JSPM

  • ESM via JSPM
  • ES Module Entrypoint
  • Export Map
  • Keywords
  • License
  • Repository URL
  • TypeScript Types
  • README
  • Created
  • Published
  • Downloads 37
  • Score
    100M100P100Q72041F
  • License MIT

Multi-engine AI agent security scanner β€” one scan, four engines, one report

Package Exports

    This package does not declare an exports field, so the exports above have been automatically detected and optimized by JSPM instead. If any package subpath is missing, it is recommended to post an issue to the original package (@elliotllliu/agent-shield) to support the "exports" field. If that is not possible, create a JSPM override to customize the exports field for this package.

    Readme

    πŸ›‘οΈ AgentShield

    Give your AI a health check.

    One scan. Four engines. One report.

    δΈ­ζ–‡ζ–‡ζ‘£

    You found an MCP Server / Skill / Plugin online and want to install it. But you're wondering:

    Is this thing safe? Will it steal my API keys? Hijack my AI? Mine crypto?

    AgentShield answers that in 3 seconds. One command, 4 independent scanning engines, one clear report.

    npx @elliotllliu/agent-shield scan ./that-thing-you-want-to-install

    That's it. First run auto-installs all engines. After that, results come in seconds.

    See It In Action

    When risks are found

    πŸ›‘οΈ  Security Report
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━

πŸ“ Target:   ./mcp-playwright
πŸ”§ Engines:  4 independent scanners
⏱  Time:     12.3s

──────────────────────────────────────────────────────
πŸ” Individual Conclusions
──────────────────────────────────────────────────────

πŸ›‘οΈ AgentShield β€” AI Agent Security
   Verdict: ⚠️ 2 items need attention
   β€’ Code obfuscation
     πŸ“ src/index.ts:1

πŸ” Aguara β€” General Code Security
   Verdict: βœ… No risks found

πŸ”Ž Semgrep β€” Code Quality & Injection
   Verdict: βœ… No risks found

πŸ§ͺ Invariant β€” MCP Tool Poisoning
   Verdict: βœ… No risks found

──────────────────────────────────────────────────────
πŸ“Š Overall Assessment
──────────────────────────────────────────────────────

βœ… Safe overall, minor notes
   3/4 engines found no issues

  βœ… Backdoors        β€” All 4 engines clear
  βœ… Data theft        β€” All 4 engines clear
  βœ… Prompt injection  β€” All 4 engines clear
  βœ… Crypto mining     β€” All 4 engines clear

━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━

    One glance: 3 out of 4 engines say it's clean. All major threats cleared. Safe to install.

    When everything is clean

    βœ… All engines found no risks

  βœ… Backdoors        β€” All 4 engines clear
  βœ… Data theft        β€” All 4 engines clear
  βœ… Prompt injection  β€” All 4 engines clear
  βœ… Crypto mining     β€” All 4 engines clear

    All green. Go ahead and install.

    Why Trust It?

    Because it's not one engine making the call. It's 4 independent scanning engines, each a specialist in their own domain. We don't compete with them β€” we bring them together.

    Engine What it's best at
    πŸ›‘οΈ AgentShield AI Agent threats β€” skill hijack, prompt injection, MCP runtime
    πŸ” Aguara General security β€” 177 rules, data exfil, taint tracking
    πŸ”Ž Semgrep Code quality β€” 2000+ rules, injection, XSS, hardcoded secrets
    πŸ§ͺ Invariant MCP-specific β€” tool poisoning, cross-origin escalation, rug pull

    Each engine has its own strengths. We combine all of them into one report.

    The stronger they get, the stronger we get. We're not building another scanner β€” we're building the layer that makes every scanner better by cross-validating their results.

    If 3 engines say safe and 1 says dangerous β†’ probably a false positive. If 3 engines say dangerous β†’ it's real.

    First Run

    First time you run it, engines are auto-installed (to ~/.agentshield/, no sudo needed):

    πŸ”§ Checking engines...
  βœ… AgentShield β€” Ready
  πŸ“¦ Aguara β€” Installing... Done
  πŸ“¦ Semgrep β€” Installing... Done
  πŸ“¦ Invariant β€” Installing... Done

    One-time setup. After that, it's instant.

    What Can It Detect?

    Risk What it means
    πŸ”΄ Skill Hijack It's secretly modifying your AI's config
    πŸ”΄ Backdoor It can silently execute arbitrary code
    πŸ”΄ Remote Control It's connecting to external servers + opening a shell
    ⚠️ Data Theft It reads your keys/files and sends them out
    ⚠️ Prompt Injection It's secretly adding instructions to your AI
    ⚠️ Tool Poisoning Hidden malicious instructions in tool descriptions
    ⚠️ Obfuscated Code Code is intentionally unreadable β€” might be hiding something
    ℹ️ Excessive Permissions It asks for more than it needs

    More Options

    # HTML report (shareable)
agent-shield scan ./dir --html -o report.html

# JSON (for CI/CD)
agent-shield scan ./dir --json

# Chinese report (default)
agent-shield scan ./dir --lang zh

# SARIF (GitHub Code Scanning)
agent-shield scan ./dir --sarif -o results.sarif

    Install

    # Recommended: use npx, nothing to install
npx @elliotllliu/agent-shield scan ./my-skill/

# Or install globally
npm install -g @elliotllliu/agent-shield

    Our Philosophy

    "We don't compete β€” we aggregate."

    Snyk has great agent scanning. Cisco has skill-scanner. Semgrep has 2000+ rules. Invariant catches tool poisoning. Each one is excellent at what they do.

    We bring them all together. We combine every engine's strengths, cross-validate their findings, and produce one unified report. The stronger each engine gets, the stronger AgentShield gets.

    We're the X-ray machine, not the doctor. We show you what's inside β€” you decide whether to install it. But we make that decision easy by giving you every expert's opinion in one place.

    License

    MIT