AgentGuard is an open-source static analysis tool purpose-built for AI agent code. It detects 22 classes of security vulnerabilities — including 6 novel attack vectors beyond the OWASP ASI Top 10 — with CWE and CVSS mappings. Scanned 9 major frameworks. 6,173 findings. 56 hand-crafted benchmark samples demonstrate comprehensive rule coverage.
Every rule is traceable to a real-world vulnerability class. No black boxes. No magic. Read the full specification.
Six attack vectors we discovered while auditing real agent codebases. These do not appear in any existing standard or SAST tool.
ShellToolMiddleware during routine scanning. The default ExecutionPolicy.HOST grants unrestricted host command execution with zero sandboxing. Code path: shell_tool.py:503-534. Reported via GitHub Private Vulnerability Reporting. Full technical writeup in the Audit Report.
Every scan is reproducible. Run agentguard . on any of these frameworks and verify the results yourself.
| Framework | Type | Files | Findings | Critical | High |
|---|---|---|---|---|---|
| LangChain | Agent Framework | 1,784 | 452 | 12 | 47 |
| LlamaIndex | Data Framework | 2,951 | 1,003 | 8 | 31 |
| AutoGen | Multi-Agent | 549 | 229 | 11 | 38 |
| CAMEL | Multi-Agent | 899 | 746 | 9 | 52 |
| CrewAI | Role-Based | 84 | 391 | 5 | 28 |
| Qwen-Agent | Assistant | 239 | 441 | 2 | 42 |
| Semantic Kernel | Agent SDK | 561 | 282 | — | — |
| Haystack | LLM Pipeline | 1,540 | 209 | — | — |
| Dify | LLM Platform | 1,886 | 1,725 | — | — |
| OpenAI Agents SDK | Agent SDK | 543 | 695 | — | — |
| Total | — | 11,036 | 6,173 | 47 | 238 |
Full benchmark: 56 hand-crafted samples covering all 22 detection rules.
pip install dfx-agentguard agentguard install --pre-commit
Blocks insecure agent code at commit time. Works with any Git repository.
docker run --rm \ -v $(pwd):/workspace \ ghcr.io/dockfixlabs/agentguard \ .
Zero-install. Works in any CI/CD pipeline. ghcr.io published on every release.
- uses: dockfixlabs/agentguard@v1
with:
path: .
format: sarif
Native GitHub Code Scanning integration. SARIF uploads automatically.