One CLI for
AI agent security

Scan for vulnerabilities, detect leaked credentials, pentest AI agents, and harden your security posture. One command. Open source.

$ npx opena2a-cli init
Scan Your ProjectView on GitHub

8 security PRs accepted by OpenClaw · 205K+ ★

7 merged, 1 open — credential redaction, path traversal, supply chain hardening, and more

4 npm packages

From the founders of CyberSecurity NonProfit (12,000+ security professionals)

Assess. Fix. Harden.

Three commands to go from vulnerable to verified.

Google API keys grant unintended AI access

Keys provisioned for Google Maps or Places can silently invoke Gemini LLM endpoints. AWS keys intended for S3 may reach Bedrock AI. OpenA2A detects these cross-service privilege escalations and creates deny-all broker policies.

DRIFT-001

Google API key can access Gemini AI

Maps/Places key invokes Gemini LLM endpoints

DRIFT-002

AWS key can invoke Bedrock LLMs

S3/EC2 key has Bedrock AI permissions

Terminal
$ opena2a init --verbose
Scope Drift Detected
DRIFT-001 Google Maps key -> Gemini AI src/config.js:5
DRIFT-002 AWS S3 key -> Bedrock AI src/aws.js:1
[CRITICAL] Migrate 2 drifted credentials
Run: opena2a protect

What it finds

Six categories of findings across credential, configuration, runtime, and supply chain security.

Hardcoded Credentials

Anthropic, OpenAI, Google, AWS, GitHub, and generic API key patterns across all source files.

CRED-001 through CRED-004

Scope Drift

API keys provisioned for one service that silently grant access to AI models. Google Maps to Gemini, AWS S3 to Bedrock.

DRIFT-001 and DRIFT-002

Config Integrity

SHA-256 signing for config files. Detect unauthorized modifications to package.json, mcp.json, Dockerfile.

opena2a guard sign/verify

Runtime Monitoring

Process, network, and filesystem activity monitoring. Protocol-aware scanning for MCP, A2A, and OpenAI endpoints.

opena2a runtime start

Supply Chain Verification

Binary integrity checks against the OpenA2A Trust Registry. Detect tampering in installed packages.

opena2a verify

Project Hygiene

.gitignore coverage, .env protection, lock file presence, MCP config detection, security config assessment.

Trust Score 0-100

One CLI, nine specialized tools

The CLI orchestrates purpose-built security tools through adapter commands. Each tool installs on first use and works standalone or through the unified interface.

Start here
opena2a init

OpenA2A CLI

Scan your project in one command. Trust score, scope drift detection, credential scan, and guided remediation.

Get started
Security testing
opena2a scan

HackMyAgent

150+ security checks across 10 categories. Attack simulation, auto-fix with rollback, CIS-style reports.

Get started
Credential safety
opena2a secrets

Secretless AI

Keeps credentials out of AI context windows. PreToolUse hooks block credential access across Claude Code, Cursor, Copilot.

Get started

AIM

Cryptographic identity and access control

OASB

222 attack scenarios, compliance scoring

DVAA

Vulnerable AI agent for training

ARP

Process and network monitoring

View full CLI documentation

Language-aware migration

Credential replacements match your language's env var idiom.

JavaScriptprocess.env.API_KEY
Pythonos.environ.get('API_KEY')
Goos.Getenv("API_KEY")
RubyENV['API_KEY']
JavaSystem.getenv("API_KEY")
Ruststd::env::var("API_KEY")

CI/CD integration

All commands support --format json and --ci flags.

# GitHub Actions
- name: Security assessment
  run: npx opena2a-cli init --ci --format json

- name: Credential check
  run: |
    npx opena2a-cli protect --dry-run --ci
    # Fail if credentials found

- name: Config integrity
  run: npx opena2a-cli guard verify --ci

Find leaked credentials in 30 seconds

One command scans your project for hardcoded secrets, scope drift, and misconfigurations. No signup required.

$ npx opena2a-cli init
Scan Your ProjectView on GitHub

Stay Updated on AI Agent Security

Subscribe to our newsletter for weekly insights, vulnerability alerts, and best practices