← Back to search

@microsoft/agentos-mcp-server

microsoft MIT 1,590 stars Scanned 48d ago

Public Preview — AgentOS MCP Server for Claude Desktop: Build, deploy, and manage policy-compliant autonomous agents

D
58.6 / 100

Versions

3.7.0 latest
May 18, 2026
3.6.0
May 18, 2026
3.5.0
May 8, 2026
3.4.0
May 5, 2026
3.3.0
Apr 27, 2026
+ show 12 more show less
3.2.2
Apr 22, 2026
3.2.1
Apr 22, 2026
3.2.0
Apr 22, 2026
3.1.1
Apr 21, 2026
3.1.0
Apr 11, 2026
3.0.1
Apr 1, 2026
3.0.0
Mar 26, 2026
2.3.0
Mar 26, 2026
2.2.0
Mar 18, 2026
1.1.0
Mar 8, 2026
1.0.1
Mar 6, 2026
1.0.0
Mar 4, 2026
PermissionsTool SafetyAuthAnnotationsCode QualityStabilitySpecVuln HistoryAuthorTransparencyCommunity

Tools 12

read_file
annotations: none low

Read a file by path. Requires minimum trust score of 300. Args: path: File path to read. agent_did: The calling agent's DID (e.g. "did:mesh:abc123"). trust_score: The agent's current trust score (0-1000).

path str agent_did str trust_score int
write_file
annotations: none low

Write content to a file. Requires trust >= 600 and fs_write capability. Args: path: Destination file path. content: Content to write. agent_did: The calling agent's DID. trust_score: The agent's current trust score (0-1000). capabilities: List of agent capabilities (must include "fs_write").

path str content str agent_did str trust_score int capabilities string
query_database
annotations: none low

Execute a read-only SQL query. Requires trust >= 800, db_query capability, rate-limited to 10/min. Args: sql: The SQL query to execute (read-only). agent_did: The calling agent's DID. trust_score: The agent's current trust score (0-1000). capabilities: List of agent capabilities (must include "db_query").

sql str agent_did str trust_score int capabilities string
filesystem_read
annotations: none low

Read a file from the filesystem (with governance).

params string
database_query
annotations: none low

Query a database (with governance).

params string
api_call
annotations: none low

Call an external API (with rate limiting).

params string
check_trust
annotations: none low

Check if an agent is trusted. Returns the agent's overall trust score, trust level, and all five trust dimensions (competence, integrity, availability, predictability, transparency). Args: agent_did: The DID of the agent to check (e.g. "did:mesh:abc123").

agent_did str
get_trust_score
annotations: none low

Get a detailed trust score with all 5 dimensions. Dimensions: competence, integrity, availability, predictability, transparency. Each dimension is scored 0-1000. Args: agent_did: The DID of the agent to query.

agent_did str
establish_handshake
annotations: none low

Initiate a trust handshake with a peer agent. Creates a cryptographic challenge, records the handshake, and returns a signed token the peer can verify. Args: peer_did: The DID of the peer agent to handshake with. capabilities: List of capability strings requested for this session.

peer_did str capabilities string
verify_delegation
annotations: none low

Verify that a scope chain from *delegator_did* to *agent_did* is valid. Checks that the agent's DID is known, the delegator's trust score is sufficient, and the requested capability is plausible. Args: agent_did: The DID of the agent claiming delegated authority. delegator_did: The DID of the delegator (parent agent). capability: The capability being delegated (e.g. "read:data").

agent_did str capability str delegator_did str
record_interaction
annotations: none low

Record an interaction outcome to update trust scores. Valid outcomes: ``success``, ``failure``, ``timeout``, ``partial``. Positive outcomes raise trust; negative outcomes lower it. Args: peer_did: The DID of the peer agent involved. outcome: Interaction result — one of success, failure, timeout, partial. details: Free-text description of the interaction.

details str outcome str peer_did str
get_identity
annotations: none low

Get this agent's identity info. Returns the server's DID, public key, name, and capabilities.

Permissions 5

network medium
Server uses network capabilities via: aiohttp, fetch(), http, httpx, requests, socket, urllib, websocket, ws
filesystem low
Server uses filesystem capabilities via: fs, fs sync ops, fs.promises, glob, open(), os, path, pathlib, shutil, tempfile
shell high
Server uses shell capabilities via: child_process, execSync(), os.system(), spawn(), subprocess
database medium
Server uses database capabilities via: redis, sqlalchemy, sqlite3
env_vars low
Server uses env_vars capabilities via: os.environ, os.getenv(), process.env

Scan Findings 518

info
package.json metadata manifest_parser · 100%
info
pyproject.toml metadata manifest_parser · 100%
info
Tool: read_file manifest_parser · 90%
info
Tool: write_file manifest_parser · 90%
info
Tool: query_database manifest_parser · 90%
info
Tool: filesystem_read manifest_parser · 90%
info
Tool: database_query manifest_parser · 90%
info
Tool: api_call manifest_parser · 90%
info
Tool: check_trust manifest_parser · 90%
info
Tool: get_trust_score manifest_parser · 90%
info
Tool: establish_handshake manifest_parser · 90%
info
Tool: verify_delegation manifest_parser · 90%
info
Tool: record_interaction manifest_parser · 90%
info
Tool: get_identity manifest_parser · 90%
info
Transport: stdio manifest_parser · 90%
info
Required env vars (158) manifest_parser · 80%
low
Tool 'read_file' has no annotations annotation_checker · 100%
low
Tool 'write_file' has no annotations annotation_checker · 100%
low
Tool 'query_database' has no annotations annotation_checker · 100%
low
Tool 'filesystem_read' has no annotations annotation_checker · 100%
low
Tool 'database_query' has no annotations annotation_checker · 100%
low
Tool 'api_call' has no annotations annotation_checker · 100%
low
Tool 'check_trust' has no annotations annotation_checker · 100%
low
Tool 'get_trust_score' has no annotations annotation_checker · 100%
low
Tool 'establish_handshake' has no annotations annotation_checker · 100%
low
Tool 'verify_delegation' has no annotations annotation_checker · 100%
low
Tool 'record_interaction' has no annotations annotation_checker · 100%
low
Tool 'get_identity' has no annotations annotation_checker · 100%
high
Hardcoded API key in agent-governance-python/agent-os/tests/test_security_skills.py auth_checker · 90%
medium
Permission: network access detected permission_analyzer · 90%
low
Permission: filesystem access detected permission_analyzer · 90%
high
Permission: shell access detected permission_analyzer · 95%
medium
Permission: database access detected permission_analyzer · 90%
low
Permission: env_vars access detected permission_analyzer · 90%
medium
Excessive dependency count: 324 direct dependencies dependency_analyzer · 90%
medium
Suspicious package name: react-dom dependency_analyzer · 60%
medium
Vulnerable dependency: zod@3.22.0 (GHSA-m95q-7qp3-xv42) dependency_analyzer · 95%
medium
Vulnerable dependency: mcp@1.0.0 (GHSA-3qhf-m339-9g5v) dependency_analyzer · 95%
medium
Vulnerable dependency: mcp@1.0.0 (GHSA-9h52-p55h-vw2f) dependency_analyzer · 95%
medium
Vulnerable dependency: mcp@1.0.0 (GHSA-j975-95f5-7wqh) dependency_analyzer · 95%
medium
Vulnerable dependency: pytest@7.4.0 (GHSA-6w46-j5rx-g56g) dependency_analyzer · 95%
medium
Vulnerable dependency: pynacl@1.5.0 (GHSA-mrfv-m5wm-5w6w) dependency_analyzer · 95%
medium
Vulnerable dependency: python-multipart@0.0.26 (GHSA-pp6c-gr5w-3c5g) dependency_analyzer · 95%
medium
Vulnerable dependency: langchain-core@1.2.28 (GHSA-pjwx-r37v-7724) dependency_analyzer · 95%
medium
Vulnerable dependency: llama-index-core@0.13.0,<0.15.0 (GHSA-3wxx-q3gv-pvvv) dependency_analyzer · 95%
medium
Vulnerable dependency: llama-index-core@0.13.0,<0.15.0 (GHSA-488g-hw5f-x29p) dependency_analyzer · 95%
medium
Vulnerable dependency: llama-index-core@0.13.0,<0.15.0 (GHSA-7753-xrfw-ch36) dependency_analyzer · 95%
medium
Vulnerable dependency: llama-index-core@0.13.0,<0.15.0 (GHSA-cr7q-2w66-hjcm) dependency_analyzer · 95%
medium
Vulnerable dependency: llama-index-core@0.13.0,<0.15.0 (GHSA-fxc2-8m62-m85x) dependency_analyzer · 95%
medium
Vulnerable dependency: llama-index-core@0.13.0,<0.15.0 (GHSA-j3wr-m6xh-64hg) dependency_analyzer · 95%
medium
Vulnerable dependency: llama-index-core@0.13.0,<0.15.0 (GHSA-r6gp-rff2-p3hf) dependency_analyzer · 95%
medium
Vulnerable dependency: llama-index-core@0.13.0,<0.15.0 (GHSA-wvpx-g427-q9wc) dependency_analyzer · 95%
medium
Vulnerable dependency: cryptography@46.0.7,<47.0 (GHSA-3ww4-gg4f-jr7f) dependency_analyzer · 95%
medium
Vulnerable dependency: cryptography@46.0.7,<47.0 (GHSA-9v9h-cgj8-h64p) dependency_analyzer · 95%
medium
Vulnerable dependency: cryptography@46.0.7,<47.0 (GHSA-hggm-jpg3-v476) dependency_analyzer · 95%
medium
Vulnerable dependency: cryptography@46.0.7,<47.0 (GHSA-m959-cc7f-wv43) dependency_analyzer · 95%
medium
Vulnerable dependency: cryptography@46.0.7,<47.0 (GHSA-q3cj-2r34-2cwc) dependency_analyzer · 95%
medium
Vulnerable dependency: cryptography@46.0.7,<47.0 (GHSA-r6ph-v2qm-q3c2) dependency_analyzer · 95%
medium
Vulnerable dependency: cryptography@46.0.7,<47.0 (PYSEC-2017-8) dependency_analyzer · 95%
medium
Vulnerable dependency: cryptography@46.0.7,<47.0 (PYSEC-2021-62) dependency_analyzer · 95%
medium
Vulnerable dependency: cryptography@46.0.7,<47.0 (PYSEC-2026-35) dependency_analyzer · 95%
medium
Vulnerable dependency: pyyaml@6.0,<7.0 (GHSA-8q59-q68h-6hv4) dependency_analyzer · 95%
medium
Vulnerable dependency: pyyaml@6.0,<7.0 (GHSA-rprw-h62v-c2w7) dependency_analyzer · 95%
medium
Vulnerable dependency: pyyaml@6.0,<7.0 (PYSEC-2018-49) dependency_analyzer · 95%
medium
Vulnerable dependency: pyyaml@6.0,<7.0 (PYSEC-2021-142) dependency_analyzer · 95%
medium
Vulnerable dependency: httpx@0.27.0,<1.0 (GHSA-h8pj-cxx2-jfg2) dependency_analyzer · 95%
medium
Vulnerable dependency: httpx@0.27.0,<1.0 (PYSEC-2022-183) dependency_analyzer · 95%
medium
Vulnerable dependency: pydantic@2.4.0,<3.0 (GHSA-5jqp-qgf6-3pvh) dependency_analyzer · 95%
medium
Vulnerable dependency: pydantic@2.4.0,<3.0 (GHSA-mr82-8j83-vxmv) dependency_analyzer · 95%
medium
Vulnerable dependency: pydantic@2.4.0,<3.0 (PYSEC-2021-47) dependency_analyzer · 95%
medium
Vulnerable dependency: pydantic@2.5.0,<3.0 (GHSA-5jqp-qgf6-3pvh) dependency_analyzer · 95%
medium
Vulnerable dependency: pydantic@2.5.0,<3.0 (GHSA-mr82-8j83-vxmv) dependency_analyzer · 95%
medium
Vulnerable dependency: pydantic@2.5.0,<3.0 (PYSEC-2021-47) dependency_analyzer · 95%
medium
Vulnerable dependency: numpy@1.20.0,<2.0 (GHSA-2fc2-6r4j-p65h) dependency_analyzer · 95%
medium
Vulnerable dependency: numpy@1.20.0,<2.0 (GHSA-5545-2q6w-2gh6) dependency_analyzer · 95%
medium
Vulnerable dependency: numpy@1.20.0,<2.0 (GHSA-9fq2-x9r6-wfmf) dependency_analyzer · 95%
medium
Vulnerable dependency: numpy@1.20.0,<2.0 (GHSA-cw6w-4rcx-xphc) dependency_analyzer · 95%
medium
Vulnerable dependency: numpy@1.20.0,<2.0 (GHSA-f7c7-j99h-c22f) dependency_analyzer · 95%
medium
Vulnerable dependency: numpy@1.20.0,<2.0 (GHSA-fpfv-jqm9-f5jm) dependency_analyzer · 95%
medium
Vulnerable dependency: numpy@1.20.0,<2.0 (GHSA-frgw-fgh6-9g52) dependency_analyzer · 95%
medium
Vulnerable dependency: numpy@1.20.0,<2.0 (PYSEC-2017-1) dependency_analyzer · 95%
medium
Vulnerable dependency: numpy@1.20.0,<2.0 (PYSEC-2018-33) dependency_analyzer · 95%
medium
Vulnerable dependency: numpy@1.20.0,<2.0 (PYSEC-2018-34) dependency_analyzer · 95%
medium
Vulnerable dependency: numpy@1.20.0,<2.0 (PYSEC-2019-108) dependency_analyzer · 95%
medium
Vulnerable dependency: numpy@1.20.0,<2.0 (PYSEC-2021-856) dependency_analyzer · 95%
medium
Vulnerable dependency: numpy@1.20.0,<2.0 (PYSEC-2021-857) dependency_analyzer · 95%
medium
Vulnerable dependency: fastapi@0.115.0,<1.0 (GHSA-8h2j-cgx8-6xv7) dependency_analyzer · 95%
medium
Vulnerable dependency: fastapi@0.115.0,<1.0 (PYSEC-2021-100) dependency_analyzer · 95%
medium
Vulnerable dependency: fastapi@0.115.0,<1.0 (PYSEC-2024-38) dependency_analyzer · 95%
medium
Vulnerable dependency: pypdf@6.10.2,<7.0 (GHSA-2q4j-m29v-hq73) dependency_analyzer · 95%
medium
Vulnerable dependency: pypdf@6.10.2,<7.0 (GHSA-2rw7-x74f-jg35) dependency_analyzer · 95%
medium
Vulnerable dependency: pypdf@6.10.2,<7.0 (GHSA-3crg-w4f6-42mx) dependency_analyzer · 95%
medium
Vulnerable dependency: pypdf@6.10.2,<7.0 (GHSA-4f6g-68pf-7vhv) dependency_analyzer · 95%
medium
Vulnerable dependency: pypdf@6.10.2,<7.0 (GHSA-4pxv-j86v-mhcw) dependency_analyzer · 95%
medium
Vulnerable dependency: pypdf@6.10.2,<7.0 (GHSA-4xc4-762w-m6cg) dependency_analyzer · 95%
medium
Vulnerable dependency: pypdf@6.10.2,<7.0 (GHSA-7gw9-cf7v-778f) dependency_analyzer · 95%
medium
Vulnerable dependency: pypdf@6.10.2,<7.0 (GHSA-7hfw-26vp-jp8m) dependency_analyzer · 95%
medium
Vulnerable dependency: pypdf@6.10.2,<7.0 (GHSA-87mj-5ggw-8qc3) dependency_analyzer · 95%
medium
Vulnerable dependency: pypdf@6.10.2,<7.0 (GHSA-996q-pr4m-cvgq) dependency_analyzer · 95%
medium
Vulnerable dependency: pypdf@6.10.2,<7.0 (GHSA-9m86-7pmv-2852) dependency_analyzer · 95%
medium
Vulnerable dependency: pypdf@6.10.2,<7.0 (GHSA-9mvc-8737-8j8h) dependency_analyzer · 95%
medium
Vulnerable dependency: pypdf@6.10.2,<7.0 (GHSA-f2v5-7jq9-h8cg) dependency_analyzer · 95%
medium
Vulnerable dependency: pypdf@6.10.2,<7.0 (GHSA-hqmh-ppp3-xvm7) dependency_analyzer · 95%
medium
Vulnerable dependency: pypdf@6.10.2,<7.0 (GHSA-jfx9-29x2-rv3j) dependency_analyzer · 95%
medium
Vulnerable dependency: pypdf@6.10.2,<7.0 (GHSA-jj6c-8h6c-hppx) dependency_analyzer · 95%
medium
Vulnerable dependency: pypdf@6.10.2,<7.0 (GHSA-m449-cwjh-6pw7) dependency_analyzer · 95%
medium
Vulnerable dependency: pypdf@6.10.2,<7.0 (GHSA-qpxp-75px-xjcp) dependency_analyzer · 95%
medium
Vulnerable dependency: pypdf@6.10.2,<7.0 (GHSA-vr63-x8vc-m265) dependency_analyzer · 95%
medium
Vulnerable dependency: pypdf@6.10.2,<7.0 (GHSA-wgvp-vg3v-2xq3) dependency_analyzer · 95%
medium
Vulnerable dependency: pypdf@6.10.2,<7.0 (GHSA-x284-j5p8-9c5p) dependency_analyzer · 95%
medium
Vulnerable dependency: pypdf@6.10.2,<7.0 (GHSA-x7hp-r3qg-r3cj) dependency_analyzer · 95%
medium
Vulnerable dependency: lxml@4.9.3,<7.0 (GHSA-55x5-fj6c-h6m8) dependency_analyzer · 95%
medium
Vulnerable dependency: lxml@4.9.3,<7.0 (GHSA-57qw-cc2g-pv5p) dependency_analyzer · 95%
medium
Vulnerable dependency: lxml@4.9.3,<7.0 (GHSA-jq4v-f5q6-mjqq) dependency_analyzer · 95%
medium
Vulnerable dependency: lxml@4.9.3,<7.0 (GHSA-pgww-xf46-h92r) dependency_analyzer · 95%
medium
Vulnerable dependency: lxml@4.9.3,<7.0 (GHSA-vfmq-68hx-4jfw) dependency_analyzer · 95%
medium
Vulnerable dependency: lxml@4.9.3,<7.0 (GHSA-wrxv-2j5q-m38w) dependency_analyzer · 95%
medium
Vulnerable dependency: lxml@4.9.3,<7.0 (GHSA-xp26-p53h-6h2p) dependency_analyzer · 95%
medium
Vulnerable dependency: lxml@4.9.3,<7.0 (PYSEC-2014-9) dependency_analyzer · 95%
medium
Vulnerable dependency: lxml@4.9.3,<7.0 (PYSEC-2018-12) dependency_analyzer · 95%
medium
Vulnerable dependency: lxml@4.9.3,<7.0 (PYSEC-2021-19) dependency_analyzer · 95%
medium
Vulnerable dependency: lxml@4.9.3,<7.0 (PYSEC-2021-852) dependency_analyzer · 95%
medium
Vulnerable dependency: lxml@4.9.3,<7.0 (PYSEC-2022-230) dependency_analyzer · 95%
medium
Vulnerable dependency: lxml@4.9.3,<7.0 (PYSEC-2026-87) dependency_analyzer · 95%
medium
Vulnerable dependency: python-multipart@0.0.22,<1.0 (GHSA-2jv5-9r88-3w3p) dependency_analyzer · 95%
medium
Vulnerable dependency: python-multipart@0.0.22,<1.0 (GHSA-59g5-xgcq-4qw3) dependency_analyzer · 95%
medium
Vulnerable dependency: python-multipart@0.0.22,<1.0 (GHSA-mj87-hwqh-73pj) dependency_analyzer · 95%
medium
Vulnerable dependency: python-multipart@0.0.22,<1.0 (GHSA-pp6c-gr5w-3c5g) dependency_analyzer · 95%
medium
Vulnerable dependency: python-multipart@0.0.22,<1.0 (GHSA-wp53-j4wj-2cfg) dependency_analyzer · 95%
medium
Vulnerable dependency: numpy@1.26.2,<2.0 (GHSA-2fc2-6r4j-p65h) dependency_analyzer · 95%
medium
Vulnerable dependency: numpy@1.26.2,<2.0 (GHSA-5545-2q6w-2gh6) dependency_analyzer · 95%
medium
Vulnerable dependency: numpy@1.26.2,<2.0 (GHSA-9fq2-x9r6-wfmf) dependency_analyzer · 95%
medium
Vulnerable dependency: numpy@1.26.2,<2.0 (GHSA-cw6w-4rcx-xphc) dependency_analyzer · 95%
medium
Vulnerable dependency: numpy@1.26.2,<2.0 (GHSA-f7c7-j99h-c22f) dependency_analyzer · 95%
medium
Vulnerable dependency: numpy@1.26.2,<2.0 (GHSA-fpfv-jqm9-f5jm) dependency_analyzer · 95%
medium
Vulnerable dependency: numpy@1.26.2,<2.0 (GHSA-frgw-fgh6-9g52) dependency_analyzer · 95%
medium
Vulnerable dependency: numpy@1.26.2,<2.0 (PYSEC-2017-1) dependency_analyzer · 95%
medium
Vulnerable dependency: numpy@1.26.2,<2.0 (PYSEC-2018-33) dependency_analyzer · 95%
medium
Vulnerable dependency: numpy@1.26.2,<2.0 (PYSEC-2018-34) dependency_analyzer · 95%
medium
Vulnerable dependency: numpy@1.26.2,<2.0 (PYSEC-2019-108) dependency_analyzer · 95%
medium
Vulnerable dependency: numpy@1.26.2,<2.0 (PYSEC-2021-856) dependency_analyzer · 95%
medium
Vulnerable dependency: numpy@1.26.2,<2.0 (PYSEC-2021-857) dependency_analyzer · 95%
medium
Vulnerable dependency: scikit-learn@1.6.1,<2.0 (GHSA-jjw5-xxj6-pcv5) dependency_analyzer · 95%
medium
Vulnerable dependency: scikit-learn@1.6.1,<2.0 (GHSA-jw8x-6495-233v) dependency_analyzer · 95%
medium
Vulnerable dependency: scikit-learn@1.6.1,<2.0 (PYSEC-2020-107) dependency_analyzer · 95%
medium
Vulnerable dependency: scikit-learn@1.6.1,<2.0 (PYSEC-2020-108) dependency_analyzer · 95%
medium
Vulnerable dependency: scikit-learn@1.6.1,<2.0 (PYSEC-2024-110) dependency_analyzer · 95%
medium
Vulnerable dependency: pyyaml@6.0.0,<7.0 (GHSA-8q59-q68h-6hv4) dependency_analyzer · 95%
medium
Vulnerable dependency: pyyaml@6.0.0,<7.0 (GHSA-rprw-h62v-c2w7) dependency_analyzer · 95%
medium
Vulnerable dependency: pyyaml@6.0.0,<7.0 (PYSEC-2018-49) dependency_analyzer · 95%
medium
Vulnerable dependency: pyyaml@6.0.0,<7.0 (PYSEC-2021-142) dependency_analyzer · 95%
medium
Vulnerable dependency: aiohttp@3.13.4,<4.0 (GHSA-2vrm-gr82-f7m5) dependency_analyzer · 95%
medium
Vulnerable dependency: aiohttp@3.13.4,<4.0 (GHSA-3wq7-rqq7-wx6j) dependency_analyzer · 95%
medium
Vulnerable dependency: aiohttp@3.13.4,<4.0 (GHSA-45c4-8wx5-qw6w) dependency_analyzer · 95%
medium
Vulnerable dependency: aiohttp@3.13.4,<4.0 (GHSA-54jq-c3m8-4m76) dependency_analyzer · 95%
medium
Vulnerable dependency: aiohttp@3.13.4,<4.0 (GHSA-5m98-qgg9-wh84) dependency_analyzer · 95%
medium
Vulnerable dependency: aiohttp@3.13.4,<4.0 (GHSA-63hf-3vf5-4wqf) dependency_analyzer · 95%
medium
Vulnerable dependency: aiohttp@3.13.4,<4.0 (GHSA-69f9-5gxw-wvc2) dependency_analyzer · 95%
medium
Vulnerable dependency: aiohttp@3.13.4,<4.0 (GHSA-6jhg-hg63-jvvf) dependency_analyzer · 95%
medium
Vulnerable dependency: aiohttp@3.13.4,<4.0 (GHSA-6mq8-rvhq-8wgg) dependency_analyzer · 95%
medium
Vulnerable dependency: aiohttp@3.13.4,<4.0 (GHSA-7gpw-8wmc-pm8g) dependency_analyzer · 95%
medium
Vulnerable dependency: aiohttp@3.13.4,<4.0 (GHSA-8495-4g3g-x7pr) dependency_analyzer · 95%
medium
Vulnerable dependency: aiohttp@3.13.4,<4.0 (GHSA-8qpw-xqxj-h4r2) dependency_analyzer · 95%
medium
Vulnerable dependency: aiohttp@3.13.4,<4.0 (GHSA-9548-qrrj-x5pj) dependency_analyzer · 95%
medium
Vulnerable dependency: aiohttp@3.13.4,<4.0 (GHSA-966j-vmvw-g2g9) dependency_analyzer · 95%
medium
Vulnerable dependency: aiohttp@3.13.4,<4.0 (GHSA-c427-h43c-vf67) dependency_analyzer · 95%
medium
Vulnerable dependency: aiohttp@3.13.4,<4.0 (GHSA-fh55-r93g-j68g) dependency_analyzer · 95%
medium
Vulnerable dependency: aiohttp@3.13.4,<4.0 (GHSA-g84x-mcqj-x9qq) dependency_analyzer · 95%
medium
Vulnerable dependency: aiohttp@3.13.4,<4.0 (GHSA-gfw2-4jvh-wgfg) dependency_analyzer · 95%
medium
Vulnerable dependency: aiohttp@3.13.4,<4.0 (GHSA-hcc4-c3v8-rx92) dependency_analyzer · 95%
medium
Vulnerable dependency: aiohttp@3.13.4,<4.0 (GHSA-jj3x-wxrx-4x23) dependency_analyzer · 95%
medium
Vulnerable dependency: aiohttp@3.13.4,<4.0 (GHSA-m5qp-6w8w-w647) dependency_analyzer · 95%
medium
Vulnerable dependency: aiohttp@3.13.4,<4.0 (GHSA-mqqc-3gqh-h2x8) dependency_analyzer · 95%
medium
Vulnerable dependency: aiohttp@3.13.4,<4.0 (GHSA-mwh4-6h8g-pg8w) dependency_analyzer · 95%
medium
Vulnerable dependency: aiohttp@3.13.4,<4.0 (GHSA-p998-jp59-783m) dependency_analyzer · 95%
medium
Vulnerable dependency: aiohttp@3.13.4,<4.0 (GHSA-pjjw-qhg8-p2p9) dependency_analyzer · 95%
medium
Vulnerable dependency: aiohttp@3.13.4,<4.0 (GHSA-q3qx-c6g2-7pw2) dependency_analyzer · 95%
medium
Vulnerable dependency: aiohttp@3.13.4,<4.0 (GHSA-qvrw-v9rv-5rjx) dependency_analyzer · 95%
medium
Vulnerable dependency: aiohttp@3.13.4,<4.0 (GHSA-v6wp-4m6f-gcjg) dependency_analyzer · 95%
medium
Vulnerable dependency: aiohttp@3.13.4,<4.0 (GHSA-w2fm-2cpv-w7v5) dependency_analyzer · 95%
medium
Vulnerable dependency: aiohttp@3.13.4,<4.0 (GHSA-xx9p-xxvh-7g8j) dependency_analyzer · 95%
medium
Vulnerable dependency: aiohttp@3.13.4,<4.0 (PYSEC-2021-76) dependency_analyzer · 95%
medium
Vulnerable dependency: aiohttp@3.13.4,<4.0 (PYSEC-2023-120) dependency_analyzer · 95%
medium
Vulnerable dependency: aiohttp@3.13.4,<4.0 (PYSEC-2023-246) dependency_analyzer · 95%
medium
Vulnerable dependency: aiohttp@3.13.4,<4.0 (PYSEC-2023-247) dependency_analyzer · 95%
medium
Vulnerable dependency: aiohttp@3.13.4,<4.0 (PYSEC-2023-250) dependency_analyzer · 95%
medium
Vulnerable dependency: aiohttp@3.13.4,<4.0 (PYSEC-2023-251) dependency_analyzer · 95%
medium
Vulnerable dependency: aiohttp@3.13.4,<4.0 (PYSEC-2024-26) dependency_analyzer · 95%
medium
Vulnerable dependency: mcp@1.0.0,<2.0 (GHSA-3qhf-m339-9g5v) dependency_analyzer · 95%
medium
Vulnerable dependency: mcp@1.0.0,<2.0 (GHSA-9h52-p55h-vw2f) dependency_analyzer · 95%
medium
Vulnerable dependency: mcp@1.0.0,<2.0 (GHSA-j975-95f5-7wqh) dependency_analyzer · 95%
medium
Vulnerable dependency: pydantic@2.4.0,<3.0.0 (GHSA-5jqp-qgf6-3pvh) dependency_analyzer · 95%
medium
Vulnerable dependency: pydantic@2.4.0,<3.0.0 (GHSA-mr82-8j83-vxmv) dependency_analyzer · 95%
medium
Vulnerable dependency: pydantic@2.4.0,<3.0.0 (PYSEC-2021-47) dependency_analyzer · 95%
medium
Vulnerable dependency: numpy@1.24.0,<2.0 (GHSA-2fc2-6r4j-p65h) dependency_analyzer · 95%
medium
Vulnerable dependency: numpy@1.24.0,<2.0 (GHSA-5545-2q6w-2gh6) dependency_analyzer · 95%
medium
Vulnerable dependency: numpy@1.24.0,<2.0 (GHSA-9fq2-x9r6-wfmf) dependency_analyzer · 95%
medium
Vulnerable dependency: numpy@1.24.0,<2.0 (GHSA-cw6w-4rcx-xphc) dependency_analyzer · 95%
medium
Vulnerable dependency: numpy@1.24.0,<2.0 (GHSA-f7c7-j99h-c22f) dependency_analyzer · 95%
medium
Vulnerable dependency: numpy@1.24.0,<2.0 (GHSA-fpfv-jqm9-f5jm) dependency_analyzer · 95%
medium
Vulnerable dependency: numpy@1.24.0,<2.0 (GHSA-frgw-fgh6-9g52) dependency_analyzer · 95%
medium
Vulnerable dependency: numpy@1.24.0,<2.0 (PYSEC-2017-1) dependency_analyzer · 95%
medium
Vulnerable dependency: numpy@1.24.0,<2.0 (PYSEC-2018-33) dependency_analyzer · 95%
medium
Vulnerable dependency: numpy@1.24.0,<2.0 (PYSEC-2018-34) dependency_analyzer · 95%
medium
Vulnerable dependency: numpy@1.24.0,<2.0 (PYSEC-2019-108) dependency_analyzer · 95%
medium
Vulnerable dependency: numpy@1.24.0,<2.0 (PYSEC-2021-856) dependency_analyzer · 95%
medium
Vulnerable dependency: numpy@1.24.0,<2.0 (PYSEC-2021-857) dependency_analyzer · 95%
medium
Vulnerable dependency: uvicorn@0.27.0,<1.0 (GHSA-33c7-2mpw-hg34) dependency_analyzer · 95%
medium
Vulnerable dependency: uvicorn@0.27.0,<1.0 (GHSA-f97h-2pfx-f59f) dependency_analyzer · 95%
medium
Vulnerable dependency: uvicorn@0.27.0,<1.0 (PYSEC-2020-150) dependency_analyzer · 95%
medium
Vulnerable dependency: uvicorn@0.27.0,<1.0 (PYSEC-2020-151) dependency_analyzer · 95%
medium
Vulnerable dependency: pydantic@2.5.3,<3.0 (GHSA-5jqp-qgf6-3pvh) dependency_analyzer · 95%
medium
Vulnerable dependency: pydantic@2.5.3,<3.0 (GHSA-mr82-8j83-vxmv) dependency_analyzer · 95%
medium
Vulnerable dependency: pydantic@2.5.3,<3.0 (PYSEC-2021-47) dependency_analyzer · 95%
medium
Vulnerable dependency: cryptography@46.0.7,<49.0 (GHSA-3ww4-gg4f-jr7f) dependency_analyzer · 95%
medium
Vulnerable dependency: cryptography@46.0.7,<49.0 (GHSA-9v9h-cgj8-h64p) dependency_analyzer · 95%
medium
Vulnerable dependency: cryptography@46.0.7,<49.0 (GHSA-hggm-jpg3-v476) dependency_analyzer · 95%
medium
Vulnerable dependency: cryptography@46.0.7,<49.0 (GHSA-m959-cc7f-wv43) dependency_analyzer · 95%
medium
Vulnerable dependency: cryptography@46.0.7,<49.0 (GHSA-q3cj-2r34-2cwc) dependency_analyzer · 95%
medium
Vulnerable dependency: cryptography@46.0.7,<49.0 (GHSA-r6ph-v2qm-q3c2) dependency_analyzer · 95%
medium
Vulnerable dependency: cryptography@46.0.7,<49.0 (PYSEC-2017-8) dependency_analyzer · 95%
medium
Vulnerable dependency: cryptography@46.0.7,<49.0 (PYSEC-2021-62) dependency_analyzer · 95%
medium
Vulnerable dependency: cryptography@46.0.7,<49.0 (PYSEC-2026-35) dependency_analyzer · 95%
medium
Vulnerable dependency: pynacl@1.5.0,<2.0 (GHSA-mrfv-m5wm-5w6w) dependency_analyzer · 95%
medium
Vulnerable dependency: pydantic@2.0,<3.0 (GHSA-5jqp-qgf6-3pvh) dependency_analyzer · 95%
medium
Vulnerable dependency: pydantic@2.0,<3.0 (GHSA-mr82-8j83-vxmv) dependency_analyzer · 95%
medium
Vulnerable dependency: pydantic@2.0,<3.0 (PYSEC-2021-47) dependency_analyzer · 95%
high
Generic API Key Assignment found in docs/security/scanning.md secret_scanner · 75%
high
Hardcoded Password found in examples/quickstart/autogen_governed.py secret_scanner · 65%
high
Generic API Key Assignment found in agent-governance-typescript/agent-os-vscode/src/extension.ts secret_scanner · 75%
high
Generic API Key Assignment found in agent-governance-typescript/agent-os-vscode/src/server/browserPolicyEditor.ts secret_scanner · 75%
high
Generic API Key Assignment found in agent-governance-typescript/agent-os-vscode/src/webviews/policyEditor/PolicyEditorPanel.ts secret_scanner · 75%
high
Hardcoded Password found in agent-governance-python/agent-os/docs/use-cases.md secret_scanner · 65%
high
Hardcoded Password found in agent-governance-python/agent-os/examples/self-evaluating/docs/UNIVERSAL_SIGNAL_BUS.md secret_scanner · 65%
high
Hardcoded Password found in agent-governance-python/agent-os/examples/self-evaluating/examples/sample_full_stack_agent.py secret_scanner · 65%
high
Hardcoded Password found in agent-governance-python/agent-os/examples/self-evaluating/examples/example_universal_signal_bus.py secret_scanner · 65%
high
Hardcoded Password found in agent-governance-python/agent-os/modules/observability/alertmanager/alertmanager.yml secret_scanner · 65%
high
Hardcoded Password found in agent-governance-python/agent-os/modules/scak/build_and_publish.ps1 secret_scanner · 65%
high
Hardcoded Password found in agent-governance-python/agent-os/modules/control-plane/benchmark/red_team_dataset.py secret_scanner · 65%
medium
Hex string literal (>50 chars) in agent-governance-golang/packages/agentmesh/audit_test.go:135 entropy_analyzer · 70%
medium
Hex string literal (>50 chars) in examples/reasoning-attestation-governed/getting_started.py:231 entropy_analyzer · 70%
medium
Buffer.from base64 in agent-governance-typescript/src/identity.ts:518 entropy_analyzer · 75%
medium
Buffer.from base64 in agent-governance-typescript/src/identity.ts:543 entropy_analyzer · 75%
medium
Buffer.from base64 in agent-governance-typescript/src/encryption/mesh-client.ts:991 entropy_analyzer · 75%
medium
Hex string literal (>50 chars) in agent-governance-python/agentmesh-integrations/mastra-agentmesh/src/audit.ts:13 entropy_analyzer · 70%
medium
Hex string literal (>50 chars) in agent-governance-python/agentmesh-integrations/mastra-agentmesh/src/audit.ts:135 entropy_analyzer · 70%
high
Long unicode escape chain in agent-governance-python/agent-os/examples/trading-governance/demo.py:781 entropy_analyzer · 80%
high
Long unicode escape chain in agent-governance-python/agent-os/examples/trading-governance/demo.py:783 entropy_analyzer · 80%
high
Long unicode escape chain in agent-governance-python/agent-os/examples/trading-governance/demo.py:788 entropy_analyzer · 80%
medium
Buffer.from base64 in agent-governance-python/agent-mesh/services/api/src/services/identity.ts:34 entropy_analyzer · 75%
medium
Buffer.from base64 in agent-governance-python/agent-mesh/services/api/src/services/identity.ts:50 entropy_analyzer · 75%
medium
Buffer.from base64 in agent-governance-python/agent-mesh/services/api/src/services/identity.ts:60 entropy_analyzer · 75%
info
SLSA Build Level 3 detected slsa_assessor · 85%
high
High-risk OAuth scope: admin oauth_scope_analyzer · 80%
info
Could not connect to MCP server for output poisoning scan output_poisoning · 100%
info
Could not connect to MCP server for behavioral verification behavioral_verifier · 100%
info
SBOM generated: 579 components sbom_generator · 100%
info
MITRE ATLAS technique coverage summary atlas_annotator · 100%
info
ATLAS: Adversarial ML Supply Chain (AML.T0043) atlas_annotator · 100%
info
ATLAS: Poison Training Data (AML.T0020) atlas_annotator · 100%
info
ATLAS: Poison Training Data (AML.T0020) atlas_annotator · 100%
info
package.json metadata manifest_parser · 100%
info
pyproject.toml metadata manifest_parser · 100%
info
Tool: read_file manifest_parser · 90%
info
Tool: write_file manifest_parser · 90%
info
Tool: query_database manifest_parser · 90%
info
Tool: filesystem_read manifest_parser · 90%
info
Tool: database_query manifest_parser · 90%
info
Tool: api_call manifest_parser · 90%
info
Tool: check_trust manifest_parser · 90%
info
Tool: get_trust_score manifest_parser · 90%
info
Tool: establish_handshake manifest_parser · 90%
info
Tool: verify_delegation manifest_parser · 90%
info
Tool: record_interaction manifest_parser · 90%
info
Tool: get_identity manifest_parser · 90%
info
Transport: stdio manifest_parser · 90%
info
Required env vars (153) manifest_parser · 80%
low
Tool 'read_file' has no annotations annotation_checker · 100%
low
Tool 'write_file' has no annotations annotation_checker · 100%
low
Tool 'query_database' has no annotations annotation_checker · 100%
low
Tool 'filesystem_read' has no annotations annotation_checker · 100%
low
Tool 'database_query' has no annotations annotation_checker · 100%
low
Tool 'api_call' has no annotations annotation_checker · 100%
low
Tool 'check_trust' has no annotations annotation_checker · 100%
low
Tool 'get_trust_score' has no annotations annotation_checker · 100%
low
Tool 'establish_handshake' has no annotations annotation_checker · 100%
low
Tool 'verify_delegation' has no annotations annotation_checker · 100%
low
Tool 'record_interaction' has no annotations annotation_checker · 100%
low
Tool 'get_identity' has no annotations annotation_checker · 100%
high
Hardcoded API key in agent-governance-python/agent-os/tests/test_security_skills.py auth_checker · 90%
medium
Permission: network access detected permission_analyzer · 90%
low
Permission: filesystem access detected permission_analyzer · 90%
high
Permission: shell access detected permission_analyzer · 95%
medium
Permission: database access detected permission_analyzer · 90%
low
Permission: env_vars access detected permission_analyzer · 90%
medium
Excessive dependency count: 326 direct dependencies dependency_analyzer · 90%
medium
Suspicious package name: react-dom dependency_analyzer · 60%
medium
Vulnerable dependency: zod@3.22.0 (GHSA-m95q-7qp3-xv42) dependency_analyzer · 95%
medium
Vulnerable dependency: mcp@1.0.0 (GHSA-3qhf-m339-9g5v) dependency_analyzer · 95%
medium
Vulnerable dependency: mcp@1.0.0 (GHSA-9h52-p55h-vw2f) dependency_analyzer · 95%
medium
Vulnerable dependency: mcp@1.0.0 (GHSA-j975-95f5-7wqh) dependency_analyzer · 95%
medium
Vulnerable dependency: pynacl@1.5.0 (GHSA-mrfv-m5wm-5w6w) dependency_analyzer · 95%
medium
Vulnerable dependency: pytest@7.4.0 (GHSA-6w46-j5rx-g56g) dependency_analyzer · 95%
medium
Vulnerable dependency: python-multipart@0.0.26 (GHSA-pp6c-gr5w-3c5g) dependency_analyzer · 95%
medium
Vulnerable dependency: llama-index-core@0.13.0,<0.15.0 (GHSA-3wxx-q3gv-pvvv) dependency_analyzer · 95%
medium
Vulnerable dependency: llama-index-core@0.13.0,<0.15.0 (GHSA-488g-hw5f-x29p) dependency_analyzer · 95%
medium
Vulnerable dependency: llama-index-core@0.13.0,<0.15.0 (GHSA-7753-xrfw-ch36) dependency_analyzer · 95%
medium
Vulnerable dependency: llama-index-core@0.13.0,<0.15.0 (GHSA-cr7q-2w66-hjcm) dependency_analyzer · 95%
medium
Vulnerable dependency: llama-index-core@0.13.0,<0.15.0 (GHSA-fxc2-8m62-m85x) dependency_analyzer · 95%
medium
Vulnerable dependency: llama-index-core@0.13.0,<0.15.0 (GHSA-j3wr-m6xh-64hg) dependency_analyzer · 95%
medium
Vulnerable dependency: llama-index-core@0.13.0,<0.15.0 (GHSA-r6gp-rff2-p3hf) dependency_analyzer · 95%
medium
Vulnerable dependency: llama-index-core@0.13.0,<0.15.0 (GHSA-wvpx-g427-q9wc) dependency_analyzer · 95%
medium
Vulnerable dependency: cryptography@46.0.7,<47.0 (GHSA-3ww4-gg4f-jr7f) dependency_analyzer · 95%
medium
Vulnerable dependency: cryptography@46.0.7,<47.0 (GHSA-9v9h-cgj8-h64p) dependency_analyzer · 95%
medium
Vulnerable dependency: cryptography@46.0.7,<47.0 (PYSEC-2021-62) dependency_analyzer · 95%
medium
Vulnerable dependency: pyyaml@6.0,<7.0 (GHSA-rprw-h62v-c2w7) dependency_analyzer · 95%
medium
Vulnerable dependency: pyyaml@6.0,<7.0 (PYSEC-2018-49) dependency_analyzer · 95%
medium
Vulnerable dependency: pyyaml@6.0,<7.0 (GHSA-8q59-q68h-6hv4) dependency_analyzer · 95%
medium
Vulnerable dependency: httpx@0.27.0,<1.0 (PYSEC-2022-183) dependency_analyzer · 95%
medium
Vulnerable dependency: langchain-core@1.2.28 (GHSA-pjwx-r37v-7724) dependency_analyzer · 95%
medium
Vulnerable dependency: cryptography@46.0.7,<47.0 (GHSA-q3cj-2r34-2cwc) dependency_analyzer · 95%
medium
Vulnerable dependency: cryptography@46.0.7,<47.0 (GHSA-r6ph-v2qm-q3c2) dependency_analyzer · 95%
medium
Vulnerable dependency: pydantic@2.4.0,<3.0 (PYSEC-2021-47) dependency_analyzer · 95%
medium
Vulnerable dependency: pydantic@2.4.0,<3.0 (GHSA-mr82-8j83-vxmv) dependency_analyzer · 95%
medium
Vulnerable dependency: numpy@1.20.0,<2.0 (GHSA-5545-2q6w-2gh6) dependency_analyzer · 95%
medium
Vulnerable dependency: numpy@1.20.0,<2.0 (GHSA-f7c7-j99h-c22f) dependency_analyzer · 95%
medium
Vulnerable dependency: numpy@1.20.0,<2.0 (PYSEC-2018-34) dependency_analyzer · 95%
medium
Vulnerable dependency: numpy@1.20.0,<2.0 (GHSA-cw6w-4rcx-xphc) dependency_analyzer · 95%
medium
Vulnerable dependency: numpy@1.20.0,<2.0 (PYSEC-2017-1) dependency_analyzer · 95%
medium
Vulnerable dependency: numpy@1.20.0,<2.0 (PYSEC-2021-857) dependency_analyzer · 95%
medium
Vulnerable dependency: fastapi@0.115.0,<1.0 (PYSEC-2021-100) dependency_analyzer · 95%
medium
Vulnerable dependency: fastapi@0.115.0,<1.0 (PYSEC-2024-38) dependency_analyzer · 95%
medium
Vulnerable dependency: pydantic@2.5.0,<3.0 (GHSA-mr82-8j83-vxmv) dependency_analyzer · 95%
medium
Vulnerable dependency: pypdf@6.10.2,<7.0 (GHSA-2q4j-m29v-hq73) dependency_analyzer · 95%
medium
Vulnerable dependency: pypdf@6.10.2,<7.0 (GHSA-2rw7-x74f-jg35) dependency_analyzer · 95%
medium
Vulnerable dependency: pypdf@6.10.2,<7.0 (GHSA-3crg-w4f6-42mx) dependency_analyzer · 95%
medium
Vulnerable dependency: pypdf@6.10.2,<7.0 (GHSA-4f6g-68pf-7vhv) dependency_analyzer · 95%
medium
Vulnerable dependency: pypdf@6.10.2,<7.0 (GHSA-4pxv-j86v-mhcw) dependency_analyzer · 95%
medium
Vulnerable dependency: pypdf@6.10.2,<7.0 (GHSA-4xc4-762w-m6cg) dependency_analyzer · 95%
medium
Vulnerable dependency: pypdf@6.10.2,<7.0 (GHSA-7gw9-cf7v-778f) dependency_analyzer · 95%
medium
Vulnerable dependency: pypdf@6.10.2,<7.0 (GHSA-7hfw-26vp-jp8m) dependency_analyzer · 95%
medium
Vulnerable dependency: pypdf@6.10.2,<7.0 (GHSA-87mj-5ggw-8qc3) dependency_analyzer · 95%
medium
Vulnerable dependency: pypdf@6.10.2,<7.0 (GHSA-996q-pr4m-cvgq) dependency_analyzer · 95%
medium
Vulnerable dependency: pypdf@6.10.2,<7.0 (GHSA-9m86-7pmv-2852) dependency_analyzer · 95%
medium
Vulnerable dependency: pypdf@6.10.2,<7.0 (GHSA-9mvc-8737-8j8h) dependency_analyzer · 95%
medium
Vulnerable dependency: pypdf@6.10.2,<7.0 (GHSA-f2v5-7jq9-h8cg) dependency_analyzer · 95%
medium
Vulnerable dependency: pypdf@6.10.2,<7.0 (GHSA-hqmh-ppp3-xvm7) dependency_analyzer · 95%
medium
Vulnerable dependency: pypdf@6.10.2,<7.0 (GHSA-jfx9-29x2-rv3j) dependency_analyzer · 95%
medium
Vulnerable dependency: pypdf@6.10.2,<7.0 (GHSA-jj6c-8h6c-hppx) dependency_analyzer · 95%
medium
Vulnerable dependency: pypdf@6.10.2,<7.0 (GHSA-m449-cwjh-6pw7) dependency_analyzer · 95%
medium
Vulnerable dependency: pypdf@6.10.2,<7.0 (GHSA-qpxp-75px-xjcp) dependency_analyzer · 95%
medium
Vulnerable dependency: pypdf@6.10.2,<7.0 (GHSA-vr63-x8vc-m265) dependency_analyzer · 95%
medium
Vulnerable dependency: pypdf@6.10.2,<7.0 (GHSA-wgvp-vg3v-2xq3) dependency_analyzer · 95%
medium
Vulnerable dependency: pypdf@6.10.2,<7.0 (GHSA-x284-j5p8-9c5p) dependency_analyzer · 95%
medium
Vulnerable dependency: pypdf@6.10.2,<7.0 (GHSA-x7hp-r3qg-r3cj) dependency_analyzer · 95%
medium
Vulnerable dependency: lxml@4.9.3,<7.0 (GHSA-55x5-fj6c-h6m8) dependency_analyzer · 95%
medium
Vulnerable dependency: lxml@4.9.3,<7.0 (GHSA-57qw-cc2g-pv5p) dependency_analyzer · 95%
medium
Vulnerable dependency: lxml@4.9.3,<7.0 (GHSA-jq4v-f5q6-mjqq) dependency_analyzer · 95%
medium
Vulnerable dependency: lxml@4.9.3,<7.0 (GHSA-pgww-xf46-h92r) dependency_analyzer · 95%
medium
Vulnerable dependency: lxml@4.9.3,<7.0 (GHSA-vfmq-68hx-4jfw) dependency_analyzer · 95%
medium
Vulnerable dependency: lxml@4.9.3,<7.0 (GHSA-wrxv-2j5q-m38w) dependency_analyzer · 95%
medium
Vulnerable dependency: lxml@4.9.3,<7.0 (GHSA-xp26-p53h-6h2p) dependency_analyzer · 95%
medium
Vulnerable dependency: lxml@4.9.3,<7.0 (PYSEC-2014-9) dependency_analyzer · 95%
medium
Vulnerable dependency: lxml@4.9.3,<7.0 (PYSEC-2018-12) dependency_analyzer · 95%
medium
Vulnerable dependency: lxml@4.9.3,<7.0 (PYSEC-2021-19) dependency_analyzer · 95%
medium
Vulnerable dependency: lxml@4.9.3,<7.0 (PYSEC-2021-852) dependency_analyzer · 95%
medium
Vulnerable dependency: lxml@4.9.3,<7.0 (PYSEC-2022-230) dependency_analyzer · 95%
medium
Vulnerable dependency: python-multipart@0.0.22,<1.0 (GHSA-2jv5-9r88-3w3p) dependency_analyzer · 95%
medium
Vulnerable dependency: python-multipart@0.0.22,<1.0 (GHSA-59g5-xgcq-4qw3) dependency_analyzer · 95%
medium
Vulnerable dependency: python-multipart@0.0.22,<1.0 (GHSA-mj87-hwqh-73pj) dependency_analyzer · 95%
medium
Vulnerable dependency: python-multipart@0.0.22,<1.0 (GHSA-pp6c-gr5w-3c5g) dependency_analyzer · 95%
medium
Vulnerable dependency: python-multipart@0.0.22,<1.0 (GHSA-wp53-j4wj-2cfg) dependency_analyzer · 95%
medium
Vulnerable dependency: numpy@1.26.2,<2.0 (GHSA-2fc2-6r4j-p65h) dependency_analyzer · 95%
medium
Vulnerable dependency: numpy@1.26.2,<2.0 (GHSA-5545-2q6w-2gh6) dependency_analyzer · 95%
medium
Vulnerable dependency: numpy@1.26.2,<2.0 (GHSA-9fq2-x9r6-wfmf) dependency_analyzer · 95%
medium
Vulnerable dependency: numpy@1.26.2,<2.0 (GHSA-cw6w-4rcx-xphc) dependency_analyzer · 95%
medium
Vulnerable dependency: numpy@1.26.2,<2.0 (GHSA-f7c7-j99h-c22f) dependency_analyzer · 95%
medium
Vulnerable dependency: numpy@1.26.2,<2.0 (GHSA-fpfv-jqm9-f5jm) dependency_analyzer · 95%
medium
Vulnerable dependency: numpy@1.26.2,<2.0 (GHSA-frgw-fgh6-9g52) dependency_analyzer · 95%
medium
Vulnerable dependency: numpy@1.26.2,<2.0 (PYSEC-2017-1) dependency_analyzer · 95%
medium
Vulnerable dependency: numpy@1.26.2,<2.0 (PYSEC-2018-33) dependency_analyzer · 95%
medium
Vulnerable dependency: numpy@1.26.2,<2.0 (PYSEC-2018-34) dependency_analyzer · 95%
medium
Vulnerable dependency: numpy@1.26.2,<2.0 (PYSEC-2019-108) dependency_analyzer · 95%
medium
Vulnerable dependency: numpy@1.26.2,<2.0 (PYSEC-2021-856) dependency_analyzer · 95%
medium
Vulnerable dependency: numpy@1.26.2,<2.0 (PYSEC-2021-857) dependency_analyzer · 95%
medium
Vulnerable dependency: scikit-learn@1.6.1,<2.0 (GHSA-jjw5-xxj6-pcv5) dependency_analyzer · 95%
medium
Vulnerable dependency: scikit-learn@1.6.1,<2.0 (GHSA-jw8x-6495-233v) dependency_analyzer · 95%
medium
Vulnerable dependency: scikit-learn@1.6.1,<2.0 (PYSEC-2020-107) dependency_analyzer · 95%
medium
Vulnerable dependency: scikit-learn@1.6.1,<2.0 (PYSEC-2020-108) dependency_analyzer · 95%
medium
Vulnerable dependency: scikit-learn@1.6.1,<2.0 (PYSEC-2024-110) dependency_analyzer · 95%
medium
Vulnerable dependency: numpy@1.20.0,<2.0 (GHSA-2fc2-6r4j-p65h) dependency_analyzer · 95%
medium
Vulnerable dependency: numpy@1.20.0,<2.0 (GHSA-9fq2-x9r6-wfmf) dependency_analyzer · 95%
medium
Vulnerable dependency: numpy@1.20.0,<2.0 (GHSA-fpfv-jqm9-f5jm) dependency_analyzer · 95%
medium
Vulnerable dependency: numpy@1.20.0,<2.0 (GHSA-frgw-fgh6-9g52) dependency_analyzer · 95%
medium
Vulnerable dependency: numpy@1.20.0,<2.0 (PYSEC-2018-33) dependency_analyzer · 95%
medium
Vulnerable dependency: numpy@1.20.0,<2.0 (PYSEC-2019-108) dependency_analyzer · 95%
medium
Vulnerable dependency: numpy@1.20.0,<2.0 (PYSEC-2021-856) dependency_analyzer · 95%
medium
Vulnerable dependency: pydantic@2.4.0,<3.0 (GHSA-5jqp-qgf6-3pvh) dependency_analyzer · 95%
medium
Vulnerable dependency: pyyaml@6.0.0,<7.0 (GHSA-8q59-q68h-6hv4) dependency_analyzer · 95%
medium
Vulnerable dependency: pyyaml@6.0.0,<7.0 (GHSA-rprw-h62v-c2w7) dependency_analyzer · 95%
medium
Vulnerable dependency: pyyaml@6.0.0,<7.0 (PYSEC-2018-49) dependency_analyzer · 95%
medium
Vulnerable dependency: pyyaml@6.0.0,<7.0 (PYSEC-2021-142) dependency_analyzer · 95%
medium
Vulnerable dependency: aiohttp@3.13.4,<4.0 (GHSA-3wq7-rqq7-wx6j) dependency_analyzer · 95%
medium
Vulnerable dependency: aiohttp@3.13.4,<4.0 (GHSA-45c4-8wx5-qw6w) dependency_analyzer · 95%
medium
Vulnerable dependency: aiohttp@3.13.4,<4.0 (GHSA-54jq-c3m8-4m76) dependency_analyzer · 95%
medium
Vulnerable dependency: aiohttp@3.13.4,<4.0 (GHSA-5m98-qgg9-wh84) dependency_analyzer · 95%
medium
Vulnerable dependency: aiohttp@3.13.4,<4.0 (GHSA-69f9-5gxw-wvc2) dependency_analyzer · 95%
medium
Vulnerable dependency: aiohttp@3.13.4,<4.0 (GHSA-6jhg-hg63-jvvf) dependency_analyzer · 95%
medium
Vulnerable dependency: aiohttp@3.13.4,<4.0 (GHSA-6mq8-rvhq-8wgg) dependency_analyzer · 95%
medium
Vulnerable dependency: aiohttp@3.13.4,<4.0 (GHSA-7gpw-8wmc-pm8g) dependency_analyzer · 95%
medium
Vulnerable dependency: aiohttp@3.13.4,<4.0 (GHSA-8495-4g3g-x7pr) dependency_analyzer · 95%
medium
Vulnerable dependency: aiohttp@3.13.4,<4.0 (GHSA-966j-vmvw-g2g9) dependency_analyzer · 95%
medium
Vulnerable dependency: aiohttp@3.13.4,<4.0 (GHSA-c427-h43c-vf67) dependency_analyzer · 95%
medium
Vulnerable dependency: aiohttp@3.13.4,<4.0 (GHSA-fh55-r93g-j68g) dependency_analyzer · 95%
medium
Vulnerable dependency: aiohttp@3.13.4,<4.0 (GHSA-g84x-mcqj-x9qq) dependency_analyzer · 95%
medium
Vulnerable dependency: aiohttp@3.13.4,<4.0 (GHSA-hcc4-c3v8-rx92) dependency_analyzer · 95%
medium
Vulnerable dependency: aiohttp@3.13.4,<4.0 (GHSA-mqqc-3gqh-h2x8) dependency_analyzer · 95%
medium
Vulnerable dependency: aiohttp@3.13.4,<4.0 (GHSA-mwh4-6h8g-pg8w) dependency_analyzer · 95%
medium
Vulnerable dependency: aiohttp@3.13.4,<4.0 (GHSA-pjjw-qhg8-p2p9) dependency_analyzer · 95%
medium
Vulnerable dependency: aiohttp@3.13.4,<4.0 (GHSA-q3qx-c6g2-7pw2) dependency_analyzer · 95%
medium
Vulnerable dependency: aiohttp@3.13.4,<4.0 (GHSA-xx9p-xxvh-7g8j) dependency_analyzer · 95%
medium
Vulnerable dependency: aiohttp@3.13.4,<4.0 (PYSEC-2021-76) dependency_analyzer · 95%
medium
Vulnerable dependency: aiohttp@3.13.4,<4.0 (PYSEC-2023-120) dependency_analyzer · 95%
medium
Vulnerable dependency: aiohttp@3.13.4,<4.0 (PYSEC-2023-251) dependency_analyzer · 95%
medium
Vulnerable dependency: mcp@1.0.0,<2.0 (GHSA-3qhf-m339-9g5v) dependency_analyzer · 95%
medium
Vulnerable dependency: pydantic@2.4.0,<3.0.0 (GHSA-5jqp-qgf6-3pvh) dependency_analyzer · 95%
medium
Vulnerable dependency: pydantic@2.4.0,<3.0.0 (GHSA-mr82-8j83-vxmv) dependency_analyzer · 95%
medium
Vulnerable dependency: pydantic@2.4.0,<3.0.0 (PYSEC-2021-47) dependency_analyzer · 95%
medium
Vulnerable dependency: numpy@1.24.0,<2.0 (GHSA-2fc2-6r4j-p65h) dependency_analyzer · 95%
medium
Vulnerable dependency: numpy@1.24.0,<2.0 (GHSA-5545-2q6w-2gh6) dependency_analyzer · 95%
medium
Vulnerable dependency: numpy@1.24.0,<2.0 (GHSA-9fq2-x9r6-wfmf) dependency_analyzer · 95%
medium
Vulnerable dependency: numpy@1.24.0,<2.0 (GHSA-cw6w-4rcx-xphc) dependency_analyzer · 95%
medium
Vulnerable dependency: numpy@1.24.0,<2.0 (GHSA-f7c7-j99h-c22f) dependency_analyzer · 95%
medium
Vulnerable dependency: numpy@1.24.0,<2.0 (GHSA-fpfv-jqm9-f5jm) dependency_analyzer · 95%
medium
Vulnerable dependency: numpy@1.24.0,<2.0 (GHSA-frgw-fgh6-9g52) dependency_analyzer · 95%
medium
Vulnerable dependency: numpy@1.24.0,<2.0 (PYSEC-2017-1) dependency_analyzer · 95%
medium
Vulnerable dependency: numpy@1.24.0,<2.0 (PYSEC-2018-33) dependency_analyzer · 95%
medium
Vulnerable dependency: numpy@1.24.0,<2.0 (PYSEC-2018-34) dependency_analyzer · 95%
medium
Vulnerable dependency: numpy@1.24.0,<2.0 (PYSEC-2019-108) dependency_analyzer · 95%
medium
Vulnerable dependency: numpy@1.24.0,<2.0 (PYSEC-2021-856) dependency_analyzer · 95%
medium
Vulnerable dependency: numpy@1.24.0,<2.0 (PYSEC-2021-857) dependency_analyzer · 95%
medium
Vulnerable dependency: fastapi@0.115.0,<1.0 (GHSA-8h2j-cgx8-6xv7) dependency_analyzer · 95%
medium
Vulnerable dependency: uvicorn@0.27.0,<1.0 (GHSA-33c7-2mpw-hg34) dependency_analyzer · 95%
medium
Vulnerable dependency: uvicorn@0.27.0,<1.0 (GHSA-f97h-2pfx-f59f) dependency_analyzer · 95%
medium
Vulnerable dependency: uvicorn@0.27.0,<1.0 (PYSEC-2020-150) dependency_analyzer · 95%
medium
Vulnerable dependency: uvicorn@0.27.0,<1.0 (PYSEC-2020-151) dependency_analyzer · 95%
medium
Vulnerable dependency: pydantic@2.5.3,<3.0 (GHSA-5jqp-qgf6-3pvh) dependency_analyzer · 95%
medium
Vulnerable dependency: pydantic@2.5.3,<3.0 (GHSA-mr82-8j83-vxmv) dependency_analyzer · 95%
medium
Vulnerable dependency: pydantic@2.5.3,<3.0 (PYSEC-2021-47) dependency_analyzer · 95%
medium
Vulnerable dependency: cryptography@46.0.7,<49.0 (GHSA-3ww4-gg4f-jr7f) dependency_analyzer · 95%
medium
Vulnerable dependency: cryptography@46.0.7,<49.0 (GHSA-9v9h-cgj8-h64p) dependency_analyzer · 95%
medium
Vulnerable dependency: cryptography@46.0.7,<49.0 (GHSA-hggm-jpg3-v476) dependency_analyzer · 95%
medium
Vulnerable dependency: cryptography@46.0.7,<49.0 (GHSA-m959-cc7f-wv43) dependency_analyzer · 95%
medium
Vulnerable dependency: cryptography@46.0.7,<49.0 (GHSA-q3cj-2r34-2cwc) dependency_analyzer · 95%
medium
Vulnerable dependency: cryptography@46.0.7,<49.0 (PYSEC-2017-8) dependency_analyzer · 95%
medium
Vulnerable dependency: pynacl@1.5.0,<2.0 (GHSA-mrfv-m5wm-5w6w) dependency_analyzer · 95%
medium
Vulnerable dependency: httpx@0.27.0,<1.0 (GHSA-h8pj-cxx2-jfg2) dependency_analyzer · 95%
medium
Vulnerable dependency: aiohttp@3.13.4,<4.0 (GHSA-2vrm-gr82-f7m5) dependency_analyzer · 95%
medium
Vulnerable dependency: aiohttp@3.13.4,<4.0 (GHSA-63hf-3vf5-4wqf) dependency_analyzer · 95%
medium
Vulnerable dependency: aiohttp@3.13.4,<4.0 (GHSA-8qpw-xqxj-h4r2) dependency_analyzer · 95%
medium
Vulnerable dependency: aiohttp@3.13.4,<4.0 (GHSA-9548-qrrj-x5pj) dependency_analyzer · 95%
medium
Vulnerable dependency: aiohttp@3.13.4,<4.0 (GHSA-gfw2-4jvh-wgfg) dependency_analyzer · 95%
medium
Vulnerable dependency: aiohttp@3.13.4,<4.0 (GHSA-jj3x-wxrx-4x23) dependency_analyzer · 95%
medium
Vulnerable dependency: aiohttp@3.13.4,<4.0 (GHSA-m5qp-6w8w-w647) dependency_analyzer · 95%
medium
Vulnerable dependency: aiohttp@3.13.4,<4.0 (GHSA-p998-jp59-783m) dependency_analyzer · 95%
medium
Vulnerable dependency: aiohttp@3.13.4,<4.0 (GHSA-qvrw-v9rv-5rjx) dependency_analyzer · 95%
medium
Vulnerable dependency: aiohttp@3.13.4,<4.0 (GHSA-v6wp-4m6f-gcjg) dependency_analyzer · 95%
medium
Vulnerable dependency: aiohttp@3.13.4,<4.0 (GHSA-w2fm-2cpv-w7v5) dependency_analyzer · 95%
medium
Vulnerable dependency: aiohttp@3.13.4,<4.0 (PYSEC-2023-246) dependency_analyzer · 95%
medium
Vulnerable dependency: aiohttp@3.13.4,<4.0 (PYSEC-2023-247) dependency_analyzer · 95%
medium
Vulnerable dependency: aiohttp@3.13.4,<4.0 (PYSEC-2023-250) dependency_analyzer · 95%
medium
Vulnerable dependency: aiohttp@3.13.4,<4.0 (PYSEC-2024-26) dependency_analyzer · 95%
medium
Vulnerable dependency: pyyaml@6.0,<7.0 (PYSEC-2021-142) dependency_analyzer · 95%
medium
Vulnerable dependency: mcp@1.0.0,<2.0 (GHSA-9h52-p55h-vw2f) dependency_analyzer · 95%
medium
Vulnerable dependency: mcp@1.0.0,<2.0 (GHSA-j975-95f5-7wqh) dependency_analyzer · 95%
medium
Vulnerable dependency: pydantic@2.5.0,<3.0 (GHSA-5jqp-qgf6-3pvh) dependency_analyzer · 95%
medium
Vulnerable dependency: pydantic@2.5.0,<3.0 (PYSEC-2021-47) dependency_analyzer · 95%
medium
Vulnerable dependency: cryptography@46.0.7,<47.0 (GHSA-hggm-jpg3-v476) dependency_analyzer · 95%
medium
Vulnerable dependency: cryptography@46.0.7,<47.0 (GHSA-m959-cc7f-wv43) dependency_analyzer · 95%
medium
Vulnerable dependency: cryptography@46.0.7,<47.0 (PYSEC-2017-8) dependency_analyzer · 95%
medium
Vulnerable dependency: pydantic@2.0,<3.0 (GHSA-5jqp-qgf6-3pvh) dependency_analyzer · 95%
medium
Vulnerable dependency: pydantic@2.0,<3.0 (GHSA-mr82-8j83-vxmv) dependency_analyzer · 95%
medium
Vulnerable dependency: pydantic@2.0,<3.0 (PYSEC-2021-47) dependency_analyzer · 95%
medium
Vulnerable dependency: cryptography@46.0.7,<49.0 (GHSA-r6ph-v2qm-q3c2) dependency_analyzer · 95%
medium
Vulnerable dependency: cryptography@46.0.7,<49.0 (PYSEC-2021-62) dependency_analyzer · 95%
high
Generic API Key Assignment found in docs/security-scanning.md secret_scanner · 75%
high
Generic API Key Assignment found in docs/security/scanning.md secret_scanner · 75%
high
Hardcoded Password found in examples/quickstart/autogen_governed.py secret_scanner · 65%
high
Generic API Key Assignment found in agent-governance-typescript/agent-os-vscode/src/extension.ts secret_scanner · 75%
high
Generic API Key Assignment found in agent-governance-typescript/agent-os-vscode/src/server/browserPolicyEditor.ts secret_scanner · 75%
high
Generic API Key Assignment found in agent-governance-typescript/agent-os-vscode/src/webviews/policyEditor/PolicyEditorPanel.ts secret_scanner · 75%
high
Hardcoded Password found in agent-governance-python/agent-os/docs/use-cases.md secret_scanner · 65%
high
Hardcoded Password found in agent-governance-python/agent-os/examples/self-evaluating/docs/UNIVERSAL_SIGNAL_BUS.md secret_scanner · 65%
high
Hardcoded Password found in agent-governance-python/agent-os/examples/self-evaluating/examples/sample_full_stack_agent.py secret_scanner · 65%
high
Hardcoded Password found in agent-governance-python/agent-os/examples/self-evaluating/examples/example_universal_signal_bus.py secret_scanner · 65%
high
Hardcoded Password found in agent-governance-python/agent-os/modules/observability/alertmanager/alertmanager.yml secret_scanner · 65%
high
Hardcoded Password found in agent-governance-python/agent-os/modules/scak/build_and_publish.ps1 secret_scanner · 65%
high
Hardcoded Password found in agent-governance-python/agent-os/modules/control-plane/benchmark/red_team_dataset.py secret_scanner · 65%
medium
Hex string literal (>50 chars) in agent-governance-golang/packages/agentmesh/audit_test.go:135 entropy_analyzer · 70%
medium
Hex string literal (>50 chars) in examples/reasoning-attestation-governed/getting_started.py:231 entropy_analyzer · 70%
medium
Buffer.from base64 in agent-governance-typescript/src/identity.ts:518 entropy_analyzer · 75%
medium
Buffer.from base64 in agent-governance-typescript/src/identity.ts:543 entropy_analyzer · 75%
medium
Buffer.from base64 in agent-governance-typescript/src/encryption/mesh-client.ts:991 entropy_analyzer · 75%
medium
Hex string literal (>50 chars) in agent-governance-python/agentmesh-integrations/mastra-agentmesh/src/audit.ts:13 entropy_analyzer · 70%
medium
Hex string literal (>50 chars) in agent-governance-python/agentmesh-integrations/mastra-agentmesh/src/audit.ts:135 entropy_analyzer · 70%
high
Long unicode escape chain in agent-governance-python/agent-os/examples/trading-governance/demo.py:781 entropy_analyzer · 80%
high
Long unicode escape chain in agent-governance-python/agent-os/examples/trading-governance/demo.py:783 entropy_analyzer · 80%
high
Long unicode escape chain in agent-governance-python/agent-os/examples/trading-governance/demo.py:788 entropy_analyzer · 80%
medium
Buffer.from base64 in agent-governance-python/agent-mesh/services/api/src/services/identity.ts:34 entropy_analyzer · 75%
medium
Buffer.from base64 in agent-governance-python/agent-mesh/services/api/src/services/identity.ts:50 entropy_analyzer · 75%
medium
Buffer.from base64 in agent-governance-python/agent-mesh/services/api/src/services/identity.ts:60 entropy_analyzer · 75%
info
SLSA Build Level 3 detected slsa_assessor · 85%
high
High-risk OAuth scope: admin oauth_scope_analyzer · 80%
info
Could not connect to MCP server for output poisoning scan output_poisoning · 100%
info
Could not connect to MCP server for behavioral verification behavioral_verifier · 100%
info
SBOM generated: 571 components sbom_generator · 100%
info
MITRE ATLAS technique coverage summary atlas_annotator · 100%
info
ATLAS: Adversarial ML Supply Chain (AML.T0043) atlas_annotator · 100%