OWASP AST-10 + Web3 Annexv0.3.1 · MIT

Audit every
Agent Skill

One command scans every skill installed in your project — for vulnerabilities, supply-chain risk, and policy drift. Results in seconds, aligned with the OWASP Agentic Skills Top 10.

Get in touch Read the Top 10 →

OWASP AST categories

Output formats

Agent platforms

0–100

Skill score range

~/my-project · agentsec audit

/ 100

Project score

8 skills scanned · 0 certified

17critical30high39medium33low

helpful-summarizer

v1.2.0

code-formatter

v1.2.0

csv-analyzer

v1.0.0

i18n-translator

v3.2.1

note-taker

v2.0.0

policy: strict⚠ WARN · 47 high/critical

The audit, live

Zero install. Zero config. Just run it.

agentsec — ~/.openclaw

Auto-detects every skill · Scans against OWASP AST-10 · Exits with code 1 on policy violation

How it works

Three steps.
Seconds each.

AgentSec is a single binary with zero runtime dependencies. It runs locally, never phones home, and produces deterministic audit artifacts you can diff, sign, and replay.

Discover

Crawls .skill/, skill.md files, and platform manifests across your project. No config, no flags — it finds every installed skill.

openclaw · claude · codex

Audit

Runs each skill through 10 OWASP categories: malicious prose injection, over-permissioned scopes, supply-chain drift, weak isolation, and more.

10 categories · 47 rules

Report

Text for humans, JSON for scripts, SARIF for IDEs, HTML for stakeholders. Gate CI with the exit code — zero special flags required.

4 formats · 4 policy presets

OWASP Agentic Skills Top 10

The 10 ways agent skills fail.

AgentSec scans for each of them, every run. Click a category to read the spec.

AST-01Critical

Malicious Skills

What it is

Skills that look legitimate but ship hidden payloads — credential stealers, backdoors, prompt injection buried in prose.

Why it matters

Skills run with the agent's full permissions. One bad install can leak keys, SSH, wallets, and shell access.

agentsec --verbose | grep AST-01OWASP AST-01 →

Outputs

One scan.
Four formats.

Humans read text. CI reads JSON. IDEs consume SARIF. Stakeholders open HTML. AgentSec emits any of them with --format.

audit-report.txt--format text

Loading audit-report.txt…

Open audit-report.txt →

Policies

Pick a preset. Or write your own.

Every audit runs against a policy. Four presets ship built-in, and you can define custom gates in .agentsecrc.

PresetBlocks criticalBlocks highRequires testsUse case

--policy default

Balanced

Blocks critical:yesBlocks high:—Requires tests:—

Blocks critical findings.

--policy strict

Enterprise

Blocks critical:yesBlocks high:yesRequires tests:yes

Blocks critical & high, enforces tests.

--policy permissive

Dev

Blocks critical:CVE onlyBlocks high:—Requires tests:—

Only blocks critical CVEs.

--policy owasp-top-10

Compliance

Blocks critical:yesBlocks high:yesRequires tests:—

Direct mapping to OWASP AST-10.

.agentsecrc

{

"policy": "strict",

"platform": "openclaw",

"format": "sarif",

"output": "audit.sarif"

}

Install

Audit skills.
Trust agents.

Start with npx agentsec. No install, no config, no flags.

Star on GitHub Read skill.md →

Get in touch

Questions about
skill security?

Whether you're building a skill, evaluating skills you've installed, or thinking about agent security broadly, say hello.

Audit everyAgent Skill