What configs does AgentAudit scan?

AgentAudit scans CLAUDE.md files, .cursorrules, .windsurfrules, MCP server configurations, and any AI agent config that defines permissions, tool access, or shell commands.

Is my config data sent to a server?

No. All scanning runs entirely in your browser using client-side JavaScript. Your configuration never leaves your machine. We have zero visibility into what you scan.

What security issues does it detect?

We check 8 categories: shell access permissions (rm -rf, sudo), file system scope, MCP server trust, secret exposure (API keys, tokens), rate limiting, network access, tool restrictions, and audit logging.

What's the difference between Free and Full Report?

The free scan gives you a risk score (A-F) and your top 3 issues with fixes. The full report ($47) unlocks all issues, complete remediation steps, and a best practices checklist.

How is payment handled?

Payment is processed via USDC on Base network. You send the exact amount, paste your transaction hash, and we verify it on-chain before unlocking the full report. Stripe card payments coming soon.

Can I use this for my team?

Yes. Each scan is independent — share the URL with your team and everyone can run their own scans for free. The full report purchase is per-scan. Contact us for Enterprise plans with team access and CI/CD integration.

Security Scanner for AI Agent Configs

Audit Your AI Agents.
Before They Audit You.

Scan CLAUDE.md, .cursorrules, and MCP configs for prompt injection, secret exposure, and privilege escalation in under 30 seconds.

Scan Your Agents View Report Sample

2,847Agents Scanned

94%Vulnerability Detection Rate

< 30sScan Time

$ agentaudit scan --stdin

Analysis runs entirely in your browser. No data is sent to any server.

Live Scan Preview

Threats detected in seconds

agentaudit — scan results

$ agentaudit scan ./config

Prompt Injection VectorCRITICAL

Shell Escape SequenceCRITICAL

Hardcoded API KeyHIGH

Unrestricted File AccessHIGH

MCP Server: exec (untrusted)HIGH

No Rate Limiting DefinedMEDIUM

Critical

High

Medium

Grade

Detection Engine

What AgentAudit catches

20+ vulnerability patterns across 8 security categories. All checks run in your browser.

Prompt Injection Detection

Find hidden instructions embedded in configs that redirect agent behavior to malicious ends.

Memory Poisoning Scan

Detect patterns that allow persistent context manipulation across agent sessions.

Tool Abuse Analysis

Identify over-permissive tool grants that enable unintended system-level operations.

Auth Bypass Check

Catch configs that grant agents the ability to skip authentication or escalate privileges.

Data Exfil Monitor

Spot unconstrained network access and tunnel configurations that enable data leakage.

Compliance Report

Generate a prioritised remediation report aligned with AI security best practices.

Process

Three steps to secure

$ paste --agent-config ./CLAUDE.md

Connect Agent

Paste your CLAUDE.md, .cursorrules, or MCP config directly into the scanner. Nothing is uploaded.

$ agentaudit scan --deep --all-categories

Run Scan

Our engine checks 20+ vulnerability patterns across 8 security categories in under 2 seconds.

$ agentaudit report --fix --priority=critical

Fix Vulnerabilities

Get a prioritised list of issues with exact fix instructions. Unlock the full report for complete remediation.

Sample Output

What your audit report looks like

audit-report.json

GRADE: F

CRITICALShell escape via rm -rf

Shell Access

CRITICALPipe-to-shell detected

Shell Access

HIGHAPI key exposed in config

Secret Exposure

HIGHUnrestricted filesystem root access

File System Scope

MEDIUMNo rate limiting defined

Rate Limiting

LOWAudit logging not configured

Audit Logging

6 vulnerabilities detectedDownload Full Report

Social Proof

What security engineers are saying

“Found a hardcoded API key in our CLAUDE.md that had been there for 6 months. AgentAudit caught it in seconds.”

Elena M.

Staff Security Engineer

“We run AgentAudit on every new CLAUDE.md before merging. It's become mandatory in our AI review process.”

James T.

Platform Security Lead

“The MCP server trust checks alone saved us from shipping an exec-enabled server to production.”

Priya S.

AI Infrastructure Engineer

“Client-side scanning means I can audit without worrying about sensitive config leaking to a third party.”

Daniel R.

Senior DevSecOps Engineer

Pricing

Simple, transparent pricing

Free scan to see your risk level. Full report for complete remediation.

Free

5 scans / day

Risk score A-F grade
Top 3 issues with fixes
Config type detection
All issues + remediation
Best practices checklist

Start Free Scan

RECOMMENDED

Pro

$49/mo

100 scans / month

Everything in Free
All issues with detailed fixes
Complete remediation steps
Best practices checklist
Priority-ranked action plan

Scan First, Then Upgrade

Enterprise

Custom

Unlimited scans

Everything in Pro
Team access + SSO
CI/CD integration
Custom policy rules
SLA + dedicated support

Get security tips for your AI agents

Weekly insights on AI agent security best practices.

FAQ

Frequently asked questions

Frequently Asked Questions

Trusted by security-conscious developers

0+scans run

0+issues found

0% freefree tier

Also useful for AI builders

RulesForge

Generate CLAUDE.md for your AI coding tools

$29 →

LaunchStack

Next.js 16 SaaS boilerplate — ship in 48 hours

$297 →

Security Scanner for AI Agent Configs

Audit Your AI Agents.
Before They Audit You.

Scan CLAUDE.md, .cursorrules, and MCP configs for prompt injection, secret exposure, and privilege escalation in under 30 seconds.

Scan Your Agents View Report Sample

2,847Agents Scanned

94%Vulnerability Detection Rate

< 30sScan Time

$ agentaudit scan --stdin

Analysis runs entirely in your browser. No data is sent to any server.

Live Scan Preview

Threats detected in seconds

agentaudit — scan results

$ agentaudit scan ./config

Prompt Injection VectorCRITICAL

Shell Escape SequenceCRITICAL

Hardcoded API KeyHIGH

Unrestricted File AccessHIGH

MCP Server: exec (untrusted)HIGH

No Rate Limiting DefinedMEDIUM

Critical

High

Medium

Grade

Detection Engine

What AgentAudit catches

20+ vulnerability patterns across 8 security categories. All checks run in your browser.

Prompt Injection Detection

Find hidden instructions embedded in configs that redirect agent behavior to malicious ends.

Memory Poisoning Scan

Detect patterns that allow persistent context manipulation across agent sessions.

Tool Abuse Analysis

Identify over-permissive tool grants that enable unintended system-level operations.

Auth Bypass Check

Catch configs that grant agents the ability to skip authentication or escalate privileges.

Data Exfil Monitor

Spot unconstrained network access and tunnel configurations that enable data leakage.

Compliance Report

Generate a prioritised remediation report aligned with AI security best practices.

Process

Three steps to secure

$ paste --agent-config ./CLAUDE.md

Connect Agent

Paste your CLAUDE.md, .cursorrules, or MCP config directly into the scanner. Nothing is uploaded.

$ agentaudit scan --deep --all-categories

Run Scan

Our engine checks 20+ vulnerability patterns across 8 security categories in under 2 seconds.

$ agentaudit report --fix --priority=critical

Fix Vulnerabilities

Get a prioritised list of issues with exact fix instructions. Unlock the full report for complete remediation.

Sample Output

What your audit report looks like

audit-report.json

GRADE: F

CRITICALShell escape via rm -rf

Shell Access

CRITICALPipe-to-shell detected

Shell Access

HIGHAPI key exposed in config

Secret Exposure

HIGHUnrestricted filesystem root access

File System Scope

MEDIUMNo rate limiting defined

Rate Limiting

LOWAudit logging not configured

Audit Logging

6 vulnerabilities detectedDownload Full Report

Social Proof

What security engineers are saying

“Found a hardcoded API key in our CLAUDE.md that had been there for 6 months. AgentAudit caught it in seconds.”

Elena M.

Staff Security Engineer

“We run AgentAudit on every new CLAUDE.md before merging. It's become mandatory in our AI review process.”

James T.

Platform Security Lead

“The MCP server trust checks alone saved us from shipping an exec-enabled server to production.”

Priya S.

AI Infrastructure Engineer

“Client-side scanning means I can audit without worrying about sensitive config leaking to a third party.”

Daniel R.

Senior DevSecOps Engineer

Pricing

Simple, transparent pricing

Free scan to see your risk level. Full report for complete remediation.

Free

5 scans / day

Risk score A-F grade
Top 3 issues with fixes
Config type detection
All issues + remediation
Best practices checklist

Start Free Scan

RECOMMENDED

Pro

$49/mo

100 scans / month

Everything in Free
All issues with detailed fixes
Complete remediation steps
Best practices checklist
Priority-ranked action plan

Scan First, Then Upgrade

Enterprise

Custom

Unlimited scans

Everything in Pro
Team access + SSO
CI/CD integration
Custom policy rules
SLA + dedicated support

Get security tips for your AI agents

Weekly insights on AI agent security best practices.

FAQ

Frequently asked questions

Frequently Asked Questions

Trusted by security-conscious developers

0+scans run

0+issues found

0% freefree tier

Also useful for AI builders

RulesForge

Generate CLAUDE.md for your AI coding tools

$29 →

LaunchStack

Next.js 16 SaaS boilerplate — ship in 48 hours

$297 →

Audit Your AI Agents. Before They Audit You.

Threats detected in seconds

What AgentAudit catches

Prompt Injection Detection

Memory Poisoning Scan

Tool Abuse Analysis

Auth Bypass Check

Data Exfil Monitor

Compliance Report

Three steps to secure

Connect Agent

Run Scan

Fix Vulnerabilities

What your audit report looks like

What security engineers are saying

Simple, transparent pricing

Free

Pro

Enterprise

Get security tips for your AI agents

Frequently asked questions

Frequently Asked Questions

Everything you need to ship, sell and scale.

Audit Your AI Agents. Before They Audit You.

Threats detected in seconds

What AgentAudit catches

Prompt Injection Detection

Memory Poisoning Scan

Tool Abuse Analysis

Auth Bypass Check

Data Exfil Monitor

Compliance Report

Three steps to secure

Connect Agent

Run Scan

Fix Vulnerabilities

What your audit report looks like

What security engineers are saying

Simple, transparent pricing

Free

Pro

Enterprise

Get security tips for your AI agents

Frequently asked questions

Frequently Asked Questions

Everything you need to ship, sell and scale.

Audit Your AI Agents.
Before They Audit You.

Audit Your AI Agents.
Before They Audit You.