Security●●●Banger
We scanned 500 ClawHub skills for security risks – 10% were dangerous
19-pattern MCP tool security scanner filling a real gap in agent ecosystem governance.
Solve My ProblemBig Brain
yusufjacobs
313mo ago
Back to browse
GitHub Repository
Check what an AI agent can access before you run it
27 starsGo
Agentcheck – Check what an AI agent can access before you run it
by Bibabomas·Mar 8, 2026·4 points·1 comment
AI Analysis
●●●BangerSolve My ProblemBig Brain
Audits AI agent blast radius across AWS/GCP/Azure/k8s before execution—real security gap.
Strengths
- •Solves a genuine problem: AI agents inherit dangerous ambient authority (creds, SSH keys, k8s contexts) transparently
- •Severity taxonomy (CRITICAL/HIGH/MODERATE/LOW) with CI/CD integration makes findings actionable
- •Broad scanner coverage (100+ API keys, Terraform, Docker, cloud IAM, k8s) without API calls—entirely local
Weaknesses
- •Early-stage adoption and visibility—unknown how well it catches real-world backdoor scenarios
- •CLI-only; would benefit from dashboard/IDE integration for ambient visibility
Category
Target Audience
DevOps engineers, platform teams, developers using AI agents in production shells
Similar To
HashiCorp Boundary · OWASP DependencyCheck
Post Description
Hey HN! I've just open-sourced agentcheck, a fast, read-only CLI tool that scans your shell and reports what an AI agent could access: cloud IAM credentials, API keys, Kubernetes contexts, local tools, and more.
Main features:
- Broad coverage: scans AWS, GCP, Azure, 100+ API key environment variables and credential files, Kubernetes, Docker, SSH keys, Terraform configs, and .env files
- Severity levels: every finding is tagged LOW, MODERATE, HIGH, or CRITICAL so you know what actually matters
- CI/CD integration: run agentcheck --ci to fail a pipeline if findings exceed a configurable threshold, with JSON and Markdown output for automation
- Configurable: extend it with your own env vars, credential files, and CLI tool checks via a config file
When you hand a shell to an AI agent, it inherits everything in that environment: cloud credentials, API keys, SSH keys, kubectl contexts. That's often more access than you'd consciously grant, and it’s hard to keep track of what permissions your user account actually has. Agentcheck makes that surface area visible before you run the agent.
It’s a single Go binary, no dependencies. Install with Homebrew:
brew install Pringled/tap/agentcheck
Code: github.com/Pringled/agentcheck
Let me know if you have any feedback!
Similar Projects
Security●●Solid
Clawned.io Crowdsource public security scanner for OpenClaw skills
60+ threat patterns in sub-2s, but OpenClaw's ecosystem appears niche and unverified.
Solve My ProblemShip It
jensec
123mo ago
Security●●Solid
Scan your AI agent's code for tool calls with no checks
Finds unguarded agent tool calls before your LLM charges a customer twice.
Big BrainShip It
jguarnelli
206d ago
Security●●●Banger
ClawShell, Process-Level Isolation for OpenClaw Credentials
Moves credential security from prompt-injection hope to OS process isolation for agents.
Solve My ProblemZero to One
guanlan
1013mo ago
Developer Tools●●Solid
VR.dev – Open-source verifiers for what AI agents did
38 verifiers across 19 domains catch false successes before users do.
Big BrainSolve My Problem
SkiFreeWin3
322mo ago
AI/ML●Mid
AgentGrade – agent-readiness guide for your site
Timely concept checking for /llms.txt, but it's just four HTTP GET requests.
Bold Bet
usiegj00
711mo ago