agentsec-cli 1.0.0__tar.gz → 1.0.3__tar.gz
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- {agentsec_cli-1.0.0 → agentsec_cli-1.0.3}/CHANGELOG.md +23 -0
- agentsec_cli-1.0.3/PKG-INFO +137 -0
- agentsec_cli-1.0.3/README.md +109 -0
- {agentsec_cli-1.0.0 → agentsec_cli-1.0.3}/agentsec/__init__.py +1 -1
- {agentsec_cli-1.0.0 → agentsec_cli-1.0.3}/agentsec/sarif.py +2 -2
- agentsec_cli-1.0.3/agentsec_cli.egg-info/PKG-INFO +137 -0
- {agentsec_cli-1.0.0 → agentsec_cli-1.0.3}/pyproject.toml +2 -2
- agentsec_cli-1.0.0/PKG-INFO +0 -399
- agentsec_cli-1.0.0/README.md +0 -371
- agentsec_cli-1.0.0/agentsec_cli.egg-info/PKG-INFO +0 -399
- {agentsec_cli-1.0.0 → agentsec_cli-1.0.3}/CODE_OF_CONDUCT.md +0 -0
- {agentsec_cli-1.0.0 → agentsec_cli-1.0.3}/CONTRIBUTING.md +0 -0
- {agentsec_cli-1.0.0 → agentsec_cli-1.0.3}/LICENSE +0 -0
- {agentsec_cli-1.0.0 → agentsec_cli-1.0.3}/MANIFEST.in +0 -0
- {agentsec_cli-1.0.0 → agentsec_cli-1.0.3}/SECURITY.md +0 -0
- {agentsec_cli-1.0.0 → agentsec_cli-1.0.3}/agentsec/baseline.py +0 -0
- {agentsec_cli-1.0.0 → agentsec_cli-1.0.3}/agentsec/cli.py +0 -0
- {agentsec_cli-1.0.0 → agentsec_cli-1.0.3}/agentsec/owasp.py +0 -0
- {agentsec_cli-1.0.0 → agentsec_cli-1.0.3}/agentsec/parsers/__init__.py +0 -0
- {agentsec_cli-1.0.0 → agentsec_cli-1.0.3}/agentsec/parsers/core.py +0 -0
- {agentsec_cli-1.0.0 → agentsec_cli-1.0.3}/agentsec/parsers/json_parser.py +0 -0
- {agentsec_cli-1.0.0 → agentsec_cli-1.0.3}/agentsec/parsers/toml_parser.py +0 -0
- {agentsec_cli-1.0.0 → agentsec_cli-1.0.3}/agentsec/parsers/yaml_parser.py +0 -0
- {agentsec_cli-1.0.0 → agentsec_cli-1.0.3}/agentsec/report.py +0 -0
- {agentsec_cli-1.0.0 → agentsec_cli-1.0.3}/agentsec/rules/__init__.py +0 -0
- {agentsec_cli-1.0.0 → agentsec_cli-1.0.3}/agentsec/rules/additional.py +0 -0
- {agentsec_cli-1.0.0 → agentsec_cli-1.0.3}/agentsec/rules/base.py +0 -0
- {agentsec_cli-1.0.0 → agentsec_cli-1.0.3}/agentsec/scanner.py +0 -0
- {agentsec_cli-1.0.0 → agentsec_cli-1.0.3}/agentsec/utils/__init__.py +0 -0
- {agentsec_cli-1.0.0 → agentsec_cli-1.0.3}/agentsec/utils/toml_compat.py +0 -0
- {agentsec_cli-1.0.0 → agentsec_cli-1.0.3}/agentsec_cli.egg-info/SOURCES.txt +0 -0
- {agentsec_cli-1.0.0 → agentsec_cli-1.0.3}/agentsec_cli.egg-info/dependency_links.txt +0 -0
- {agentsec_cli-1.0.0 → agentsec_cli-1.0.3}/agentsec_cli.egg-info/entry_points.txt +0 -0
- {agentsec_cli-1.0.0 → agentsec_cli-1.0.3}/agentsec_cli.egg-info/requires.txt +0 -0
- {agentsec_cli-1.0.0 → agentsec_cli-1.0.3}/agentsec_cli.egg-info/top_level.txt +0 -0
- {agentsec_cli-1.0.0 → agentsec_cli-1.0.3}/setup.cfg +0 -0
- {agentsec_cli-1.0.0 → agentsec_cli-1.0.3}/tests/test_baseline.py +0 -0
- {agentsec_cli-1.0.0 → agentsec_cli-1.0.3}/tests/test_compat.py +0 -0
- {agentsec_cli-1.0.0 → agentsec_cli-1.0.3}/tests/test_owasp.py +0 -0
- {agentsec_cli-1.0.0 → agentsec_cli-1.0.3}/tests/test_scanner.py +0 -0
|
@@ -5,6 +5,29 @@ All notable changes to AgentSec will be documented in this file.
|
|
|
5
5
|
The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.1.0/),
|
|
6
6
|
and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
|
|
7
7
|
|
|
8
|
+
## [1.0.3] - 2026-07-03
|
|
9
|
+
|
|
10
|
+
### Fixed
|
|
11
|
+
- Recovered local development history that had never been pushed to GitHub (remote `main` only contained the LICENSE file). Realigned local repo as the canonical history.
|
|
12
|
+
- Corrected version drift: PyPI had `1.0.1` published manually (out-of-band of CI/CD), local files were on `1.0.2` and never tagged or released through the pipeline. Bumped to `1.0.3` as a clean, tagged, pipeline-published baseline.
|
|
13
|
+
|
|
14
|
+
## [1.0.2] - 2026-07-02
|
|
15
|
+
|
|
16
|
+
### Fixed
|
|
17
|
+
- Fixed SARIF spec version (`sarif["version"]` was accidentally set to `1.0.1` instead of `2.1.0`). This broke compatibility with all SARIF consumers including GitHub CodeQL.
|
|
18
|
+
|
|
19
|
+
## [1.0.1] - 2026-07-02
|
|
20
|
+
|
|
21
|
+
### Fixed
|
|
22
|
+
- Fixed version number in SARIF output (was 1.0.0, now 1.0.1)
|
|
23
|
+
- Fixed CI workflow: removed duplicate install steps, added fail-fast, fixed Python matrix
|
|
24
|
+
- Fixed publish workflow: added package validation (wheel install + version check), fixed fail-fast, added Python compatibility check
|
|
25
|
+
- Fixed duplicated dependencies in pyproject.toml (already correct)
|
|
26
|
+
- Fixed version inconsistency across files
|
|
27
|
+
|
|
28
|
+
### Changed
|
|
29
|
+
- Updated version to 1.0.1 in pyproject.toml, agentsec/__init__.py, agentsec/sarif.py
|
|
30
|
+
|
|
8
31
|
## [1.0.0] - 2026-07-02
|
|
9
32
|
|
|
10
33
|
### Added
|
|
@@ -0,0 +1,137 @@
|
|
|
1
|
+
Metadata-Version: 2.4
|
|
2
|
+
Name: agentsec-cli
|
|
3
|
+
Version: 1.0.3
|
|
4
|
+
Summary: Static security scanner for AI coding agents and MCP configurations
|
|
5
|
+
Author: locface
|
|
6
|
+
License-Expression: MIT
|
|
7
|
+
Project-URL: homepage, https://locface.github.io/AgentSec/
|
|
8
|
+
Project-URL: repository, https://github.com/locface/AgentSec
|
|
9
|
+
Project-URL: documentation, https://locface.github.io/AgentSec/docs/
|
|
10
|
+
Project-URL: changelog, https://github.com/locface/AgentSec/blob/main/CHANGELOG.md
|
|
11
|
+
Classifier: Development Status :: 4 - Beta
|
|
12
|
+
Classifier: Intended Audience :: Developers
|
|
13
|
+
Classifier: Programming Language :: Python :: 3
|
|
14
|
+
Classifier: Programming Language :: Python :: 3.10
|
|
15
|
+
Classifier: Programming Language :: Python :: 3.11
|
|
16
|
+
Classifier: Programming Language :: Python :: 3.12
|
|
17
|
+
Classifier: Programming Language :: Python :: 3.13
|
|
18
|
+
Requires-Python: >=3.10
|
|
19
|
+
Description-Content-Type: text/markdown
|
|
20
|
+
License-File: LICENSE
|
|
21
|
+
Requires-Dist: click<9,>=8.0.0
|
|
22
|
+
Requires-Dist: pyyaml<7,>=6.0
|
|
23
|
+
Requires-Dist: toml<1,>=0.10.2
|
|
24
|
+
Requires-Dist: tomli<3,>=2.0.1; python_version < "3.11"
|
|
25
|
+
Provides-Extra: dev
|
|
26
|
+
Requires-Dist: pytest>=7.0.0; extra == "dev"
|
|
27
|
+
Dynamic: license-file
|
|
28
|
+
|
|
29
|
+
<picture>
|
|
30
|
+
<source media="(prefers-color-scheme: dark)" srcset="https://raw.githubusercontent.com/locface/AgentSec/main/docs/images/agentsec-dark.svg">
|
|
31
|
+
<img alt="AgentSec" src="https://raw.githubusercontent.com/locface/AgentSec/main/docs/images/agentsec-light.svg">
|
|
32
|
+
</picture>
|
|
33
|
+
|
|
34
|
+
# AgentSec
|
|
35
|
+
|
|
36
|
+
**Static security scanner for AI coding agents and MCP configurations.**
|
|
37
|
+
|
|
38
|
+
[](https://pypi.org/project/agentsec-cli/)
|
|
39
|
+
[](https://pypi.org/project/agentsec-cli/)
|
|
40
|
+
[](LICENSE)
|
|
41
|
+
[](https://github.com/locface/AgentSec/actions)
|
|
42
|
+
|
|
43
|
+
AI coding agents have access to your shell, filesystem, network, and secrets. Most agent configurations are never audited for security risks. AgentSec inspects MCP server manifests, Claude Desktop configs, Cursor rules, and agent instruction files for dangerous permissions, prompt injection risks, and secret exposure — with no LLM dependencies and no data leaving your machine.
|
|
44
|
+
|
|
45
|
+
All findings map to [OWASP Top 10 for LLM Applications](https://genai.owasp.org/) (LLM01–LLM10) and the [OWASP Agentic Security Top 10](https://owasp.org/) (AG01–AG10).
|
|
46
|
+
|
|
47
|
+
## Features
|
|
48
|
+
|
|
49
|
+
- 41 security rules covering shell execution, filesystem access, network exfiltration, OAuth scopes, prompt injection, container escape, and credential exposure
|
|
50
|
+
- OWASP LLM + Agentic mapping on every finding
|
|
51
|
+
- 4 output formats: terminal, JSON, Markdown, SARIF v2.1.0
|
|
52
|
+
- CI/CD gating with `--fail-on` (exit code 1 at severity threshold)
|
|
53
|
+
- Baseline comparison for regression tracking
|
|
54
|
+
- Automatic detection of JSON, YAML, TOML, and Markdown configs
|
|
55
|
+
- Zero runtime dependencies beyond the Python standard library
|
|
56
|
+
|
|
57
|
+
## Installation
|
|
58
|
+
|
|
59
|
+
```bash
|
|
60
|
+
pip install agentsec-cli
|
|
61
|
+
```
|
|
62
|
+
|
|
63
|
+
Requires Python 3.10 or later.
|
|
64
|
+
|
|
65
|
+
## Quick Start
|
|
66
|
+
|
|
67
|
+
```bash
|
|
68
|
+
# Scan a project
|
|
69
|
+
agentsec scan /path/to/project
|
|
70
|
+
|
|
71
|
+
# Generate SARIF for CI/CD
|
|
72
|
+
agentsec scan . --format sarif > results.sarif
|
|
73
|
+
|
|
74
|
+
# Gate CI on critical findings
|
|
75
|
+
agentsec scan . --fail-on critical
|
|
76
|
+
|
|
77
|
+
# Baseline comparison
|
|
78
|
+
agentsec scan . --update-baseline baseline.json
|
|
79
|
+
agentsec scan . --baseline baseline.json
|
|
80
|
+
|
|
81
|
+
# OWASP mapping
|
|
82
|
+
agentsec scan . --show-owasp
|
|
83
|
+
```
|
|
84
|
+
|
|
85
|
+
Example output:
|
|
86
|
+
|
|
87
|
+
```text
|
|
88
|
+
Scanning /home/user/dev/mcp-project...
|
|
89
|
+
|
|
90
|
+
[CRITICAL] MCP shell execution
|
|
91
|
+
File: claude_desktop_config.json
|
|
92
|
+
Server: shell-server
|
|
93
|
+
Description: MCP server can execute shell commands
|
|
94
|
+
Recommendation: Require explicit approval or remove shell access.
|
|
95
|
+
|
|
96
|
+
[CRITICAL] MCP filesystem write access
|
|
97
|
+
File: claude_desktop_config.json
|
|
98
|
+
Server: filesystem
|
|
99
|
+
Description: MCP server has filesystem write access
|
|
100
|
+
Recommendation: Restrict filesystem access to read-only or specific directories.
|
|
101
|
+
|
|
102
|
+
Total findings: 4 · Critical: 3 · High: 0 · Medium: 1 · Low: 0
|
|
103
|
+
```
|
|
104
|
+
|
|
105
|
+
### Output Formats
|
|
106
|
+
|
|
107
|
+
- **terminal** (default) — human-readable with severity coloring
|
|
108
|
+
- **json** — machine-parseable JSON array of findings
|
|
109
|
+
- **markdown** — formatted report suitable for commit comments
|
|
110
|
+
- **sarif** — SARIF v2.1.0, compatible with GitHub CodeQL
|
|
111
|
+
|
|
112
|
+
### Supported Config Files
|
|
113
|
+
|
|
114
|
+
AgentSec automatically detects and scans these file types:
|
|
115
|
+
|
|
116
|
+
- MCP servers: `mcp.json`, `mcp.yaml`, `mcp.toml`
|
|
117
|
+
- Claude Desktop: `claude_desktop_config.json`
|
|
118
|
+
- Cursor: `.cursorrules`, `.cursor/rules/*`
|
|
119
|
+
- Codex / Cline: `codex.toml`, `.clinerules`
|
|
120
|
+
- Agent instructions: `AGENTS.md`, `CLAUDE.md`
|
|
121
|
+
- Infrastructure: `Dockerfile`, `package.json`
|
|
122
|
+
|
|
123
|
+
## Documentation
|
|
124
|
+
|
|
125
|
+
Full documentation: [https://locface.github.io/AgentSec/docs/](https://locface.github.io/AgentSec/docs/)
|
|
126
|
+
|
|
127
|
+
## Contributing
|
|
128
|
+
|
|
129
|
+
See [CONTRIBUTING.md](CONTRIBUTING.md) for development setup, testing, and pull request workflow.
|
|
130
|
+
|
|
131
|
+
## Security
|
|
132
|
+
|
|
133
|
+
Report vulnerabilities privately. See [SECURITY.md](SECURITY.md) for our disclosure policy.
|
|
134
|
+
|
|
135
|
+
## License
|
|
136
|
+
|
|
137
|
+
MIT — see [LICENSE](LICENSE).
|
|
@@ -0,0 +1,109 @@
|
|
|
1
|
+
<picture>
|
|
2
|
+
<source media="(prefers-color-scheme: dark)" srcset="https://raw.githubusercontent.com/locface/AgentSec/main/docs/images/agentsec-dark.svg">
|
|
3
|
+
<img alt="AgentSec" src="https://raw.githubusercontent.com/locface/AgentSec/main/docs/images/agentsec-light.svg">
|
|
4
|
+
</picture>
|
|
5
|
+
|
|
6
|
+
# AgentSec
|
|
7
|
+
|
|
8
|
+
**Static security scanner for AI coding agents and MCP configurations.**
|
|
9
|
+
|
|
10
|
+
[](https://pypi.org/project/agentsec-cli/)
|
|
11
|
+
[](https://pypi.org/project/agentsec-cli/)
|
|
12
|
+
[](LICENSE)
|
|
13
|
+
[](https://github.com/locface/AgentSec/actions)
|
|
14
|
+
|
|
15
|
+
AI coding agents have access to your shell, filesystem, network, and secrets. Most agent configurations are never audited for security risks. AgentSec inspects MCP server manifests, Claude Desktop configs, Cursor rules, and agent instruction files for dangerous permissions, prompt injection risks, and secret exposure — with no LLM dependencies and no data leaving your machine.
|
|
16
|
+
|
|
17
|
+
All findings map to [OWASP Top 10 for LLM Applications](https://genai.owasp.org/) (LLM01–LLM10) and the [OWASP Agentic Security Top 10](https://owasp.org/) (AG01–AG10).
|
|
18
|
+
|
|
19
|
+
## Features
|
|
20
|
+
|
|
21
|
+
- 41 security rules covering shell execution, filesystem access, network exfiltration, OAuth scopes, prompt injection, container escape, and credential exposure
|
|
22
|
+
- OWASP LLM + Agentic mapping on every finding
|
|
23
|
+
- 4 output formats: terminal, JSON, Markdown, SARIF v2.1.0
|
|
24
|
+
- CI/CD gating with `--fail-on` (exit code 1 at severity threshold)
|
|
25
|
+
- Baseline comparison for regression tracking
|
|
26
|
+
- Automatic detection of JSON, YAML, TOML, and Markdown configs
|
|
27
|
+
- Zero runtime dependencies beyond the Python standard library
|
|
28
|
+
|
|
29
|
+
## Installation
|
|
30
|
+
|
|
31
|
+
```bash
|
|
32
|
+
pip install agentsec-cli
|
|
33
|
+
```
|
|
34
|
+
|
|
35
|
+
Requires Python 3.10 or later.
|
|
36
|
+
|
|
37
|
+
## Quick Start
|
|
38
|
+
|
|
39
|
+
```bash
|
|
40
|
+
# Scan a project
|
|
41
|
+
agentsec scan /path/to/project
|
|
42
|
+
|
|
43
|
+
# Generate SARIF for CI/CD
|
|
44
|
+
agentsec scan . --format sarif > results.sarif
|
|
45
|
+
|
|
46
|
+
# Gate CI on critical findings
|
|
47
|
+
agentsec scan . --fail-on critical
|
|
48
|
+
|
|
49
|
+
# Baseline comparison
|
|
50
|
+
agentsec scan . --update-baseline baseline.json
|
|
51
|
+
agentsec scan . --baseline baseline.json
|
|
52
|
+
|
|
53
|
+
# OWASP mapping
|
|
54
|
+
agentsec scan . --show-owasp
|
|
55
|
+
```
|
|
56
|
+
|
|
57
|
+
Example output:
|
|
58
|
+
|
|
59
|
+
```text
|
|
60
|
+
Scanning /home/user/dev/mcp-project...
|
|
61
|
+
|
|
62
|
+
[CRITICAL] MCP shell execution
|
|
63
|
+
File: claude_desktop_config.json
|
|
64
|
+
Server: shell-server
|
|
65
|
+
Description: MCP server can execute shell commands
|
|
66
|
+
Recommendation: Require explicit approval or remove shell access.
|
|
67
|
+
|
|
68
|
+
[CRITICAL] MCP filesystem write access
|
|
69
|
+
File: claude_desktop_config.json
|
|
70
|
+
Server: filesystem
|
|
71
|
+
Description: MCP server has filesystem write access
|
|
72
|
+
Recommendation: Restrict filesystem access to read-only or specific directories.
|
|
73
|
+
|
|
74
|
+
Total findings: 4 · Critical: 3 · High: 0 · Medium: 1 · Low: 0
|
|
75
|
+
```
|
|
76
|
+
|
|
77
|
+
### Output Formats
|
|
78
|
+
|
|
79
|
+
- **terminal** (default) — human-readable with severity coloring
|
|
80
|
+
- **json** — machine-parseable JSON array of findings
|
|
81
|
+
- **markdown** — formatted report suitable for commit comments
|
|
82
|
+
- **sarif** — SARIF v2.1.0, compatible with GitHub CodeQL
|
|
83
|
+
|
|
84
|
+
### Supported Config Files
|
|
85
|
+
|
|
86
|
+
AgentSec automatically detects and scans these file types:
|
|
87
|
+
|
|
88
|
+
- MCP servers: `mcp.json`, `mcp.yaml`, `mcp.toml`
|
|
89
|
+
- Claude Desktop: `claude_desktop_config.json`
|
|
90
|
+
- Cursor: `.cursorrules`, `.cursor/rules/*`
|
|
91
|
+
- Codex / Cline: `codex.toml`, `.clinerules`
|
|
92
|
+
- Agent instructions: `AGENTS.md`, `CLAUDE.md`
|
|
93
|
+
- Infrastructure: `Dockerfile`, `package.json`
|
|
94
|
+
|
|
95
|
+
## Documentation
|
|
96
|
+
|
|
97
|
+
Full documentation: [https://locface.github.io/AgentSec/docs/](https://locface.github.io/AgentSec/docs/)
|
|
98
|
+
|
|
99
|
+
## Contributing
|
|
100
|
+
|
|
101
|
+
See [CONTRIBUTING.md](CONTRIBUTING.md) for development setup, testing, and pull request workflow.
|
|
102
|
+
|
|
103
|
+
## Security
|
|
104
|
+
|
|
105
|
+
Report vulnerabilities privately. See [SECURITY.md](SECURITY.md) for our disclosure policy.
|
|
106
|
+
|
|
107
|
+
## License
|
|
108
|
+
|
|
109
|
+
MIT — see [LICENSE](LICENSE).
|
|
@@ -90,12 +90,12 @@ def generate_sarif(findings: List[Dict[str, Any]], repo_root: str = ".") -> Dict
|
|
|
90
90
|
"organization": "AgentSec",
|
|
91
91
|
"informationUri": "https://github.com/locface/AgentSec",
|
|
92
92
|
"rules": list(rules.values()),
|
|
93
|
-
"version": "1.0.
|
|
93
|
+
"version": "1.0.3"
|
|
94
94
|
}
|
|
95
95
|
},
|
|
96
96
|
"results": results,
|
|
97
97
|
"properties": {
|
|
98
|
-
"startTimeUtc": datetime.datetime.now(datetime.
|
|
98
|
+
"startTimeUtc": datetime.datetime.now(datetime.timezone.utc).isoformat().replace("+00:00", "Z")
|
|
99
99
|
}
|
|
100
100
|
}
|
|
101
101
|
]
|
|
@@ -0,0 +1,137 @@
|
|
|
1
|
+
Metadata-Version: 2.4
|
|
2
|
+
Name: agentsec-cli
|
|
3
|
+
Version: 1.0.3
|
|
4
|
+
Summary: Static security scanner for AI coding agents and MCP configurations
|
|
5
|
+
Author: locface
|
|
6
|
+
License-Expression: MIT
|
|
7
|
+
Project-URL: homepage, https://locface.github.io/AgentSec/
|
|
8
|
+
Project-URL: repository, https://github.com/locface/AgentSec
|
|
9
|
+
Project-URL: documentation, https://locface.github.io/AgentSec/docs/
|
|
10
|
+
Project-URL: changelog, https://github.com/locface/AgentSec/blob/main/CHANGELOG.md
|
|
11
|
+
Classifier: Development Status :: 4 - Beta
|
|
12
|
+
Classifier: Intended Audience :: Developers
|
|
13
|
+
Classifier: Programming Language :: Python :: 3
|
|
14
|
+
Classifier: Programming Language :: Python :: 3.10
|
|
15
|
+
Classifier: Programming Language :: Python :: 3.11
|
|
16
|
+
Classifier: Programming Language :: Python :: 3.12
|
|
17
|
+
Classifier: Programming Language :: Python :: 3.13
|
|
18
|
+
Requires-Python: >=3.10
|
|
19
|
+
Description-Content-Type: text/markdown
|
|
20
|
+
License-File: LICENSE
|
|
21
|
+
Requires-Dist: click<9,>=8.0.0
|
|
22
|
+
Requires-Dist: pyyaml<7,>=6.0
|
|
23
|
+
Requires-Dist: toml<1,>=0.10.2
|
|
24
|
+
Requires-Dist: tomli<3,>=2.0.1; python_version < "3.11"
|
|
25
|
+
Provides-Extra: dev
|
|
26
|
+
Requires-Dist: pytest>=7.0.0; extra == "dev"
|
|
27
|
+
Dynamic: license-file
|
|
28
|
+
|
|
29
|
+
<picture>
|
|
30
|
+
<source media="(prefers-color-scheme: dark)" srcset="https://raw.githubusercontent.com/locface/AgentSec/main/docs/images/agentsec-dark.svg">
|
|
31
|
+
<img alt="AgentSec" src="https://raw.githubusercontent.com/locface/AgentSec/main/docs/images/agentsec-light.svg">
|
|
32
|
+
</picture>
|
|
33
|
+
|
|
34
|
+
# AgentSec
|
|
35
|
+
|
|
36
|
+
**Static security scanner for AI coding agents and MCP configurations.**
|
|
37
|
+
|
|
38
|
+
[](https://pypi.org/project/agentsec-cli/)
|
|
39
|
+
[](https://pypi.org/project/agentsec-cli/)
|
|
40
|
+
[](LICENSE)
|
|
41
|
+
[](https://github.com/locface/AgentSec/actions)
|
|
42
|
+
|
|
43
|
+
AI coding agents have access to your shell, filesystem, network, and secrets. Most agent configurations are never audited for security risks. AgentSec inspects MCP server manifests, Claude Desktop configs, Cursor rules, and agent instruction files for dangerous permissions, prompt injection risks, and secret exposure — with no LLM dependencies and no data leaving your machine.
|
|
44
|
+
|
|
45
|
+
All findings map to [OWASP Top 10 for LLM Applications](https://genai.owasp.org/) (LLM01–LLM10) and the [OWASP Agentic Security Top 10](https://owasp.org/) (AG01–AG10).
|
|
46
|
+
|
|
47
|
+
## Features
|
|
48
|
+
|
|
49
|
+
- 41 security rules covering shell execution, filesystem access, network exfiltration, OAuth scopes, prompt injection, container escape, and credential exposure
|
|
50
|
+
- OWASP LLM + Agentic mapping on every finding
|
|
51
|
+
- 4 output formats: terminal, JSON, Markdown, SARIF v2.1.0
|
|
52
|
+
- CI/CD gating with `--fail-on` (exit code 1 at severity threshold)
|
|
53
|
+
- Baseline comparison for regression tracking
|
|
54
|
+
- Automatic detection of JSON, YAML, TOML, and Markdown configs
|
|
55
|
+
- Zero runtime dependencies beyond the Python standard library
|
|
56
|
+
|
|
57
|
+
## Installation
|
|
58
|
+
|
|
59
|
+
```bash
|
|
60
|
+
pip install agentsec-cli
|
|
61
|
+
```
|
|
62
|
+
|
|
63
|
+
Requires Python 3.10 or later.
|
|
64
|
+
|
|
65
|
+
## Quick Start
|
|
66
|
+
|
|
67
|
+
```bash
|
|
68
|
+
# Scan a project
|
|
69
|
+
agentsec scan /path/to/project
|
|
70
|
+
|
|
71
|
+
# Generate SARIF for CI/CD
|
|
72
|
+
agentsec scan . --format sarif > results.sarif
|
|
73
|
+
|
|
74
|
+
# Gate CI on critical findings
|
|
75
|
+
agentsec scan . --fail-on critical
|
|
76
|
+
|
|
77
|
+
# Baseline comparison
|
|
78
|
+
agentsec scan . --update-baseline baseline.json
|
|
79
|
+
agentsec scan . --baseline baseline.json
|
|
80
|
+
|
|
81
|
+
# OWASP mapping
|
|
82
|
+
agentsec scan . --show-owasp
|
|
83
|
+
```
|
|
84
|
+
|
|
85
|
+
Example output:
|
|
86
|
+
|
|
87
|
+
```text
|
|
88
|
+
Scanning /home/user/dev/mcp-project...
|
|
89
|
+
|
|
90
|
+
[CRITICAL] MCP shell execution
|
|
91
|
+
File: claude_desktop_config.json
|
|
92
|
+
Server: shell-server
|
|
93
|
+
Description: MCP server can execute shell commands
|
|
94
|
+
Recommendation: Require explicit approval or remove shell access.
|
|
95
|
+
|
|
96
|
+
[CRITICAL] MCP filesystem write access
|
|
97
|
+
File: claude_desktop_config.json
|
|
98
|
+
Server: filesystem
|
|
99
|
+
Description: MCP server has filesystem write access
|
|
100
|
+
Recommendation: Restrict filesystem access to read-only or specific directories.
|
|
101
|
+
|
|
102
|
+
Total findings: 4 · Critical: 3 · High: 0 · Medium: 1 · Low: 0
|
|
103
|
+
```
|
|
104
|
+
|
|
105
|
+
### Output Formats
|
|
106
|
+
|
|
107
|
+
- **terminal** (default) — human-readable with severity coloring
|
|
108
|
+
- **json** — machine-parseable JSON array of findings
|
|
109
|
+
- **markdown** — formatted report suitable for commit comments
|
|
110
|
+
- **sarif** — SARIF v2.1.0, compatible with GitHub CodeQL
|
|
111
|
+
|
|
112
|
+
### Supported Config Files
|
|
113
|
+
|
|
114
|
+
AgentSec automatically detects and scans these file types:
|
|
115
|
+
|
|
116
|
+
- MCP servers: `mcp.json`, `mcp.yaml`, `mcp.toml`
|
|
117
|
+
- Claude Desktop: `claude_desktop_config.json`
|
|
118
|
+
- Cursor: `.cursorrules`, `.cursor/rules/*`
|
|
119
|
+
- Codex / Cline: `codex.toml`, `.clinerules`
|
|
120
|
+
- Agent instructions: `AGENTS.md`, `CLAUDE.md`
|
|
121
|
+
- Infrastructure: `Dockerfile`, `package.json`
|
|
122
|
+
|
|
123
|
+
## Documentation
|
|
124
|
+
|
|
125
|
+
Full documentation: [https://locface.github.io/AgentSec/docs/](https://locface.github.io/AgentSec/docs/)
|
|
126
|
+
|
|
127
|
+
## Contributing
|
|
128
|
+
|
|
129
|
+
See [CONTRIBUTING.md](CONTRIBUTING.md) for development setup, testing, and pull request workflow.
|
|
130
|
+
|
|
131
|
+
## Security
|
|
132
|
+
|
|
133
|
+
Report vulnerabilities privately. See [SECURITY.md](SECURITY.md) for our disclosure policy.
|
|
134
|
+
|
|
135
|
+
## License
|
|
136
|
+
|
|
137
|
+
MIT — see [LICENSE](LICENSE).
|
|
@@ -1,12 +1,12 @@
|
|
|
1
1
|
[project]
|
|
2
2
|
name = "agentsec-cli"
|
|
3
|
-
version = "1.0.
|
|
3
|
+
version = "1.0.3"
|
|
4
4
|
description = "Static security scanner for AI coding agents and MCP configurations"
|
|
5
5
|
readme = "README.md"
|
|
6
6
|
authors = [{name = "locface"}]
|
|
7
7
|
license = "MIT"
|
|
8
8
|
classifiers = [
|
|
9
|
-
"Development Status ::
|
|
9
|
+
"Development Status :: 4 - Beta",
|
|
10
10
|
"Intended Audience :: Developers",
|
|
11
11
|
"Programming Language :: Python :: 3",
|
|
12
12
|
"Programming Language :: Python :: 3.10",
|