opena2a init
Assess project security posture. Shows score with recovery path -- run opena2a protect to fix findings.
init vs shield init: opena2a init is a read-only security assessment that scores your project without modifying anything. For the full 11-step security setup (policy generation, shell hooks, event log, and more), use opena2a shield init.
Usage
opena2a init [options]Description
Scans a project directory for hardcoded credentials, evaluates security hygiene (gitignore, .env protection, lock files, security config, MCP config, LLM server exposure, AI config files), detects credential scope drift, and computes a security score from 0-100. All auto-fixable findings point to opena2a protect as the single remediation command.
Options
| Flag | Type | Description |
|---|---|---|
--dir <path> | string | Target directory. Defaults to current working directory. |
--verbose | boolean | Show individual credential details. |
--format <type> | text | json | Output format. Default: text. |
--ci | boolean | CI mode. No interactive prompts. |
Output
The assessment includes:
- Project name, version, type (Node.js, Go, Python, MCP server)
- Credential scan with severity breakdown (critical/high/medium/low)
- Scope drift detection (e.g., Google Maps key used with Gemini API)
- Security hygiene: .gitignore, .env protection, lock files, security config
- LLM server exposure detection (Ollama, LM Studio, vLLM, etc.)
- AI config file exposure (CLAUDE.md, .cursorrules, etc.)
- MCP server security (high-risk tools, hardcoded credentials)
- Security score (0-100) with recovery path showing achievable score
- Prioritized actions -- all auto-fixable findings point to
opena2a protect
Security Score Calculation
Starts at 100 with deductions across three categories (capped to prevent runaway scores):
| Category | Finding | Impact |
|---|---|---|
| Credentials (cap: -60) | Critical credential | -20 first, diminishing |
| High credential | -12 first, diminishing | |
| Medium credential | -5 first, diminishing | |
| Low credential | -2 first, diminishing | |
| Environment (cap: -25) | No .gitignore | -8 |
| .env not in .gitignore | -5 | |
| No lock file | -3 | |
| LLM server without auth | -4 | |
| MCP high-risk tools | -3 | |
| AI config exposure | -3 | |
| Configuration (cap: -15) | Security config missing | -5 |
| Security config present | +5 bonus |
Examples
opena2a initopena2a init --dir ./my-agent --verboseopena2a init --format json --ci