Portfolio

hackmyagent

opena2a-org

GitHub

Security toolkit for AI agents - verify skills, harden setups, scan for exposures

Summary

HackMyAgent is a TypeScript security scanner and red-team toolkit for AI agents, part of the OpenA2A ecosystem. It runs 209 static checks, 29 semantic analyses via NanoMind AST, and 164 adversarial payloads to detect credentials, prompt injection, MCP misconfigs, and agent vulnerabilities. Marked stable at v0.23.5 with 32 commits in the last month and 27 open todos, mostly release and documentation tasks.

Last commit
2w ago
Branch
fix/0.23.6-skill-template-and-section-aware-domains
Language
TypeScript
Stars
30
Commits (30d)
32
Open issues
5
Open PRs
0
Working tree
clean

Linked todos (0)

No todos linked to this repo.

Recent commits

chore(release): hackmyagent 0.23.5 (#213)
2w ago
fix(scan-soul): clamp score on HIGH findings (#206) (#212)
2w ago
fix(credential-context): downgrade gitignored .env to MEDIUM when never tracked (#208) (#211)
2w ago
fix(explainer): namespace `scan-soul --explain` citation with `hackmyagent` prefix (#209)
2w ago
ci(parity): bump SHA to pick up check-registered-ai-pypi 3-way (opena2a-parity#11) (#210)
3w ago
chore: bump @opena2a/cli-ui pin to 0.5.1 + Node 24 actions (#205)
3w ago
ci(parity): bump SHA to pick up check-registered-ai-pypi fixture (opena2a-parity#10) (#204)
3w ago
fix(check): query Registry with bare PyPI name (drop pip: prefix) (#198)
3w ago
chore: merge 0.23.3 release commits back to main (#199)
3w ago
fix(scanner): suppress NEMO-009 + AST-CRED-* false positives on test files, training corpora, and integrity manifests (nanomind#26) (#192)
3w ago
fix(check): honor --no-scan for pip:/pypi: targets (closes #195) (#197)
3w ago
ci(parity): bump SHA to pick up scan-soul-hardened fixture (opena2a-parity#9) (#196)
3w ago
ci(parity): bump SHA to pick up secure-empty-dir fixture (opena2a-parity#8) (#194)
3w ago
ci(parity): bump SHA to pick up check-not-found fixture (opena2a-parity#7) (#193)
3w ago
docs: add STATUS.md (stable) and status badge (#190)
3w ago
ci(parity): point uses: at opena2a-standards/opena2a-parity (org move) (#191)
3w ago
ci: rename parity.yml -> parity-gate.yml + add workflow_dispatch (#189)
3w ago
ci(parity): pin opena2a-parity workflow ref from @main to SHA (#188)
3w ago
chore(deps): audit fix - qs DoS (closes Dependabot #35) (#187)
3w ago
feat(telemetry): fire INTEGRITY_FAIL telemetry event per [CHIEF-CSR-018] + [CHIEF-CPO-022] (0.23.1) (#186)
3w ago
chore(telemetry): migrate to @opena2a/telemetry 0.2.0 successFromExitCode helper (#185)
3w ago
fix(deps): bump hono 4.12.15 -> 4.12.21, override ip-address to ^10.1.1 (#184)
4w ago
fix(deps): bump fast-uri 3.1.0 -> 3.1.2 to patch 2 HIGH transitive CVEs (#183)
4w ago
fix(cli): route uppercase bare names to npm not-found JSON (#161) (#182)
4w ago
fix(cli): clean up scan workspace on every exit path (#181)
1mo ago