# Agentic Security — LLM/MCP Red-Team Scanner > Agentic Security is a Python tool to probe LLM apps with attack prompts and run scans; it also ships an MCP server entrypoint for tool-based workflows. ## Install Save as a script file and run: ## Quick Use 1. Install: ```bash pip install agentic_security ``` 2. Start the scanner: ```bash agentic_security --help agentic_security ``` 3. (Optional) Install as an MCP server (from a clone): ```bash pip install -U mcp mcp install agentic_security/mcp/main.py ``` ## Intro Agentic Security is a Python tool to probe LLM apps with attack prompts and run scans; it also ships an MCP server entrypoint for tool-based workflows. - **Best for:** security teams validating LLM safety, jailbreak resistance, and tool-call hardening - **Works with:** Python, local datasets (CSV), optional MCP server install - **Setup time:** 15–45 minutes ## Practical Notes - Data point: the README example shows the server running on port 8718. - Quant: run scans against staging first; promote to CI only after false-positive tuning. ## Pattern: build a reproducible red-team harness To avoid one-off, non-repeatable results: - pin the dataset version (CSV), - log model + parameters, - and store scan outputs as artifacts. ## Pattern: scan tool servers too If your agent uses MCP servers, treat them as part of your attack surface: - scan repo code, - scan remote URLs before deployment, - and add allowlists for file/network capabilities. ### FAQ **Q: Is it open-source?** A: Yes. The repo is Apache-2.0 licensed. **Q: Can it run without an MCP client?** A: Yes. You can run the scanner directly as a CLI. **Q: What’s the safest rollout?** A: Start on staging and log everything; then gradually enable CI gates. ## Source & Thanks > Source: https://github.com/msoedov/agentic_security > License: Apache-2.0 > GitHub stars: 1,867 · forks: 249 --- ## 快速使用 1. 安装: ```bash pip install agentic_security ``` 2. 启动扫描器: ```bash agentic_security --help agentic_security ``` 3.(可选)作为 MCP server 安装(从仓库克隆目录执行): ```bash pip install -U mcp mcp install agentic_security/mcp/main.py ``` ## 简介 Agentic Security 是用于扫描与压测 LLM 应用的 Python 工具:可用攻击提示词做探测与基准化复现,并提供 MCP server 入口,便于接入工具化工作流、CI 与安全评审流程。 - **适合谁:** 想评估 jailbreak 风险、工具调用安全性与防护强度的安全团队 - **可搭配:** Python、本地 CSV 数据集、可选的 MCP server 安装方式 - **准备时间:** 15–45 分钟 ## 实战建议 - 数据点:README 示例里服务跑在 8718 端口。 - 量化建议:先对 staging 跑,调好误报率后再接入 CI。 ## 常用打法:把红队评测做成可复现的 harness 避免一次性“跑完就算”的评测: - 固定数据集版本(CSV), - 记录模型与参数, - 把结果作为工件保存。 ## 常用打法:把 MCP server 也纳入扫描面 如果 agent 使用 MCP server,就把它当攻击面的一部分: - 扫代码, - 部署前扫远程 URL, - 对文件/网络能力做 allowlist。 ### FAQ **开源吗?** 答:是的,仓库为 Apache-2.0。 **不接 MCP 也能用吗?** 答:能。它本身就可以作为 CLI 运行。 **最稳的上线方式?** 答:先在 staging 跑并记录日志,再逐步接入 CI 门禁。 ## 来源与感谢 > Source: https://github.com/msoedov/agentic_security > License: Apache-2.0 > GitHub stars: 1,867 · forks: 249 --- Source: https://tokrepo.com/en/workflows/agentic-security-llm-mcp-red-team-scanner Author: Agent Toolkit