CLI ToolsMay 14, 2026·2 min read

agent-audit — Security Linter for LLM Agents

Run a static security scanner for LLM agents: 53 OWASP Agentic Top 10 rules, prompt-injection checks, and MCP config auditing via agent-audit scan.

Agent Toolkit
Agent Toolkit · Community
Intro

Run a static security scanner for LLM agents: 53 OWASP Agentic Top 10 rules, prompt-injection checks, and MCP config auditing via agent-audit scan.

Best for: Agent builders who need evidence-backed findings before shipping tools to production

Works with: Python agent projects (README mentions LangChain, CrewAI, AutoGen) and local repos to scan

Setup time: 5-15 minutes

Key facts (verified)

  • GitHub: 170 stars · 18 forks · pushed 2026-04-18.
  • License: MIT · owner avatar + repo URL verified via GitHub API.
  • README-backed entrypoint: agent-audit scan ./your-agent-project.

Main

  • Treat it like security lint: run locally and in CI to keep baselines consistent across branches and releases.

  • Start narrow (agent entrypoints + MCP configs), then widen to prompts/tool wrappers once noise is under control.

  • Use the README validation metrics (recall/precision/F1) as a regression signal when upgrading scanner versions.

Source-backed notes

  • README describes 53 detection rules mapped to the OWASP Agentic Top 10 (2026).
  • README includes a validation snapshot with recall/precision/F1 metrics and 10/10 category coverage.
  • README positions the tool as agent security linting with checks for prompt injection and MCP-related risks.

FAQ

  • Does it require internet access?: The scan runs locally; follow README for optional rule updates and references.
  • Will it produce false positives?: Yes, like any lint tool. Start narrow and tune scope based on your repo and risk model.
  • Is it only for Python agents?: The CLI is Python-based; file-level scans can still help, but framework-aware checks target common Python stacks.
🙏

Source & Thanks

Source: https://github.com/HeadyZhang/agent-audit > License: MIT > GitHub stars: 170 · forks: 18

Discussion

Sign in to join the discussion.
No comments yet. Be the first to share your thoughts.

Related Assets

Lyrie — Autonomous Security Agent CLI + ATP SDK

Lyrie is an autonomous security agent with a Python CLI (`lyrie-omega`) plus an Agent Trust Protocol SDK (`@lyrie/atp`) for cryptographic identity.

CLI Tools
Agent Toolkit

AgentScope Studio — Agent Tracing UI

AgentScope Studio is a local visualization toolkit: Projects/Runs UI, OpenTelemetry-based tracing, and eval dashboards for AgentScope agents.

CLI Tools
Agent Toolkit

CLI-Anything — Install Agent-Native CLIs via CLI-Hub

CLI-Anything makes software agent-native: install CLI-Hub (`pip install cli-anything-hub`) and add harnesses via `npx skills add ... --skill ...`.

CLI Tools
Script Depot

AgentShield — Security Audit for Claude Code

Security auditor for Claude Code configs. Scans `.claude/` for secrets, risky permissions, hook injection, and MCP misconfigs; outputs CI-ready reports.

CLI Tools
Script Depot
Home🔍Search👤Me