AgentShield v1.4.0 — AI Agent Security Scanner

AgentShield v1.4.0

AI agent security scanner. 102+ rules across 5 categories. Scans Claude Code, Codex, Cursor, and OpenCode configurations for vulnerabilities.

Quick Start

GitHub Action (CI):

- uses: affaan-m/agentshield@v1.4.0

CLI:

npx ecc-agentshield scan

Drop-in workflow: Copy examples/agentshield-workflow.yml to .github/workflows/ in any repo.

What's New in v1.4.0

• False positive fix — deny rules and PreToolUse block hooks no longer flagged as threats
• CVE database — 25+ known MCP vulnerabilities with detection patterns
• MCP tool poisoning detection — 5 new rules for tool description injection
• Watch mode — continuous scanning with config drift detection
• Runtime monitoring — PreToolUse hook for real-time tool call interception
• Supply chain verification — npm package metadata checks for MCP servers
• PR security gate — baseline comparison with inline annotations
• Org-wide policy enforcement — .agentshield/policy.json for team security baselines
• CLAUDE.md permission check — flags world-writable config files

Stats

• 1,609 tests passing
• 102+ security rules
• A-F grading with 0-100 numeric score
• Formats: terminal, JSON, markdown, HTML

Links

• GitHub
• npm
• ECC Tools

AgentShield v1.3.0 — Deep Scan: 5 Analysis Layers, 120+ Rules, 1280 Tests

What's New in v1.3.0

AgentShield now goes beyond static analysis. The new --deep flag runs 5 analysis layers in a single command.

GitHub Action (NEW)

AgentShield is now available as a GitHub Action! Add security scanning to any CI/CD pipeline:

- uses: affaan-m/agentshield@v1
  with:
    min-severity: medium
    fail-on-findings: true

Features: inline PR annotations, job summary markdown report, configurable severity filter, 4 outputs (score, grade, total-findings, critical-count).

Analysis Engines

• 102+ static security rules across 5 categories
• Injection testing with attack corpus
• Sandbox execution for hooks
• Taint analysis for data flow tracking
• Three-agent Opus adversarial pipeline (Attacker/Defender/Auditor)
• Self-contained dist/action.js (242KB, no external dependencies)

Quick Start

# CLI
npx ecc-agentshield scan

# GitHub Action
uses: affaan-m/agentshield@v1

# Deep scan with Opus pipeline
npx ecc-agentshield scan --deep --opus

Stats

• 102+ rules, 1282 tests
• Grading: A-F with 0-100 numeric score
• Supports: Claude Code, Cursor, OpenCode, Codex CLI, Windsurf

AgentShield v1.2.0 - 102 Rules, 912 Tests

AgentShield v1.2.0

What's New

• 102 security rules (up from 56 in v1.0.0)
• 912 tests with comprehensive coverage
• GitHub Action available at affaan-m/agentshield@v1

New Rule Categories Since v1.0.0

• Clipboard hijacking & log tampering detection
• Auto-approve & timeout manipulation prevention
• Reflection & output manipulation blocking
• Container escape & package install monitoring
• DNS exfiltration & firewall modification detection
• SSH key manipulation & background process detection
• Identity impersonation & crypto mining prevention
• Filesystem destruction & webhook abuse blocking
• CORS bypass & privileged port detection
• Sensitive file access & permissions escalation

3-Agent Adversarial Pipeline (--opus)

Run with npx ecc-agentshield --opus for the full adversarial pipeline:

1. Attacker agent generates sophisticated prompts
2. Defender agent tests rule detection
3. Judge agent evaluates results

Installation

npx ecc-agentshield scan ./path/to/config

GitHub Action

- uses: affaan-m/agentshield@v1
  with:
    scan-path: '.'
    fail-on-critical: true

Full Changelog: v1.0.0...v1.2.0

AgentShield v1.0.0

Initial release - Security auditor for AI agent configurations. Features: 16 static analysis rules, Opus 4.6 adversarial pipeline, 3 output formats, auto-fix, GitHub Action, npx support. Built at the Claude Code Hackathon.