OpenA2A: CLI · HackMyAgent · Secretless · AIM · Browser Guard · DVAA
209 static security checks + 29 NanoMind semantic checks + 164 adversarial payloads.
Security scanner, red-team toolkit, and behavioural simulation engine for AI agents. Every artifact (skill, MCP config, SOUL.md, system prompt) is compiled into an Abstract Security Tree before analysis -- semantic understanding, not regex.
npx hackmyagent secureNo config files, no setup, no flags needed.
For a full security dashboard covering credentials, config integrity, shadow AI, and more:
npx opena2a-cli reviewWebsite | Security Checks Reference | Use Cases | Demos | OpenA2A CLI
- NanoMind Semantic Compiler -- compiles every artifact into an Abstract Security Tree. 29 semantic checks query the AST instead of regex on raw text. Catches what pattern matching can't: undeclared capabilities, constraint weakness, scope mismatches, scanner evasion attempts.
- 209 static checks across 44 categories -- credentials, MCP configs, OpenClaw / NemoClaw, Unicode steganography, CVEs, governance, supply chain, memory / RAG poisoning, agent identity, sandbox escape.
- Adaptive red team --
hackmyagent red-team <file>generates target-specific payloads, observes responses, adapts after failures, and maps every defence. - 164 adversarial payloads across 16 categories -- prompt injection, jailbreak, data exfiltration, capability abuse, context manipulation, MCP / A2A exploitation, memory weaponisation, context window, supply chain, tool shadow, parser differential, persistent agent, fake tool, context lifecycle, policy enforcement.
- Behavioural simulation -- 20-probe battery that observes what skills actually do (run with
--deep). - Self-securing -- verifies its own binary on startup. Tampered binaries enter QUARANTINE mode (exit code 3).
Full catalogue in docs/SECURITY_CHECKS.md.
# Run without installing
npx hackmyagent secure
# Install globally
npm install -g hackmyagent
# Or add to your project
npm install --save-dev hackmyagentRequirements: Node.js 18+
my-project v1.0.0 · library
3 critical issues found
Security ━━━━━━━━━━━━━━━━━━━━ 42/100
── Observations ────────────────────────────────────────────
Surfaces library · 47 files
Checks 209 static · 12 semantic (NanoMind AST) · 0 skipped
Categories credentials (3 critical) · MCP (2 high) · 18 others clear
Verdict Not safe to ship. Fix 3 critical issues before using this
in production.
── Findings ────────────────────────────────────────────────
│ CRITICAL Hardcoded API key in .env
│ .env:3
│ sk-ant-api03-**** (Anthropic API key detected)
│ → hackmyagent secure --fix
hackmyagent check <target> accepts any of these. secure scans your own project. scan-soul scans governance.
| Surface | Command | What gets scanned |
|---|---|---|
| Your own project | hackmyagent secure |
209 static checks + NanoMind on current directory |
| A local directory | hackmyagent check ./my-agent/ |
tree + auto-detected artifacts |
| An npm package | hackmyagent check express |
downloads tarball, scans before you install |
| A PyPI package | hackmyagent check pip:requests |
downloads sdist, scans before you install |
| A GitHub repo | hackmyagent check getsentry/sentry-mcp |
clones, scans, reports |
| A published skill | hackmyagent check @publisher/skill |
signature verification + 29 semantic checks |
| A local skill directory | hackmyagent check ./my-skill/ |
skill files + SOUL.md + manifest |
| An MCP server config | hackmyagent check ./my-mcp-server/ |
MCP config + declared tools + scope + dependencies (point at the directory, not the single JSON file) |
| An A2A agent card | hackmyagent check ./my-agent/ |
agent-card capabilities + identity (point at the directory containing the card) |
| A URL tarball | hackmyagent check https://ex.com/pkg.tar.gz |
downloads, scans |
| External infrastructure | hackmyagent scan example.com |
external AI-endpoint inventory |
| Governance (SOUL.md) | hackmyagent scan-soul |
SOUL.md against OASB v2 behavioural controls |
secure-- your own project. Full 209-check scan, auto-fix option, designed for recurring use and CI.check-- something you don't own yet. Pre-install trust check for any surface above.red-team-- generate adaptive attacks against a specific skill / MCP / SOUL. You've scanned it; now you want to see if it resists.attack-- test a live endpoint or local simulation with 164 pre-built adversarial payloads.
hackmyagent secure # scan current directory
hackmyagent secure --fix # auto-fix issues (backups in .hackmyagent-backup/)
hackmyagent secure --fix --dry-run # preview fixes before applying
hackmyagent secure --deep # full behavioural simulation (20 probes)
hackmyagent secure --static-only # static checks only (fast, CI mode)
hackmyagent secure --ignore CRED-001,GIT-002 # skip specific checks
hackmyagent secure --json # JSON output for CI/CD
hackmyagent secure --publish # push anonymised results to OpenA2A Registry
hackmyagent secure -b oasb-1 # OASB-1 benchmark (46 controls, L1/L2/L3 levels)
hackmyagent secure -b oasb-1 --fail-below 70 # CI gateOutput shows an Observations block (surfaces · checks · categories · verdict) and a per-finding list. Every HIGH / CRITICAL finding has a file:line location and a runnable Fix: command.
Runs automatically on every secure scan. On first use it downloads a ~5.5 MB ONNX classifier from HuggingFace and caches it locally.
- 7 AST analysers:
capability,credential,governance,scope,prompt,code,stego. - 9 attack classes: exfiltration, injection, privilege_escalation, persistence, credential_abuse, lateral_movement, social_engineering, policy_violation, benign.
- Flags:
--deepadds 20-probe behavioural simulation;--static-onlydisables the semantic layer;--nanomindopts into per-finding AI threat narratives (specialist model -- does not produce scan-wide summaries).
hackmyagent red-team ./my-skill.md # red-team a skill file
hackmyagent red-team ./SOUL.md --iterations 10 # more attack iterations
hackmyagent red-team ./mcp-config.json --json # JSON outputGenerates target-specific attacks from the artifact's own language and constraints. Iterates up to 5x per category, maps defences, produces specific remediation.
hackmyagent attack --local # local simulation
hackmyagent attack --local --system-prompt "You are helpful" # with custom system prompt
hackmyagent attack https://api.example.com/v1/chat # test live endpoint
hackmyagent attack --local --category prompt-injection # single category
hackmyagent attack https://api.example.com --fail-on-vulnerable medium # CI gate164 payloads across 16 categories: prompt-injection, jailbreak, data-exfiltration, capability-abuse, context-manipulation, mcp-exploitation, a2a-attack, memory-weaponization, context-window, supply-chain, tool-shadow, parser-differential, persistent-agent, fake-tool, context-lifecycle, policy-enforcement-integrity. Full payload catalogue in docs/SECURITY_CHECKS.md.
Only test systems you own or have written authorisation to test.
hackmyagent scan-soul # scan current directory for SOUL.md
hackmyagent scan-soul --deep # LLM semantic analysis (requires ANTHROPIC_API_KEY)
hackmyagent scan-soul --fail-below 60 # CI gate
hackmyagent harden-soul # generate / add missing governance sections
hackmyagent harden-soul --dry-run # preview without writingAuto-detects governance file: SOUL.md > system-prompt.md > CLAUDE.md > .cursorrules > agent-config.yaml.
hackmyagent detect # audit current directory
hackmyagent detect /path/to/project # audit a specific project
hackmyagent detect --json # machine-readable output
hackmyagent detect --export-csv inventory.csv # asset inventory for CMDBInventory of AI tools, MCP servers, and governance gaps across your machine. Detects Claude Code / Cursor / Copilot, MCP configurations (project-local and machine-wide), AI config files with credential references or broad permission grants, and SOUL.md files.
hackmyagent trust server-filesystem # MCP shorthand trust lookup (Registry)
hackmyagent trust --audit package.json # audit all dependencies
hackmyagent explain CRED-001 # explain a check finding
hackmyagent nanomind setup # download optional generative model
hackmyagent nanomind status # check model + runtime statushackmyagent secure auto-detects OpenClaw / NemoClaw installations (.openclaw/, .moltbot/, .nemoclaw/, openclaw.json, openclaw.plugin.json). When detected, 28 NemoClaw + 34 OpenClaw checks run alongside the standard 209. No separate command needed.
- Scan my agent -- 209 checks + auto-fix (5 min)
- Red-team MCP servers -- adversarial payloads (10 min)
- Secure OpenClaw -- CVE detection + ClawHavoc IOCs (10 min)
- CI/CD pipeline -- GitHub Actions with JSON / SARIF (5 min)
hackmyagent --help # All commands and flags
hackmyagent --version # Current version
hackmyagent <command> -h # Help for a specific command
hackmyagent secure --ci # Non-interactive mode for CI/CDAuto-fix catalogue
| Check | Issue | Auto-fix |
|---|---|---|
| CRED-001 | Exposed API keys | Replace with env var reference |
| GIT-001 | Missing .gitignore | Create with secure defaults |
| GIT-002 | Incomplete .gitignore | Add missing patterns |
| PERM-001 | Overly permissive files | Set restrictive permissions |
| MCP-001 | Root filesystem access | Scope to project directory |
| NET-001 | Bound to 0.0.0.0 | Bind to 127.0.0.1 |
| GATEWAY-001 | Gateway bound to 0.0.0.0 | Bind to 127.0.0.1 |
| GATEWAY-003 | Plaintext token | Replace with ${OPENCLAW_AUTH_TOKEN} |
| GATEWAY-004 | Approvals disabled | Enable approvals |
| GATEWAY-005 | Sandbox disabled | Enable sandbox |
Use --dry-run to preview changes. Backups in .hackmyagent-backup/.
opena2a-cli is the unified CLI for all OpenA2A security tools. HackMyAgent powers opena2a review, opena2a scan, opena2a protect, opena2a benchmark, and opena2a scan-soul.
npm install -g opena2a-cli
opena2a review # best place to startARP monitors AI agents during execution with a 3-layer intelligence stack: rule-based pattern matching (40+ patterns), statistical anomaly detection, and LLM-assisted assessment.
opena2a runtime init # generate config
opena2a runtime start # start monitoring
opena2a runtime status # check statusAlso supports HTTP reverse-proxy mode for inspecting OpenAI API, MCP, and A2A protocol traffic. See npx hackmyagent arp-guard proxy --help.
All commands support --json and --ci flags.
name: Agent Security
on: [push, pull_request]
jobs:
scan:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: actions/setup-node@v4
with: { node-version: '20' }
- run: npx hackmyagent secure --json > security-report.json
- run: npx hackmyagent secure -b oasb-1 --fail-below 70SARIF output and pre-commit hook
SARIF (GitHub Security Tab)
- run: npx hackmyagent attack --local -f sarif -o results.sarif --fail-on-vulnerable medium
- uses: github/codeql-action/upload-sarif@v3
with: { sarif_file: results.sarif }Pre-commit Hook
#!/bin/sh
# .git/hooks/pre-commit
npx hackmyagent secure --ignore LOG-001,RATE-001| Code | Meaning |
|---|---|
0 |
Clean -- no critical / high issues |
1 |
Critical or high severity issues found |
2 |
Incomplete scan -- one or more plugins failed |
3 |
QUARANTINE -- binary integrity check failed (tampered installation) |
import { HardeningScanner, AgentRuntimeProtection, AttackScanner } from 'hackmyagent';
// NanoMind Semantic Compiler -- compile artifacts into Abstract Security Trees
import {
SemanticCompiler,
analyzeCapabilities,
analyzeCredentials,
analyzeGovernance,
analyzeScope,
analyzePrompt,
analyzeCode,
getTMEClassifier,
} from 'hackmyagent/nanomind-core';
const compiler = new SemanticCompiler();
const { ast } = await compiler.compile(skillContent, 'my-skill.skill.md');
// ast.intentClassification: 'benign' | 'suspicious' | 'malicious'
// ast.inferredCapabilities, ast.declaredConstraints, ast.inferredRiskSurface
const findings = analyzeCapabilities(ast);See Plugin API documentation for writing custom security plugins.
Contributions welcome. See CONTRIBUTING.md.
git clone https://github.com/opena2a-org/hackmyagent.git
cd hackmyagent && npm install && npm run build && npm testApache-2.0
HackMyAgent is part of the OpenA2A security platform. See all tools: opena2a.org