AgentLint：AI代理配置的靜態安全掃描器

Hacker News·3 個月前

AgentLint是一款新推出的靜態安全掃描器，旨在審核AI代理的配置，特別針對Claude Code、Cursor和CLAUDE.md文件，以在執行前偵測到命令注入和洩漏機密等風險模式。

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly

To see all available qualifiers, see our documentation.

Supply-chain security for AI agent configurations. Scan Claude Code, Cursor, and CLAUDE.md files for risky patterns.

License

Uh oh!

There was an error while loading. Please reload this page.

akz4ol/agentlint

Folders and files

Latest commit

History

Repository files navigation

AgentLint

Supply-chain security for AI agent configurations

AgentLint helps developers and security teams audit AI agent configurations before they execute—catching curl | bash, secret leaks, and privilege escalation in Claude Code, Cursor, and CLAUDE.md files.

Why AgentLint?

AI coding agents are powerful—but their configuration files are a new attack surface:

AgentLint treats agent configs like code: scan, diff, and gate them in CI.

Quick Start

Expected output (clean project):

Expected output (risky config):

How It Works

Examples

Try AgentLint on our example configs:

See examples/ for full details.

What It Detects

Run agentlint rules list to see all rules, or agentlint rules explain EXEC-001 for details.

CI/CD Integration

GitHub Actions

Findings appear as code annotations in PRs via GitHub Code Scanning.

Exit Codes

Configuration

Create agentlint.yaml to customize behavior:

Generate a starter config:

Auto-Fix

Automatically fix simple issues:

Currently fixable rules:

Baseline

Suppress known findings to focus on new issues:

Diff Mode

Detect behavioral changes between versions:

Comparison with Alternatives

AgentLint is purpose-built for AI agent configs. General linters miss agent-specific risks.

Integrations

Roadmap

Documentation