Summary

AgentSeal is an open-source security toolkit designed to protect AI agents from various threats. It addresses risks including dangerous skill files, poisoned configurations, prompt injection vulnerabilities, and supply chain attacks, enabling users to red-team prompts, scan local machines, and audit live systems.

How It Works

The toolkit offers four primary commands: guard scans local agent configurations and skill files using a six-stage pipeline (pattern signatures, deobfuscation, semantic analysis, baseline tracking, registry enrichment, custom rules) without requiring API keys. scan tests system prompts against over 225 adversarial attack probes, returning a deterministic trust score. scan-mcp audits live MCP servers for tool description poisoning, while shield provides real-time monitoring and quarantining of agent config files. This multi-layered, local-first approach enhances AI agent security.

Quick Start & Requirements

Installation is via pip install agentseal (Python 3.10+) or npm install agentseal (Node.js 18+). The guard, scan-mcp, and shield commands operate offline. The scan command requires access to a Large Language Model (LLM), supporting free local inference via Ollama or cloud providers (e.g., OpenAI, Anthropic) with API keys. The shield command requires additional dependencies: pip install agentseal[shield]. Relevant resources include the MCP Security Registry at agentseal.org/mcp.

Highlighted Details

• Features 225+ adversarial attack probes across 28 supported AI agents.
• The guard command performs local, offline scans on numerous agents without API keys.
• Includes a real-time file watcher (shield) for supply chain attack detection.
• Maintains a public MCP Security Registry with over 6,600 scanned servers.
• Provides a deterministic trust score (0-100) for prompt injection resistance.

Maintenance & Community

Contribution guidelines are detailed in CONTRIBUTING.md. Users can report issues on GitHub at github.com/AgentSeal/agentseal/issues. A comprehensive probe catalog is available at PROBES.md. No specific community channels (like Discord or Slack) are listed in the README.

Licensing & Compatibility

The project is licensed under a dual license: FSL-1.1-Apache-2.0. This may impose specific usage conditions, particularly for commercial applications, requiring careful review of the FSL terms.

Limitations & Caveats

The scan command necessitates an LLM, either locally run or via a cloud API. Advanced features such as MCP tool poisoning probes, RAG poisoning probes, multimodal attack probes, and enhanced reporting are available in the proprietary AgentSeal Pro offering, indicating the open-source version has a more limited feature set in these areas.