npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

agent-red-team

v0.1.0

Published

Security scanner for AI coding agents — test your setup against prompt injection, credential exposure, identity tampering, and more.

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

gemini2026gemini2026

Keywords

aisecurityscanneragentred-teamprompt-injectionclaudecursoropenclawmcpai-safety

Readme

agent-red-team

npm version License: Apache-2.0

How secure is your AI coding agent? Find out in 3 seconds.

npx agent-red-team

Zero-install security scanner that tests your AI coding agent setup against real attack vectors. Works with Claude Code, Cursor, OpenClaw, NemoClaw, and any MCP-connected agent.

What It Tests

| Category | Weight | What's Checked | |---|---|---| | Injection Resistance | 25% | Prompt injection scanning, input validation, base64 rescan, unicode normalization | | Credential Exposure | 20% | SSH keys, AWS creds, .env files, sandbox isolation, env var leaks | | Identity Tampering | 15% | CLAUDE.md, .cursorrules, SOUL.md write protection, file ownership | | Behavioral Evasion | 20% | Session tracking, trifecta detection (read-process-exfil), policy escalation | | Network Isolation | 10% | Sandbox network rules, SSRF protection, domain allowlisting, egress proxy | | Audit Integrity | 10% | Audit logging, hash chain integrity, tamper-evident config, export API |

Sample Output

Agent Red Team v0.1.0
Target: Claude Code (settings.json, CLAUDE.md, mcp-configured)
Runtime: darwin

INJECTION RESISTANCE           ████████████░░░░  60/100
  ✗ Injection scanner configured    (high)
  ✓ Input validation present
  ✗ Base64 decode and rescan        (medium)
  ✗ Unicode normalization           (medium)
  ✓ Injection pattern coverage

CREDENTIAL EXPOSURE            █████████████████ 95/100
  ✓ SSH keys protected
  ✓ AWS credentials protected
  ✗ Project .env file exposure      (medium)
  ✓ Sandbox blocks credential reads

IDENTITY TAMPERING             ████████████░░░░  67/100
  ✗ CLAUDE.md write-protected       (high)
  ✓ Identity file guard active
  ✓ Identity file ownership

BEHAVIORAL EVASION             ░░░░░░░░░░░░░░░░   0/100
  ✗ Session tracking configured     (high)
  ✗ Trifecta detection              (high)
  ✗ Policy escalation               (high)
  ✗ Multi-step chain guard          (medium)

NETWORK ISOLATION              ████████░░░░░░░░  50/100
  ✓ Sandbox network restrictions
  ✗ SSRF protection                 (high)
  ✗ Domain allowlisting             (medium)
  ✗ Egress proxy configured         (medium)

AUDIT INTEGRITY                ░░░░░░░░░░░░░░░░   0/100
  ✗ Audit logging enabled           (high)
  ✗ Hash chain integrity            (high)
  ✗ Tamper-evident configuration    (medium)
  ✗ Audit export API available      (low)

---
OVERALL SCORE                  ██████████░░░░░░  63/100
Grade: C

Share: "My AI agent scored 63/100 on agent-red-team ⚠️"

CLI Reference

Usage: agent-red-team [options]

Options:
  --target <agent>     Override auto-detection (claude-code|openclaw|nemoclaw|cursor)
  --mcp-url <url>      MCP server URL for generic testing
  --active             Enable active probing mode
  --json               Output JSON report to stdout
  --category <name>    Run only one category:
                         injection | credentials | identity
                         behavioral | network | audit
  --verbose            Show individual test details and explanations
  --no-color           Disable colored output
  -V, --version        Output version number
  -h, --help           Display help

Examples

# Scan everything (auto-detects your agent)
npx agent-red-team

# Target a specific agent
npx agent-red-team --target claude-code

# Only check credential exposure
npx agent-red-team --category credentials

# Verbose output with all details
npx agent-red-team --verbose

# JSON output for CI pipelines
npx agent-red-team --json > report.json

# Active probing mode (attempts real attack sequences)
npx agent-red-team --active

Scoring Methodology

Each category produces a score from 0-100 based on the ratio of passed checks.

Categories that cannot be tested (e.g., no agent detected for that check) are marked N/A and their weight is redistributed proportionally across testable categories.

Letter grades:

| Grade | Score Range | |---|---| | A+ | 90-100 | | A | 80-89 | | B | 70-79 | | C | 60-69 | | D | 50-59 | | D- | 40-49 | | F | 0-39 |

The CLI exits with code 1 if the overall score is below 40 (grade F), making it suitable for CI gates.

How to Improve Your Score

  • Injection Resistance -- Deploy Gatekeeper for injection scanning middleware
  • Credential Exposure -- Use sandbox profiles, restrict file permissions, avoid env var secrets
  • Identity Tampering -- Make CLAUDE.md and .cursorrules read-only, use Gatekeeper's identity guard
  • Behavioral Evasion -- Enable session tracking with trifecta detection
  • Network Isolation -- Configure sandbox network rules and egress proxy
  • Audit Integrity -- Enable tamper-evident audit logging with hash chains

Contributing

Contributions are welcome. Please open an issue first to discuss what you would like to change.

# Development setup
git clone https://github.com/knowledge2ai/agent-red-team.git
cd agent-red-team
npm install
npm run build
npm test

# Run locally
node dist/cli.js --verbose

When adding new attack checks:

  1. Create or modify the relevant module in src/attacks/
  2. Each check returns an AttackResult with name, passed, severity, and detail
  3. Add tests in test/
  4. Run npm test before submitting a PR

License

Apache 2.0

Built by the team at Knowledge2 -- enterprise AI infrastructure with live knowledge feeds.