GitHub - Leporis14/agentlint: A proxy that sits between AI agents and the tools they use, deciding what's allowed, logging everything, and proving it to regulators · GitHub
/" data-turbo-transient="true" />
Skip to content
Search or jump to...
Search code, repositories, users, issues, pull requests...
-->
Search
Clear
Search syntax tips
Provide feedback
--><br>We read every piece of feedback, and take your input very seriously.
Include my email address so I can be contacted
Cancel
Submit feedback
Saved searches
Use saved searches to filter your results more quickly
-->
Name
Query
To see all available qualifiers, see our documentation.
Cancel
Create saved search
Sign in
/;ref_cta:Sign up;ref_loc:header logged out"}"<br>Sign up
Appearance settings
Resetting focus
You signed in with another tab or window. Reload to refresh your session.<br>You signed out in another tab or window. Reload to refresh your session.<br>You switched accounts on another tab or window. Reload to refresh your session.
Dismiss alert
{{ message }}
Leporis14
agentlint
Public
Notifications<br>You must be signed in to change notification settings
Fork
Star
main
BranchesTags
Go to file
CodeOpen more actions menu
Folders and files<br>NameNameLast commit message<br>Last commit date<br>Latest commit
History<br>13 Commits<br>13 Commits
.github/workflows
.github/workflows
agentlint
agentlint
dist
dist
leporis_agentlint.egg-info
leporis_agentlint.egg-info
.gitignore
.gitignore
LICENSE
LICENSE
README.md
README.md
mcp.json
mcp.json
pyproject.toml
pyproject.toml
View all files
Repository files navigation
agentlint
A security scanner for MCP server configs — catch dangerous permissions, hardcoded secrets, and missing guardrails before you ship.
Install
pip install leporis-agentlint
Usage
Local scan
$ agentlint scan mcp.json
┌──────────────────────────────────────────────────────┐<br>│ github-server ######.... 6/10 │<br>│ !! Hardcoded secret: env var 'GITHUB_TOKEN' │<br>│ contains a literal secret value. │<br>│ ! No approval gate: server is missing │<br>│ 'requireApproval' or 'humanInLoop' field. │<br>└──────────────────────────────────────────────────────┘
┌──────────────────────────────────────────────────────┐<br>│ filesystem #####..... 5/10 │<br>│ !! Broad filesystem access: arg '/home' exposes │<br>│ sensitive paths. │<br>│ ! No approval gate: server is missing │<br>│ 'requireApproval' or 'humanInLoop' field. │<br>└──────────────────────────────────────────────────────┘
┌─────────────────── Summary ──────────────────────────┐<br>│ Servers scanned 2 │<br>│ Average risk score 5.5 / 10 │<br>│ Critical findings 2 │<br>│ Warnings 2 │<br>│ Total findings 4 │<br>└──────────────────────────────────────────────────────┘
Highest-Risk Servers<br>Server Score<br>github-server ######.... 6/10<br>filesystem #####..... 5/10
Machine-readable output
$ agentlint scan mcp.json --json
"github-server": {<br>"score": 6,<br>"findings": [<br>{"level": "critical", "detail": "Hardcoded secret: env var 'GITHUB_TOKEN' contains a literal secret value."},<br>{"level": "warning", "detail": "No approval gate: server is missing 'requireApproval' or 'humanInLoop' field."}
Checks
Check<br>What it catches<br>Severity
Hardcoded secrets<br>API keys, tokens, passwords, JWTs baked into env values<br>Critical
Broad filesystem access<br>Args exposing /home, /etc, /var, ~/, root, Windows drives<br>Critical
Missing env vars<br>Server name suggests auth (github, postgres, stripe…) but env is empty<br>Warning
No approval gate<br>Missing requireApproval or humanInLoop field<br>Warning
Each server gets a risk score 1–10 . Green (≤3), yellow (4–6), red (7+).
CI / GitHub Actions
$ agentlint ci
= 7. Build failed.">agentlint: 4 servers scanned, 3 critical violations, 2 servers scored >= 7. Build failed.
Exits 0 if clean, 1 if any server scores ≥ 7. Auto-discovers config from claude_desktop_config.json, .mcp.json, or mcp.json in the repo root.
# .github/workflows/agentlint.yml<br>name: agentlint<br>on:<br>push:<br>branches: [main, master]<br>pull_request:<br>branches: [main, master]
jobs:<br>agentlint:<br>runs-on: ubuntu-latest<br>steps:<br>- uses: actions/checkout@v4<br>- uses: actions/setup-python@v5<br>with:<br>python-version: "3.12"<br>- name: Install agentlint<br>run: pip install leporis-agentlint<br>- name: Run agentlint CI check<br>run: agentlint ci
Why
AI agents are shipping with MCP servers that get filesystem access, network access, and raw API keys handed to them at launch. There is no built-in sandbox, no mandatory approval step, and no standard way to audit what a given config actually grants. The industry is racing to give agents more capabilities while the security surface grows unchecked. agentlint is a single-file scanner that reads your MCP config and tells you what's dangerous — before your agent touches production.
About
A proxy that sits between AI agents and the tools they use, deciding what's allowed, logging everything, and proving it to regulators
Resources
Readme
License
MIT license
Uh oh!
There was an error while loading. Please reload this...