Apache-2.0 License

Open Source Security for AI Agents

AgentGuard's scanner core is fully open source. Install locally, scan offline, integrate into your CI/CD pipeline, and contribute to the project.

pip install agentguard-scanner[cli]
Star on GitHub

What's Open vs. What's Paid

Open Source (Free)

  • Scanner core with all 12 modules
  • CLI for local scanning
  • MCP server integration
  • Offline scanning (no data leaves your machine)
  • All severity ratings & findings
  • Apache-2.0 license

Web Dashboard (Paid)

  • Web dashboard & scan history
  • Team management & collaboration
  • Scheduled recurring scans
  • REST API access for automation
  • Priority support
  • Advanced reporting & trends
Try the Dashboard Free

3 Packages, One Scanner

Install only what you need. The core library, CLI, and MCP server are all published as extras of the same package.

agentguard-scanner

The core Python library. Import it into your own scripts, tests, or tooling to scan agent configurations programmatically.

pip install agentguard-scanner

agentguard-scanner[cli]

Command-line interface for scanning from your terminal. Scan config files, URLs, or piped input and get JSON or human-readable output.

pip install agentguard-scanner[cli]

agentguard-scanner[mcp]

MCP server that exposes scanning as a tool for AI agents. Let your agent scan other agents or self-audit via the Model Context Protocol.

pip install agentguard-scanner[mcp]

CI/CD Integration

Catch security issues before they reach production. Add AgentGuard to your existing pipeline in minutes.

GitHub Actions

.github/workflows/agentguard.yml
name: AgentGuard Security Scan
on: [push, pull_request]

jobs:
  scan:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
      - uses: actions/setup-python@v5
        with:
          python-version: "3.11"
      - run: pip install agentguard-scanner[cli]
      - run: agentguard scan ./mcp-config.json --format json

Pre-commit Hook

.pre-commit-config.yaml
# .pre-commit-config.yaml
repos:
  - repo: local
    hooks:
      - id: agentguard-scan
        name: AgentGuard Security Scan
        entry: agentguard scan
        language: system
        files: '\.(json|yaml|yml|toml)$'
        pass_filenames: true

Contributing

AgentGuard is built in the open and contributions are welcome. Here's how to get involved.

Report Issues

Found a bug or false positive? Open an issue on GitHub with reproduction steps and we'll triage it quickly.

Submit PRs

Fork the repo, create a branch, and submit a pull request. We review all PRs and provide feedback within a few days.

Areas We Need Help

New scanner modules, framework detection improvements, prompt injection payload research, and documentation.

View Open Issues

Architecture Overview

The scanner is built as a set of independent checker modules that run in parallel and produce a unified report.

12 Independent Checker Modules

Each module follows the same interface: an async check_all(target) method that returns a list of Finding objects with severity, description, and remediation guidance.

Secret Leak Detection
Prompt Injection Protection
Network Attack Prevention (SSRF)
Tool Safety Verification
Configuration Audit
Authentication Security (8 JWT/auth checks)
MCP Security Audit
Endpoint Exposure Scan
Data Exfiltration Detection
Typosquatting Detection
Excessive Agency Detection
Canary Token Detection

Start Scanning Your Agents

Install the open-source scanner locally or use the web dashboard for team collaboration and scan history.

pip install agentguard-scanner[cli]
View on GitHubWeb Dashboard