AgentCop automatically audits your LLM-powered agents for prompt injection, data exfiltration, privilege escalation, and 50+ other attack vectors — before they reach production — and blocks them at runtime.
Works with your stack
From static code analysis to runtime behavioral monitoring, AgentCop gives your team complete visibility into agent security posture.
Identifies unsanitized user inputs that could manipulate your agent's system prompt or override safety instructions.
AST-based data flow tracking follows tainted sources (user input, env vars, HTTP) through your code to dangerous sinks (eval, exec, subprocess).
Detects recursive agent loops without depth limits, unbounded retry patterns, and missing termination conditions that can cause runaway costs.
Detects framework-specific misconfigurations: LangChain missing guardrails, AutoGen no termination, CrewAI unbounded delegation, and more.
Sentinel generates targeted before/after code patches for every critical and warning finding — not generic advice, actual code fixes.
Point at a public GitHub repo, drop a ZIP archive, or paste code directly. All Python files analyzed recursively with import graph tracking.
Paste Python code, drop a ZIP archive, or enter a public GitHub repo URL. No install or signup required.
The engine builds a call graph, runs taint flow analysis, and fires 50+ OWASP LLM Top 10 rules — all in seconds.
Get Sentinel's verdict, a security score, and before/after code patches generated by Claude for every critical finding.
AgentCop is the only scanner purpose-built for agentic systems, covering all OWASP LLM Top 10 categories plus agent-specific risks not found in traditional SAST tools.
AgentCop is fully open source. No plans, no paywalls, no credit card required.
agentcop doesn't just detect threats. it blocks them.
Every tool call checked before execution. Unauthorized actions blocked, not just flagged.
Agents declare what they need. Everything else is denied by default.
Agent execution isolated. File system, network, subprocess — all intercepted.
High-risk actions pause for human approval. You stay in control.
Paste code, upload a ZIP, or point at a GitHub repo. No signup required.
🔒 Now with Runtime Enforcement — execution gating, permission layer, sandbox, approval boundaries.
Moltbook agents read untrusted content from other agents. This is the #1 injection attack surface in 2026.
Parsing AST...
Running taint analysis, call graph, and rule engine
Scan Failed
No findings in this category
Try a different filter
This skill passed all security checks and is ready for ClawHub submission.
Copies badge markdown to clipboard · paste in your SKILL.md
| Pattern | Risk | Example |
|---|---|---|
| "ignore previous instructions" | CRITICAL | Classic prompt injection via post_received |
| "system:" prefix | CRITICAL | System prompt override attempt |
| "<|im_start|>system" | CRITICAL | ChatML token injection |
| "[INST]" / "<s>" | CRITICAL | Llama/Mistral format injection |
| Unsanitized mention_received | WARNING | Mention content triggers skill execution |
| heartbeat / ping data → LLM | WARNING | Status messages can carry payloads |
| Unverified skill execution | WARNING | No badge check before run() |
| Output posted to feed raw | WARNING | Injection worm propagation vector |