AI agent security scanner

Scan risky MCP and AI-agent permissions before they touch production.

AgentFence finds broad filesystem access, secret exposure, destructive commands, unsafe runtime settings, and policy gaps in tool-connected LLM workflows.

View on GitHub Run locally 
$ npx agentfence scan --path .
AgentFence scan complete
Risk score: 100/100 (critical)
Findings: 2 critical, 3 high, 6 medium

Why it matters

AI agents are gaining shell, file, API, and secret access faster than review processes can keep up.

Find risky access

Detect broad paths, admin-like scopes, wildcard network permissions, and shell-enabled workflows.

Catch sharp edges

Flag destructive command patterns, secret-looking config keys, and unsafe runtime settings.

Ship with CI

Generate JSON, HTML, and SARIF reports, then fail builds by score or severity.

Usage

Start with a local scan.

npx agentfence scan --path . \
  --json agentfence-report.json \
  --sarif agentfence-report.sarif \
  --fail-on high

GitHub Action

Add AgentFence to pull requests.

- uses: Dev-Atmos/AgentFence@main
  with:
    path: .
    fail-on: high
    sarif: agentfence-report.sarif