OpenACA – security scanner for AI agent stacks (MCPs,skills,plugins)

Name: OpenACA – security scanner for AI agent stacks (MCPs,skills,plugins)
Availability: InStock
Author: vinodkone

by vinodkone·Jun 16, 2026·1 point·0 comments

Visit Project View on HN

AI Analysis

●●SolidShip ItBold Bet

SCA for agent configs when Snyk and Dependabot can't read mcp.json files.

Strengths

•Identity resolution normalizes npx refs, Git-backed skills, and marketplace plugins into stable IDs.
•Composition graph traces vulnerable dependencies back to the specific plugin or MCP server.
•Matches against OSV, GHSA, CVE, and MAL records with agent-specific context overlays.

Weaknesses

•V0 early stage with evolving coverage across agent configuration formats.
•Agent security market is emerging—unclear adoption compared to established SCA tools.

Similar Projects

Security●●Solid

Agentsec – Security scanner for AI agent installations (MCP, OpenClaw)

Bundles CI-friendly scanners that target agent-specific risks: 17 patterned secret detectors, prompt-injection and instruction‑malware heuristics, tool/SSRF and MCP auth checks, plus SARIF/JSON outputs for integration. Findings map to the OWASP Top 10 for Agentic Applications (2026) and it adds 'harden' profiles to apply safer defaults to OpenClaw/MCP installs — practical, focused ops tooling rather than a generic secret-finder.

Niche GemSolve My Problem

debu_sinha_1

233mo ago

Security●●●Banger

Aguara – Security scanner for AI agent skills and MCP servers

Semgrep for AI agents—138 rules, offline, catches obfuscated attacks other scanners miss.

Solve My ProblemBig Brain

garagon

123mo ago

Security●●Solid

Security Scanner for Agent Skills and MCP

Finally a security linter for MCP configs before you accidentally execute a prompt injection payload.

Solve My ProblemShip It

lirantal

701mo ago

Security●●●Banger

ClawCare – Security scanner and runtime guard for AI agent skills

Catches malicious skills before they steal your AWS keys or pipe data exfiltration.

Solve My ProblemBig BrainShip It

chendev2

143mo ago

Security○Pass

Security-Risk Patterns in OpenClaw Skills

It actually looks for the weird stuff that trips up LLM agents — invisible Unicode, bidi overrides, embedded curl|bash one-liners, exfil links — and pairs a static skill scanner with a real-time interception flow that forces human approvals. The CLI-first approach (npx safeclaw start) plus Socket.IO alerts and per-command allow/deny decisions show practical thinking about developer workflows; I want to see model/false-positive metrics and enterprise integration docs next.

Niche GemWizardry

dinodrv

203mo ago

Security●●●Banger

A security scanner for AI Agent Skills

Docker sandbox execution catches runtime threats static analysis alone misses.

Big BrainBold Bet

mayziem

502mo ago