whatisgithub

What is agentshield?

affaan-m/agentshield — explained in plain English

Analysis updated 2026-05-18

719TypeScriptAudience · developerComplexity · 3/5LicenseSetup · easy

In one sentence

AgentShield scans AI agent configuration folders like Claude Code's for security risks such as hardcoded secrets and overly permissive settings, then grades your setup.

Mindmap

mindmap
  root((AgentShield))
    What it does
      Scans AI agent configs
      Five risk categories
      Letter grade and score
      Auto-fix suggestions
    Tech stack
      TypeScript
      Claude Opus
      GitHub Actions
    Use cases
      Scan Claude Code config
      CI pull request scanning
      Deep three-agent analysis
    Extras
      MiniClaw sandbox runtime
      GitHub App integration
      SARIF and HTML output

Code map

Detail Auto

An interactive map of this repo's files and how they connect — its source is parsed live in your browser. Click Visualize to build it.

filefunction / class

What do people build with it?

USE CASE 1

Scan your Claude Code configuration for hardcoded secrets, risky permissions, and dangerous shell hooks.

USE CASE 2

Get a letter grade and numeric score for your AI agent setup along with suggested fixes.

USE CASE 3

Run AgentShield as a GitHub Action to automatically check every pull request for agent config risks.

What is it built with?

TypeScriptClaude OpusGitHub Actions

How does it compare?

affaan-m/agentshieldindalok/rzwebtickernelz/opencode-mem
Stars719723711
LanguageTypeScriptTypeScriptTypeScript
Setup difficultyeasyeasyeasy
Complexity3/53/52/5
Audiencedeveloperdevelopervibe coder

Figures from each repo's GitHub metadata at analysis time.

How do you get it running?

Difficulty · easy Time to first run · 5min

Basic scan runs with a single command and no setup, the optional three-agent deep analysis mode requires a paid Anthropic API key.

MIT license, free to use, modify, and integrate into your own projects, including commercially.

So what is it?

AgentShield is a security scanner for AI agent configurations. It looks at the setup files that tools like Claude Code use, specifically the configuration folder that controls what the AI is allowed to do, and checks for problems that could expose your machine or credentials to attackers. The tool checks five categories of risk: hardcoded secrets like API keys and passwords buried in config files, overly permissive settings that let the AI run any command without restriction, shell hooks that could allow an attacker to inject and execute malicious code, external AI tool servers (called MCP servers) that carry supply-chain or remote-access risks, and AI agent configurations that give the agent too much access or contain hidden instructions. Across these five categories it applies 102 rules and gives your setup a letter grade from A to F along with a numeric score from 0 to 100. You run it with a single command. It finds your configuration directory automatically, scans it, and prints a report that lists each problem with its severity, the file where it was found, and a suggested fix. Many simple fixes, like replacing a hardcoded API key with an environment variable reference, can be applied automatically using the --fix flag. You can also generate output as JSON for use in automated pipelines, as HTML for sharing with a team, or in SARIF format for integration with GitHub code scanning. For deeper analysis there is an optional three-agent mode that uses Claude Opus. One agent plays the role of an attacker looking for exploitable chains, a second plays a defender evaluating existing protections, and a third synthesizes both views into a prioritized action list. This mode requires an Anthropic API key. The project also includes a GitHub Action for running the scanner automatically on pull requests, a minimal sandboxed AI agent runtime called MiniClaw for teams that want a safe way to expose an AI endpoint over HTTP, and a GitHub App integration for organization-wide scanning. It was built at a Claude Code hackathon in early 2026 and is released under the MIT license. The full README is longer than what was shown.

Copy-paste prompts

Prompt 1
Run AgentShield on my Claude Code config and explain each finding it reports along with severity.
Prompt 2
How do I use the --fix flag to automatically apply AgentShield's suggested fixes?
Prompt 3
Set up AgentShield as a GitHub Action so it scans every pull request for AI agent configuration risks.
Prompt 4
Explain what the three-agent deep analysis mode does and what an Anthropic API key is needed for.

Frequently asked questions

What is agentshield?

AgentShield scans AI agent configuration folders like Claude Code's for security risks such as hardcoded secrets and overly permissive settings, then grades your setup.

What language is agentshield written in?

Mainly TypeScript. The stack also includes TypeScript, Claude Opus, GitHub Actions.

What license does agentshield use?

MIT license, free to use, modify, and integrate into your own projects, including commercially.

How hard is agentshield to set up?

Setup difficulty is rated easy, with roughly 5min to a first successful run.

Who is agentshield for?

Mainly developer.

Open on GitHub → Ask about another repo

This repo across BitVibe Labs

Verify against the repo before relying on details.