๐ก๏ธ AgentShield
March 18, 2026 ยท View on GitHub
Give your AI a health check.
One scan. Thirteen engines. One report.
You found an MCP Server / Skill / Plugin online and want to install it. But you're wondering:
Is this thing safe? Will it steal my API keys? Hijack my AI? Mine crypto?
AgentShield answers that in seconds. One command, 13 independent scanning engines, one clear report.
npx @elliotllliu/agent-shield scan ./that-thing-you-want-to-install
That's it. First run auto-installs all engines. After that, results come in seconds.
See It In Action
๐ก๏ธ ๅฎๅ
จๆฃๆตๆฅๅ
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
๐ ๆฃๆตๅฏน่ฑก: ./mcp-puppeteer
๐ง ๆฃๆตๅผๆ: 13 ไธช็ฌ็ซๆซๆๅจ
โฑ ๆป่ๆถ: 50.2s
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
๐ ๅๆนๆฃๆต็ป่ฎบ
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
๐ AgentShield โ ๅ
็ฝฎๅ่๏ผAI Agent ๅบ็กๆฃๆฅ๏ผ
็ป่ฎบ: โ ๏ธ ๅ็ฐ 1 ๅค้ๅ
ณๆณจ
โข ไปฃ็ ๆททๆท ๐ src/index.ts:1
๐ Aguara โ ้็จไปฃ็ ๅฎๅ
จ
็ป่ฎบ: โ
ๆชๅ็ฐ้ฃ้ฉ
๐ Semgrep โ ไปฃ็ ่ดจ้ไธๆณจๅ
ฅๆฃๆต
็ป่ฎบ: โ
ๆชๅ็ฐ้ฃ้ฉ
๐งช Invariant โ MCP Tool Poisoning ๆฃๆต
็ป่ฎบ: โ
ๆชๅ็ฐ้ฃ้ฉ
๐ฌ Trivy โ ๆผๆดๆซๆ + ๅฏ้ฅๆฃๆต
็ป่ฎบ: โ
ๆชๅ็ฐ้ฃ้ฉ
๐ Gitleaks โ ๅฏ้ฅๅ Token ๆณ้ฒ
็ป่ฎบ: โ
ๆชๅ็ฐ้ฃ้ฉ
๐ Bandit โ Python ไปฃ็ ๅฎๅ
จ
็ป่ฎบ: โ
ๆชๅ็ฐ้ฃ้ฉ
๐ก Bearer โ ๆฐๆฎๆต + ้็งๅๆ
็ป่ฎบ: โ
ๆชๅ็ฐ้ฃ้ฉ
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
๐ ็ปผๅ็ป่ฎบ
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
โ
ๆๆๅผๆๅๆชๆฃๅบ้ฃ้ฉ
๏ผ7/7 ไธชๅค้จๅผๆๆชๆฃๅบ้ฃ้ฉ๏ผ
โ
ๅ้จ/่ฟ็จๆงๅถ โ 7 ไธชๅผๆๅๆชๆฃๅบ
โ
ๆฐๆฎ็ชๅ โ 7 ไธชๅผๆๅๆชๆฃๅบ
โ
Prompt ๆณจๅ
ฅ โ 7 ไธชๅผๆๅๆชๆฃๅบ
โ
ๆ็ฟ่กไธบ โ 7 ไธชๅผๆๅๆชๆฃๅบ
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
One glance: 7 out of 7 external engines say it's clean. All major threats cleared. Safe to install.
Why Trust It?
Because it's not one engine making the call. It's 13 independent scanning engines, each a specialist in their own domain. We bring them together:
| Engine | What it's best at |
|---|---|
| ๐ AgentShield (reference) | AI Agent basics โ skill hijack, prompt injection, MCP runtime |
| ๐ Aguara | General security โ 177 rules, data exfil, taint tracking |
| ๐ Semgrep | Code quality โ 2000+ rules, injection, XSS, hardcoded secrets |
| ๐งช Invariant | MCP-specific โ tool poisoning, cross-origin escalation, rug pull |
| ๐ฌ Trivy | Vulnerability scan + secret detection + SBOM |
| ๐ Gitleaks | Secret and token leak detection |
| ๐ Bandit | Python code security |
| ๐ก Bearer | Data flow + privacy analysis |
| ๐ TruffleHog | Secret detection + verification if active |
| ๐ OSV-Scanner | Dependency vulnerabilities (Google OSV database) |
| ๐ฆ Grype | Dependency vulnerability scanning |
| ๐ข njsscan | Node.js / JavaScript security |
| ๐ detect-secrets | Secret detection (Yelp) |
Each engine has its own strengths. We combine all of them into one report.
The built-in engine is reference-only โ the overall conclusion is decided by the 7 external engines' consensus. The stronger they get, the stronger we get.
First Run
First time you run it, engines are auto-installed (to ~/.agentshield/, no sudo needed):
๐ง ๆฃๆฅๅผๆ...
โ
AgentShield โ ๅทฒๅฐฑ็ปช
๐ฆ Aguara โ ๆญฃๅจๅฎ่ฃ
... ๅฎๆ
๐ฆ Semgrep โ ๆญฃๅจๅฎ่ฃ
... ๅฎๆ
๐ฆ Invariant โ ๆญฃๅจๅฎ่ฃ
... ๅฎๆ
๐ฆ Trivy โ ๆญฃๅจๅฎ่ฃ
... ๅฎๆ
๐ฆ Gitleaks โ ๆญฃๅจๅฎ่ฃ
... ๅฎๆ
๐ฆ Bandit โ ๆญฃๅจๅฎ่ฃ
... ๅฎๆ
๐ฆ Bearer โ ๆญฃๅจๅฎ่ฃ
... ๅฎๆ
One-time setup. After that, it's instant.
What Can It Detect?
| Risk | What it means |
|---|---|
| ๐ด Skill Hijack | It's secretly modifying your AI's config |
| ๐ด Backdoor | It can silently execute arbitrary code |
| ๐ด Remote Control | It's connecting to external servers + opening a shell |
| โ ๏ธ Data Theft | It reads your keys/files and sends them out |
| โ ๏ธ Prompt Injection | It's secretly adding instructions to your AI |
| โ ๏ธ Tool Poisoning | Hidden malicious instructions in tool descriptions |
| โ ๏ธ Obfuscated Code | Code is intentionally unreadable โ might be hiding something |
| โ ๏ธ Vulnerabilities | Known CVEs in dependencies |
| โ ๏ธ Secret Leaks | API keys, tokens, passwords in source code |
| โน๏ธ Excessive Permissions | It asks for more than it needs |
More Options
# HTML report (shareable)
agent-shield scan ./dir --html -o report.html
# JSON (for CI/CD)
agent-shield scan ./dir --json
# Chinese report (default)
agent-shield scan ./dir --lang zh
# SARIF (GitHub Code Scanning)
agent-shield scan ./dir --sarif -o results.sarif
Install
# Recommended: use npx, nothing to install
npx @elliotllliu/agent-shield scan ./my-skill/
# Or install globally
npm install -g @elliotllliu/agent-shield
Our Philosophy
"We don't compete โ we aggregate."
We bring every engine's strengths together, cross-validate their findings, and produce one unified report. The stronger each engine gets, the stronger AgentShield gets.
We're the X-ray machine, not the doctor. We show you what's inside โ you decide whether to install it.
License
MIT