Open Source Security Scanner

Security Scanner
for AI Agents

Scan. Fix. Harden. Get a security score out of 100 for your AI agent installation. Detect CVEs, misconfigurations, and exposed secrets in seconds.

Install Now View on GitHub
Terminal 
$ agent-armor scan

  AgentArmor Security Scan  OpenClaw
  ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━

  Score: 72/100 (117/163 pts)

  Authentication                     8/12
     Gateway auth enabled                 4/4
     Token auth mode (recommended)        4/4
     Auth token strength                  0/4

  Known Vulnerabilities (CVE)         41/51
     CVE-2026-28446 (CVSS 9.2)           5/5
     CVE-2026-22172 (CVSS 9.9)           0/5
      Installed: 2026.2.20 — Fixed in: 2026.3.12
     CVE-2026-25253 (CVSS 8.8)           3/3

  Secrets Management                  9/12
     No plaintext secrets in config       3/3
     Password not hardcoded               0/3
      Fix: Use OPENCLAW_GATEWAY_PASSWORD env var

  ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
  2 critical, 3 warnings
15
CVEs Tracked
45+
Security Checks
14
Categories
0-100
Security Score

Everything You Need to Secure AI Agents

A comprehensive security toolkit built for the AI agent ecosystem.

🔍

CVE Scanning

Checks against 15 known OpenClaw CVEs with CVSS scores up to 9.9. Detects vulnerable versions and actively exploitable configurations.

🔧

Auto-Fix

One command to harden your installation. Fixes permissions, generates strong tokens, patches config, and removes dangerous flags.

🔐

Secrets Detection

Scans for hardcoded API keys, tokens, and passwords across 10 secret patterns including OpenAI, GitHub, AWS, Slack, and more.

🛡️

Config Hardening

Validates 30+ configuration settings against official security docs. Auth, sandboxing, network exposure, tool authorization, and more.

Single Binary

Built in Rust. Ships as one self-contained binary — no runtime, no dependencies. Copy it to any Mac and run.

🔌

Pluggable Architecture

Add support for new AI agents by implementing a simple trait. OpenClaw today, more agents coming soon.

Three Steps to a Secure Agent

Install, scan, and fix. It takes less than a minute.

1

Install

$ cargo install agent-armor

# or
$ brew install agent-armor
  coming soon
2

Scan

$ agent-armor scan

  Score: 42/100
  5 critical, 8 warnings
3

Fix

$ agent-armor fix

  Backup created successfully.
  Score: 42/100  93/100 (+51)
  Applied 12 of 12 fixes.

What It Checks

16 categories, 45+ individual checks, 163 total points.

Category
Checks
Points
Authentication
3
12
Known CVEs
15
51
Secrets Management
5
12
File Permissions
3
10
Network Exposure
3
12
Tool Authorization
3
10
Exec Security
3
10
Sandboxing
3
10
DM Security
2
8
Group Security
2
6
Browser Security
2
6
Dangerous Flags
1
6
Logging & Privacy
2
4
mDNS/Discovery
1
2
Control UI
2
2
Plugins
1
2
Total
45+
163

Install AgentArmor

Choose your preferred installation method.

From Source

Clone and build locally

$ git clone https://github.com/
  Zen-Open-Source/AgentArmor.git
$ cd AgentArmor
$ cargo build --release
Recommended

Via Cargo

Rust package manager

$ cargo install agent-armor

Homebrew

Coming soon

$ brew install agent-armor
  coming soon

AgentArmor is Open Source

Star us on GitHub and help secure the AI agent ecosystem.

Star on GitHub