@amajumdar2249/agentpm
v1.2.0
Published
AgentPM: The Definitive Package Manager and Security Auditor for AI Agents. Securely discover, audit, and install AI skills to build the ultimate agentic ecosystem.
Maintainers
Readme
🌌 AgentPM
❌ The Dark Age of Exchanging Prompts
As AI-assisted engineering (via Claude Code, Cursor, Windsurf) accelerates, developers are reduced to manually copy-pasting system prompts, rules, and "skills" from fragmented gists and unprotected repositories.
There is no standard architecture to manage, version, or secure custom AI instructions. Even worse, blindly copying third-party prompts introduces catastrophic Prompt Injection Vulnerabilities into your agentic workspace.
🌟 The Vanguard: AgentPM
AgentPM brings the robust npm and cargo experience directly to AI Agents. It transforms scattered text files into a scalable, secure, and standardized ecosystem.
Every skill installed via AgentPM is Cryptographically Verified via Sigstore, and passes through a Semantic Security Filter before executing. Any script (Bash/Python) is then run within an isolated E2B Cloud MicroVM Sandbox, completely protecting your local environment from prompt-injection execution payloads.
# 1. Initialize an AI-ready workspace
$ agentpm init
# 2. Securely install high-quality audited skills
$ agentpm install @oss/react-expert
🚀 Initializing install for skill: @oss/react-expert
🔍 Scanning deep abstraction layers for prompt injections...
✅ Skill audited: 0 malicious signatures found.
📦 Successfully deployed @oss/react-expert into .agents/skills/✨ Features
| Feature | Description |
|---------|-------------|
| ⚡ Instant Discovery | Search 19,854+ production-grade AI skills from the AgentPM Registry |
| 🛡️ Absolute Security | Containerized E2B MicroVM execution and Sigstore cryptographic signing |
| 🏗️ Agentic Workspaces | agentpm init scaffolds .agents environments with structural integrity |
| 🔍 Security Auditor | agentpm audit scans skill files for prompt injection and destructive commands |
| 🤖 AI Skill Generator | agentpm generate creates new skills using offline templates or Gemini |
| 📦 Publish & Share | agentpm publish contributes skills to the global registry |
| 🖥️ MCP Server | agentpm mcp exposes tools via Model Context Protocol for AI agent integration |
| 🌐 Platform Agnostic | Works with Claude Code (.agents), Cursor (.cursorrules), and Windsurf |
🚀 Quick Start
Installation
Install globally directly from the official NPM Registry:
npm install -g @amajumdar2249/agentpm⚡ 1-Click AI Assistant Integration (MCP)
Auto-configure Claude Desktop, Cursor, and Windsurf to connect directly to AgentPM:
agentpm setupCommand Palette
# Scaffold an optimized agentic workspace
agentpm init
# Search the global registry (19,854+ skills)
agentpm search "react security"
# Securely install and audit a remote skill
agentpm install <skill-name>
# Audit a skill file for security threats
agentpm audit ./path/to/skill
# Generate a new skill from a prompt
agentpm generate my-skill "Build a REST API validator"
# View your orchestrated local environment
agentpm list
# Publish a skill to the registry
agentpm publish ./my-skill/
# Start the MCP server for AI agent integration
agentpm mcp🏛️ Architecture
agentpm/
├── src/
│ ├── index.ts # CLI entry point (Commander.js)
│ ├── scanner.ts # 23+ regex patterns for prompt injection detection
│ ├── installer.ts # Local-first, remote-fallback skill fetcher
│ ├── search.ts # MiniSearch-powered fuzzy search engine
│ ├── schema.ts # Zod-validated skill metadata schema
│ ├── mcp.ts # Model Context Protocol server (4 tools)
│ └── commands/ # 10 CLI command handlers
├── registry/ # Embedded registry (git submodule → agentpm-registry)
├── tests/ # Jest test suite (8 test files)
└── web/ # Next.js 16 registry browser (React 19)🔗 Ecosystem
| Repository | Purpose | |------------|---------| | agentpm | CLI tool & MCP server (this repo) | | agentpm-registry | Global skill registry (19,854+ skills) | | devarmor | AI workstation security scanner (npm) |
🤝 Contributing
We welcome contributions to expand the AgentPM ecosystem. See CONTRIBUTING.md to get started.
🔒 Security
See SECURITY.md for our security policy and vulnerability reporting.
📄 License
MIT License — See LICENSE for details.
