The Security Toolkit
for AI Agents

Find vulnerabilities before attackers do. 147 security checks, 55 attack payloads, auto-remediation with rollback, and OASB benchmark compliance.

View on GitHubView on npm
terminal
$ npx hackmyagent secure

  HackMyAgent v1.5.0
  Scanning 147 checks across 30 categories...

  CRITICAL  CRED-001  Hardcoded API key in config.json
  CRITICAL  MCP-003   MCP server with root filesystem access
  HIGH      NET-001   Server bound to 0.0.0.0
  HIGH      PERM-001  World-readable secret files
  MEDIUM    GIT-002   Incomplete .gitignore patterns
  LOW       LOG-001   Missing audit trail configuration

  Results: 6 findings (2 critical, 2 high, 1 medium, 1 low)
  Run with --fix to auto-remediate 5 of 6 findings.

What It Does

Three modes of operation: scan for vulnerabilities, attack with adversarial payloads, and auto-fix with safe rollback.

Scan

147 checks across 30 categories. Auto-detect misconfigurations, hardcoded credentials, exposed endpoints, and supply chain risks.

Credential detection
MCP server auditing
Network exposure checks
CVE detection

Attack

55 adversarial payloads across 5 categories. Red team your agent with prompt injection, jailbreak, data exfiltration, capability abuse, and context manipulation.

Prompt injection (12 payloads)
Jailbreak (12 payloads)
Data exfiltration (11 payloads)
Custom payload support

Fix

Auto-remediation with rollback. Dry-run preview before applying changes. Automatic backups so you can undo any fix instantly.

Dry-run preview mode
Automatic backup creation
One-command rollback
Plugin-based fix system

Quick Start

No config files required. Works out of the box with zero dependencies.

terminal
# Run directly (no install needed)
$ npx hackmyagent secure

# Scan and auto-fix
$ npx hackmyagent secure --fix

# Preview fixes before applying
$ npx hackmyagent secure --fix --dry-run

# Red team with adversarial payloads
$ npx hackmyagent attack --local

# Run OASB benchmark
$ npx hackmyagent secure -b oasb-1

# Rollback any changes
$ npx hackmyagent rollback

30 Security Categories

Every scan runs 147 checks across 30 categories covering credentials, network, injection, encryption, supply chain, and more.

CRED
Credentials
4 checks
MCP
MCP Servers
10 checks
CLAUDE
Claude Code
7 checks
NET
Network
6 checks
PROMPT
Prompt Injection
4 checks
INJ
Injection
4 checks
ENCRYPT
Encryption
4 checks
SESSION
Sessions
4 checks
AUDIT
Audit Trails
4 checks
SANDBOX
Sandboxing
4 checks
TOOL
Tool Permissions
4 checks
AUTH
Authentication
4 checks
DEP
Dependencies
4 checks
ENV
Environment
4 checks
GIT
Git Security
3 checks
IO
Input/Output
4 checks
LOG
Logging
4 checks
PERM
Permissions
3 checks
PROC
Process Isolation
4 checks
RATE
Rate Limiting
4 checks
SEC
Security Headers
4 checks
API
API Security
4 checks
VSCODE
VS Code
2 checks
CURSOR
Cursor IDE
1 check
CVE
CVE Detection
4 checks
GATEWAY
Gateway
8 checks
CONFIG
Configuration
9 checks
SUPPLY
Supply Chain
8 checks
SKILL
Skill Analysis
12 checks
HEARTBEAT
Heartbeat
6 checks

Supported Targets

PlatformWhat HackMyAgent Scans
Claude CodeCLAUDE.md, skills, MCP server configs
Cursor.cursor/ rules, MCP configurations
VS Code.vscode/mcp.json configurations
Generic MCPAny MCP server setup

OASB Benchmark Compliance

Run the Open Agent Security Benchmark (OASB-1) directly from HackMyAgent. 46 controls across 10 categories with three maturity levels.

10 Assessment Categories

Identity and Provenance
Capability and Authorization
Input Security
Output Security
Credential Protection
Supply Chain Integrity
Agent-to-Agent Security
Memory and Context Integrity
Operational Security
Monitoring and Response

Maturity Levels

L1 Essential26 controls
L2 Standard44 controls
L3 Hardened46 controls
Learn more about OASB
terminal
$ npx hackmyagent secure -b oasb-1

  OASB-1 Benchmark Assessment
  Level: L1 Essential (26 controls)

  PASS  Identity and Provenance      4/4
  PASS  Capability and Authorization  5/5
  PASS  Input Security               5/5
  WARN  Output Security              3/4
  PASS  Credential Protection        5/5
  FAIL  Supply Chain Integrity       2/5

  Score: 84/100
  Rating: Passing
147
Security checks
55
Attack payloads
611
Tests passing
30
Categories

Secure your AI agents in seconds

npx hackmyagent secure
GitHubnpmhackmyagent.com