trending

3d ago

AgentRisk - Scan untrusted AI-agent repos before your agent runs them

AgentRisk is a zero-execution preflight scanner and local MCP server for AI-agent artifacts. Point it at a folder, GitHub URL, npm package, or tarball before your coding agent opens it. It flags risky MCP launchers, install scripts, secret-forwarding config, and repo instructions like "read .env" or "ignore approval". Use it from the CLI or as an MCP tool: npx --yes agentrisk@latest mcp config. Exports JSON, Markdown, SARIF, and terminal reports.