Loading...
Six agent blueprints — the tool stacks teams ship first — scored by OmegaEngine's static threat-model analyzer. None scores above a C. The most exposed (devops / infra agent) ships 3 dangerous tools out of 5, with no approval gate.
Each blueprint's tool schema is classified by the same open-source analyzer the agent-scanCLI uses (capability keywords over tool names, descriptions and parameters: destructive > privilege > financial > exfiltration), and a targeted attack case is synthesized per dangerous tool. The surface score starts at 100 and deducts per dangerous tool by severity, plus the two couplings real exploits use — an exfiltration tool alongside data-read tools, and financial tools without an approval tool.
This measures the blueprint's surface, not a live agent's behavior. What your agent actually does under these attacks is what the live scan measures — and what the Agent-Security Benchmark tracks across defense levels.
One tool per line (name: description). The same analyzer, running locally — nothing leaves this page.
Run the same analyzer on your real tool schema — free, offline, no key. Then drive your live agent through every synthesized attack and get a signed report.
$ npx @omegaengine/agent-scan --config agent.jsonRun it in the browser →