kya-abuse-check
v1.1.0
Published
Check and report AI agent abuse. Two functions, zero dependencies. Part of the KYA (Know Your Agent) network.
Maintainers
agentscore_zenmonsterReadme
kya-abuse-check
Check and report AI agent abuse. Two functions, zero dependencies.
Part of the KYA (Know Your Agent) network — community-driven agent safety for the AI economy.
Install
npm install kya-abuse-checkUsage
import { checkAbuse } from 'kya-abuse-check';
const result = await checkAbuse('some-agent');
if (result.recommendation === 'BLOCK') {
console.log('Blocked:', result.reasons);
// → ['data_exfiltration', 'prompt_injection']
}API
checkAbuse(agent, options?)
Check a single agent against the KYA abuse database.
const result = await checkAbuse('agent-name');
// {
// agent: 'agent-name',
// status: 'reported', // 'clean' | 'reported'
// report_count: 3,
// severity: 'high', // 'none' | 'low' | 'medium' | 'high' | 'critical'
// reasons: ['prompt_injection', 'data_exfiltration'],
// recommendation: 'BLOCK', // 'CLEAN' | 'MONITOR' | 'CAUTION' | 'BLOCK'
// latest_report: '2026-03-22T13:49:59Z',
// reports: [...]
// }isReported(agent, options?)
Simple boolean check.
import { isReported } from 'kya-abuse-check';
if (await isReported('untrusted-bot')) {
throw new Error('Agent has abuse reports');
}checkAbuseMany(agents, options?)
Check multiple agents in parallel.
import { checkAbuseMany } from 'kya-abuse-check';
const results = await checkAbuseMany(['agent-a', 'agent-b', 'agent-c']);
for (const [name, result] of results) {
console.log(name, result.recommendation);
}reportAbuse(input, options?)
Report an agent for abusive behaviour. v1.1.0+
import { reportAbuse } from 'kya-abuse-check';
const result = await reportAbuse({
agent: 'malicious-bot',
reason: 'data_exfiltration',
severity: 'high',
evidence: 'Agent attempted to read /etc/passwd via MCP tool call',
});
if (result.success) {
console.log('Reported:', result.report.id);
}Reasons: data_exfiltration, prompt_injection, unauthorized_access, spam, impersonation, malicious_code, other.
Severity: low, medium (default), high, critical.
Rate limited to 10 reports per hour per IP.
Report Reasons
| Reason | Description |
|--------|-------------|
| data_exfiltration | Agent attempted to steal or leak data |
| prompt_injection | Agent injected malicious instructions |
| unauthorized_access | Agent accessed resources beyond its scope |
| spam | Agent engaged in spam or abuse |
| impersonation | Agent impersonated another agent or human |
| malicious_code | Agent executed or deployed malicious code |
| other | Other abuse not covered above |
Recommendations
| Level | Meaning | Suggested Action |
|-------|---------|-----------------|
| CLEAN | No reports | Allow |
| MONITOR | 1 report | Allow with logging |
| CAUTION | 2+ reports or high severity | Allow with restrictions |
| BLOCK | 5+ reports or critical severity | Deny access |
How It Works
KYA maintains a community-driven abuse database. Anyone can report an agent. Anyone can check an agent. The more people report, the safer everyone is.
- Free. No API key. No rate limits on checks. No signup.
- Read + Write. Check agents AND report bad ones from the same package.
- Fail-open. If the API is unreachable, agents are assumed clean. Security shouldn't break your app.
- Privacy-respecting. Reports are about agent identifiers, not personal data.
Works With
- mcp-trust-guard — MCP server security middleware with built-in abuse checking
- @agentscore-xyz/mcp-server — MCP server for AI agent verification
- agent-recall — Persistent memory for AI agents
License
MIT