Getting Started
Find the right tool for what you need to do.
Fastest path: Run init to assess your project, then follow the recommendations.
npx opena2a-cli init
"I want to scan a project for security issues"
Start with the CLI. It runs a security assessment and gives you a trust score.
npx opena2a-cli init"I want to check the trust score of an AI agent or MCP server"
Use trust to look up the trust profile, security posture, and supply chain data for any package.
opena2a trust @anthropic/mcp-server-fetch"I want to claim my agent and improve its trust score"
Use claim to verify your publisher identity and link it to your trust profile.
opena2a claim"I want to find vulnerabilities in my AI agent"
Use HackMyAgent for 147 security checks and attack simulation.
opena2a scan --attack"I have hardcoded API keys in my code"
Use protect to detect and migrate credentials to a secure vault.
opena2a protect"I want to prevent AI tools from leaking my credentials"
Use Secretless to block credential access in LLM contexts.
npx secretless-ai init"I want to monitor my agents at runtime"
Use ARP (Agent Runtime Protection) for process, network, and filesystem monitoring.
opena2a runtime start"I want to manage agent identities and trust"
Use AIM for Ed25519 identity, trust scoring, MCP security, and ABOM.
docker compose up -d"I want to benchmark my agent against a standard"
Use OASB for 222 standardized attack scenarios and compliance scoring.
opena2a benchmark"I want to learn AI agent security hands-on"
Use DVAA - an intentionally vulnerable agent you can practice attacking.
docker run -p 3000:3000 opena2a/dvaa"I want to detect AI agents in the browser"
Use BrowserGuard - a Chrome extension with 4-layer detection.
BrowserGuard docs"I need to assess post-quantum cryptographic readiness"
Use CryptoServe for crypto inventory, CBOM generation, and PQC assessment.
pip install cryptoservePlatform Overview
| Tool | Purpose | Install |
|---|---|---|
| OpenA2A CLI | Unified entry point for all tools | npm i -g opena2a-cli |
| HackMyAgent | Security testing (scan, attack, fix) | npm i -g hackmyagent |
| Secretless | Credential protection | npm i -g secretless-ai |
| AIM | Identity & access management | docker compose up -d |
| OASB | Security benchmark scoring | npm i -g hackmyagent |
| ARP | Runtime monitoring | npm i -g hackmyagent |
| DVAA | Security training | docker pull opena2a/dvaa |
| BrowserGuard | Browser agent detection | Chrome extension |
| CryptoServe | Post-quantum cryptographic readiness | pip install cryptoserve |