Agent Security Registry

13 of 39 agent frameworks fail security scan

69 OWASP Agentic AI violations detected across 39 major frameworks. Static analysis against 12 detection rules mapped to OWASP Agentic Top 10, MITRE ATT&CK, and STRIDE threat models.

Rules v1.1.0 · Last scan: 2026-03-10 · agentsign.dev
39
Scanned
9
Pass
17
Warn
13
Fail
69
OWASP Violations
Framework Category Stars Verdict Risk OWASP ATT&CK STRIDE Findings Scanned
AutoGPT Autonomous Agent 182K+ ✗ FAIL 65 AA-03 AA-09 T1059 T1610 EoP exec(), os.system(), no sandbox 2026-03-10
BabyAGI Autonomous Agent 20K+ ✗ FAIL 55 AA-03 AA-06 T1059 T1195 EoP Tamper exec(), eval(), supply chain 2026-03-10
Open Interpreter Code Agent 57K+ ✗ FAIL 80 AA-03 AA-09 AA-01 T1059 T1610 T1548 EoP exec(), os.system(), child_process, no sandbox 2026-03-10
MetaGPT Multi-Agent 48K+ ✗ FAIL 50 AA-03 AA-09 T1059 T1610 EoP subprocess shell=True, no sandbox 2026-03-10
GPT Engineer Code Agent 53K+ ✗ FAIL 55 AA-03 AA-06 T1059 T1195 EoP Tamper exec(), subprocess, supply chain 2026-03-10
ChatDev Multi-Agent 27K+ ✗ FAIL 50 AA-03 AA-09 T1059 T1610 EoP exec(), subprocess 2026-03-10
SuperAGI Autonomous Agent 15K+ ✗ FAIL 50 AA-03 AA-01 T1059 T1548 EoP subprocess shell=True, excessive agency 2026-03-10
CAMEL Multi-Agent 6K+ ✗ FAIL 40 AA-03 AA-06 T1059 T1195 EoP Tamper eval(), supply chain 2026-03-10
AgentGPT Autonomous Agent 32K+ ✗ FAIL 55 AA-03 AA-09 AA-06 T1059 T1610 T1195 EoP Tamper eval(), no sandbox, supply chain 2026-03-10
LangChain Agent Framework 100K+ ~ WARN 26 AA-06 AA-02 T1195 T1190 Tamper Supply chain, prompt injection vectors 2026-03-10
CrewAI Multi-Agent 45K+ ~ WARN 23 AA-06 AA-04 T1195 T1078 Tamper EoP Supply chain, excessive permissions 2026-03-10
Microsoft AutoGen Multi-Agent 50K+ ~ WARN 23 AA-03 AA-06 T1059 T1195 EoP Tamper Code execution patterns, supply chain 2026-03-10
Semantic Kernel Agent Framework 23K+ ~ WARN 18 AA-06 AA-07 T1195 T1059.007 Tamper Supply chain, output handling 2026-03-10
TaskWeaver Code Agent 5K+ ~ WARN 23 AA-03 AA-09 T1059 T1610 EoP Eval patterns, no sandbox 2026-03-10
OpenAI Agents SDK Agent Framework 19K+ ~ WARN 11 AA-06 AA-01 T1195 T1548 Tamper EoP Supply chain, excessive agency config 2026-03-10
Haystack Agent Framework 18K+ ~ WARN 11 AA-06 AA-07 T1195 T1059.007 Tamper Supply chain, output handling 2026-03-10
Smolagents Agent Framework 15K+ ~ WARN 18 AA-03 AA-06 T1059 T1195 EoP Tamper Code execution, supply chain 2026-03-10
Swarm Multi-Agent 18K+ ~ WARN 11 AA-01 AA-06 T1548 T1195 EoP Tamper Excessive agency, supply chain 2026-03-10
Google ADK Agent Framework 15K+ ✓ PASS 3 AA-06 T1195 Tamper Minor supply chain note 2026-03-10
Anthropic Claude SDK SDK 8K+ ✓ PASS 0 -- -- -- No issues detected 2026-03-10
Vercel AI SDK SDK 12K+ ✓ PASS 0 -- -- -- No issues detected 2026-03-10
LlamaIndex Agent Framework 38K+ ✓ PASS 3 AA-06 T1195 Tamper Minor supply chain note 2026-03-10
Phidata Agent Framework 18K+ ✓ PASS 0 -- -- -- No issues detected 2026-03-10
Instructor SDK 9K+ ✓ PASS 0 -- -- -- No issues detected 2026-03-10
Mastra Agent Framework 10K+ ✓ PASS 0 -- -- -- No issues detected 2026-03-10
Amazon Bedrock Agents Cloud Agent N/A ✓ PASS 3 AA-06 T1195 Tamper Minor supply chain note 2026-03-10
AgentSign SDK Identity SDK OSS ✓ PASS 0 -- -- -- No issues detected 2026-03-10
n8n Workflow Agent 178K+ ~ WARN 26 AA-03 AA-09 T1059 T1610 EoP Code execution nodes, shell command node, spawn() 2026-03-13
Langflow Agent Builder 145K+ ~ WARN 23 AA-03 AA-06 T1059 T1195 EoP Tamper Inherits LangChain exec patterns, code nodes 2026-03-13
Dify Agent Platform 132K+ ~ WARN 21 AA-03 AA-06 T1059 T1195 EoP Tamper Sandboxed code exec, tool calling, subprocess 2026-03-13
Browser Use Browser Agent 80K+ ✗ FAIL 60 AA-03 AA-09 AA-01 T1059 T1610 T1548 EoP Arbitrary browser control, JS injection, no sandbox 2026-03-13
OpenHands Code Agent 69K+ ✗ FAIL 70 AA-03 AA-09 AA-01 T1059 T1610 T1548 EoP subprocess, exec, shell commands, file write 2026-03-13
Crawl4AI Web Agent 61K+ ~ WARN 21 AA-03 AA-06 T1059 T1195 EoP Tamper Playwright subprocess, arbitrary URL fetch 2026-03-13
Aider Code Agent 41K+ ~ WARN 23 AA-03 AA-06 T1059 T1195 EoP Tamper subprocess for git/tests, shell execution 2026-03-13
Goose Code Agent 32K+ ✗ FAIL 65 AA-03 AA-09 AA-01 T1059 T1610 T1548 EoP Shell exec core, pkg install, file write, no sandbox 2026-03-13
Composio Agent Tooling 27K+ ~ WARN 18 AA-03 AA-06 T1059 T1195 EoP Tamper Sandboxed exec, shell tools, API calls 2026-03-13
Letta Stateful Agent 21K+ ~ WARN 18 AA-03 AA-06 T1059 T1195 EoP Tamper Tool execution, subprocess, database ops 2026-03-13
Devika Code Agent 19K+ ✗ FAIL 65 AA-03 AA-09 AA-01 T1059 T1610 T1548 EoP exec(), subprocess, browser auto, shell commands 2026-03-13
SWE-agent Code Agent 18K+ ~ WARN 26 AA-03 AA-09 T1059 T1610 EoP Docker exec, subprocess, shell commands 2026-03-13
Methodology & Legal

About this registry

The AgentSign Registry performs automated static analysis of publicly available open-source code. All scanned projects are sourced from public GitHub repositories under their respective open-source licences. This is the same approach used by established security scanning services such as Snyk, Sonatype OSS Index, and the GitHub Advisory Database.

What we scan for: Code patterns mapped to the OWASP Agentic AI Top 10 (2025) and OWASP MCP Top 10. These are industry-standard security benchmarks, not proprietary criteria.

Fair use and responsible disclosure: This registry is published in good faith for the purpose of improving agentic AI security. If you are a maintainer of a listed project and believe a finding is inaccurate or wish to discuss remediation, please contact contact@agentsign.dev. We will promptly review and update any disputed findings.

AgentSign Registry is provided "as is" without warranty. CyberSecAI Ltd accepts no liability for decisions made based on registry data. All trademarks and project names are the property of their respective owners.

Get Started

Scan your agent in 60 seconds

No signup. No API key. Just add one file to your repo.
1

Add the GitHub Action

Create .github/workflows/agentsign.yml in your repo:

# .github/workflows/agentsign.yml
name: AgentSign Security Scan
on: [push, pull_request]

jobs:
  scan:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
      - uses: razashariff/agentsign-action@v1
        with:
          path: '.'
          fail-on: 'FAIL'

Every push and PR gets scanned against 12 OWASP rules. FAIL blocks the merge.

2

Add a badge to your README

Show your security status. Copy this line:

![AgentSign](https://img.shields.io/endpoint?url=https://registry.agentsign.dev/api/badge/YOUR-AGENT-NAME)

Replace YOUR-AGENT-NAME with your agent name. PASS = green, WARN = yellow, FAIL = red.

3

Or scan via API

POST your code directly. No auth needed:

curl -X POST https://registry.agentsign.dev/api/scan \
  -H "Content-Type: application/json" \
  -d '{"code": "YOUR_CODE_HERE", "name": "my-agent"}'

Returns verdict, risk score, and findings mapped to OWASP Agentic AI Top 10.

View on GitHub API Reference
API

Scan any agent in seconds

Public endpoints. No auth required. Rate-limited.

GET /api/badge/:name

shields.io-compatible badge. PASS = green, WARN = yellow, FAIL = red. Cached 5 minutes.

curl https://registry.agentsign.dev/api/badge/autogpt

{ "schemaVersion": 1, "label": "AgentSign", "message": "FAIL", "color": "red" }

POST /api/scan

Scan agent code against 12 OWASP rules. Max 50KB.

curl -X POST https://registry.agentsign.dev/api/scan \
  -H "Content-Type: application/json" \
  -d '{"code": "exec(user_input)", "name": "my-agent"}'

{ "verdict": "FAIL", "risk_score": 40, "findings": [...] }

GET /api/rules/version

Current rules version and count.

{ "version": "1.1.0", "rule_count": 12 }

GET /api/registry

Full registry as JSON. All 39 frameworks with verdicts and scores.

Give your agents an identity

The registry scans. The platform secures. Three API calls to zero trust.

Create Free Account Read Quickstart