We scanned 16 AI agent repos (Skyvern, Dify, CrewAI, PraisonAI, Khoj). 76% of tool calls with real-world side effects, payments, emails, DB writes, deletes, had zero runtime protection. diplomat-agent finds them : pip install diplomat-agent diplomat-agent scan . Zero config. Zero deps (stdlib only). AST, not regex. Outputs: terminal, JSON, SARIF 2.1.0, CSAF 2.0, and toolcalls.yaml — a Behavioral BOM of every side effect your agent can trigger. Maps to OWASP Agentic Top 10. Apache-2.0.