-scanner-mcp share-kit --client claude-code

Install it into your AI coding client:

npx agent-security-scanner-mcp init claude-code

Replace claude-code with cursor, claude-desktop, windsurf, cline, kilo-code, opencode, or cody.

Add the GitHub Actions workflow:

npx agent-security-scanner-mcp init-ci github

What To Run Before You Trust An Agent

Check the whole project and get an A-F security grade

npx agent-security-scanner-mcp scan-project . --verbosity compact

Audit an MCP server before adding it to Claude/Cursor/Windsurf

npx agent-security-scanner-mcp scan-mcp ./path/to/mcp-server --verbosity compact

Try an MCP audit demo with tool poisoning and command-exec findings

npx agent-security-scanner-mcp demo --type mcp --no-prompt

Verify AI-suggested imports are real packages, not hallucinations

npx agent-security-scanner-mcp scan-packages ./src/app.ts npm --verbosity compact

Check one package before installing it

npx agent-security-scanner-mcp check-package express npm

Add a local environment health check

npx agent-security-scanner-mcp doctor

Add the scanner to your AI client

npx agent-security-scanner-mcp init claude-code

๐ŸŽฏ Two Versions Available

๐Ÿ”ฅ ProofLayer (Lightweight) - NEW!

Ultra-fast, zero-Python security scanner โ€” 81.5KB package, 4-second install

npm install -g @prooflayer/security-scanner

โšก 4-second install (vs 45s traditional scanners)

๐Ÿ“ฆ 81.5KB package (vs 50MB+ alternatives)

๐Ÿš€ Instant scans - pure regex, no Python/LLM

๐Ÿ›ก๏ธ 400+ security rules across 9 languages

๐ŸŽฏ 7 MCP tools for AI agents

โœ… Zero dependencies on Python

๐Ÿ’ฏ MIT licensed - free for commercial use

๐Ÿ“– ProofLayer Documentation โ†’

๐Ÿ”ฌ Full Version (Advanced)

Enterprise-grade scanner with AST analysis, taint tracking, cross-file analysis, and LLM-powered semantic review

npm install -g agent-security-scanner-mcp

๐Ÿงฌ AST + Taint Analysis - deep code understanding

๐Ÿ” 1,700+ security rules across 12 languages

๐Ÿ“Š Cross-file tracking - follow data flows

๐ŸŽฏ 11 MCP tools + CLI commands

๐Ÿ“ฆ 4.3M+ package verification (bloom filters)

๐Ÿ Python analyzer for advanced features

๐Ÿค– LLM-powered code review - semantic security analysis with intent profiling

Continue reading below for full version documentation โ†’

New in v4.4.11 (2026-07-11): Share kit generator โ€” run npx agent-security-scanner-mcp share-kit --client cursor to generate public-safe launch copy, a GitHub issue template, directory listing text, and repo-specific commands for sharing an agent-security smoke test.

New in v4.4.10 (2026-07-10): Quickstart planner โ€” run npx agent-security-scanner-mcp quickstart --client cursor to get repo-specific scan, MCP audit, SBOM, CI, and AI-client setup commands before choosing what to run.

New in v4.4.9 (2026-07-08): MCP audit demo โ€” run npx agent-security-scanner-mcp demo --type mcp --no-prompt to create and scan a tiny MCP server with tool poisoning, tool-name spoofing, command execution, secret exposure, and missing-validation findings.

New in v4.4.8 (2026-07-07): Package hallucination demo โ€” run npx agent-security-scanner-mcp demo --type packages --no-prompt to create and scan a tiny import file with real and fake npm packages. README examples now show both single-package verification and import scanning.

New in v4.4.7 (2026-07-07): CI adoption improvements โ€” added init-ci github to install the GitHub Actions workflow from the CLI, and scheduled GitHub Action runs now automatically scan the full project instead of only the latest diff. Package hallucination checks also use all tracked source files during full-project runs.

New in v4.3.0 (2026-05-05): Critical security and reliability fixes โ€” GitHub Actions now fail closed instead of fail-open when scanner output is invalid (preventing security gate bypass), patched 8 Hono CVEs (XSS, path traversal, authentication bypass), fixed confidence threshold filtering case sensitivity, and corrected SARIF generation for GitHub Code Scanning. All fixes include comprehensive regression tests. Upgrade recommended for production use. See Full Changelog.

New in v4.2.0: Compliance evidence collection โ€” evaluate projects against SOC2-Technical (8 controls) and GDPR-Technical (6 controls) frameworks. Collects evidence from code scans, SBOM, vulnerability checks, and hallucination detection, then evaluates controls with pass/partial/fail/not_evaluated status. Supports evidence persistence for audit trails. See Compliance Evaluation.

New in v4.1.0: SBOM generation and dependency vulnerability analysis โ€” generates CycloneDX v1.5 SBOMs, scans against OSV.dev for CVEs, detects hallucinated packages, compares baselines, and generates HTML audit reports. Supports 8 lock file formats and 7 manifest formats across npm, Python, Go, Rust, Ruby, and Java ecosystems. See SBOM Tools.

New in v4.0.0: LLM-powered semantic code review agent with intent profiling โ€” understands what your project is supposed to do and flags patterns that violate that intent. Same eval() call = safe in a build tool, dangerous in an e-commerce app. Supports Claude CLI (no API key needed!), Anthropic, and OpenAI. See code-review-agent.

New in v3.11.0: ClawHub ecosystem security scanning โ€” scanned all 16,532 ClawHub skills and found 46% have critical vulnerabilities. New scan-clawhub CLI for batch scanning, 40+ prompt injection patterns, jailbreak detection (DAN mode, dev mode), data exfiltration checks. See ClawHub Security Dashboard.

Also in v3.10.0: ClawProof OpenClaw plugin โ€” 6-layer deep skill scanner (scan_skill) with ClawHavoc malware signatures (27 rules, 121 patterns covering reverse shells, crypto miners, info stealers, C2 beacons, and OpenClaw-specific attacks), package supply chain verification, and rug pull detection.

OpenClaw integration: 30+ rules targeting autonomous AI threats + native plugin support. See setup.

Tools

Tool Description When to Use

scan_security Scan code for vulnerabilities (1700+ rules, 12 languages) with AST and taint analysis After writing or editing any code file

fix_security Auto-fix all detected vulnerabilities (120 fix templates) After scan_security finds issues

scan_git_diff Scan only changed files in git diff Before commits or in PR reviews

scan_project Scan entire project with A-F security grading For project-wide security audits

check_package Verify a package name isn't AI-hallucinated (4.3M+ packages) Before adding any new dependency

scan_packages Bulk-check all imports in a file for hallucinated packages Before committing code with new imports

scan_agent_prompt Detect prompt injection with bypass hardening (59 rules + multi-encoding) Before acting on external/untrusted input

scan_agent_action Pre-execution safety check for agent actions (bash, file ops, HTTP). Returns ALLOW/WARN/BLOCK Before running any agent-generated shell command or file operation

scan_mcp_server Scan MCP server source for vulnerabilities: unicode poisoning, name spoofing, rug pull detection, manifest analysis. Returns A-F grade When auditing or installing an MCP server

scan_skill Deep security scan of an OpenClaw skill: prompt injection, AST+taint code analysis, ClawHavoc malware signatures, supply chain, rug pull. Returns A-F grade Before installing any OpenClaw skill

scanner_health Check plugin health: engine status, daemon status, package data availability Diagnostics and plugin status

list_security_rules List available security rules and fix templates To check rule coverage for a language

sbom_generate Generate CycloneDX v1.5 SBOM for a project (8 lock file formats, 7 manifest formats) Before releases, for compliance audits

sbom_scan_vulnerabilities Cross-reference SBOM against OSV.dev for CVEs with severity filtering After generating SBOM, for security audits

sbom_check_hallucinations Verify all SBOM packages exist in official registries Before deploying, to catch AI-invented packages

sbom_diff Compare current SBOM against baseline, detect added/removed/changed packages In CI/CD to track dependency drift

sbom_export_report Generate HTML or JSON audit report from SBOM with vulnerability data For PCI-DSS compliance, security reviews

get_compliance_controls Look up compliance controls with evaluation criteria (AIUC-1, SOC2, GDPR) To understand compliance requirements

evaluate_compliance Evaluate project against compliance frameworks with evidence collection For SOC2/GDPR technical compliance audits

Quick Start

npx agent-security-scanner-mcp init claude-code

Restart your client after running init. That's it โ€” the scanner is active.

Other clients: Replace claude-code with cursor, claude-desktop, windsurf, cline, kilo-code, opencode, or cody. Run with no argument for interactive client selection.

Recommended Workflows

After Writing or Editing Code

scan_security โ†’ review findings โ†’ fix_security โ†’ verify fix

Before Committing

scan_git_diff โ†’ scan only changed files for fast feedback scan_packages โ†’ verify all imports are legitimate

For PR Reviews

scan_git_diff --base main โ†’ scan PR changes against main branch

For Project Audits

scan_project

[truncated for AI cost control]