agent-shield 0.2.0

Security scanner for AI agent extensions — offline-first, multi-framework, SARIF output
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154

name: 'AgentShield Security Scanner'
description: 'Scan AI agent extensions (MCP servers, OpenClaw skills) for security vulnerabilities'
author: 'Ronaldo Lima'

branding:
  icon: 'shield'
  color: 'blue'

inputs:
  path:
    description: 'Path to scan (relative to repo root)'
    required: false
    default: '.'
  fail-on:
    description: 'Minimum severity to fail the check (info, low, medium, high, critical)'
    required: false
    default: 'high'
  format:
    description: 'Output format (console, json, sarif)'
    required: false
    default: 'sarif'
  config:
    description: 'Path to .agentshield.toml config file'
    required: false
    default: ''
  upload-sarif:
    description: 'Upload SARIF results to GitHub Code Scanning'
    required: false
    default: 'true'
  version:
    description: 'AgentShield version to use (default: latest)'
    required: false
    default: 'latest'

outputs:
  finding-count:
    description: 'Number of findings detected'
    value: ${{ steps.scan.outputs.finding-count }}
  sarif-file:
    description: 'Path to the SARIF output file (if format=sarif)'
    value: ${{ steps.scan.outputs.sarif-file }}
  exit-code:
    description: 'Exit code from the scan (0=pass, 1=fail, 2=error)'
    value: ${{ steps.scan.outputs.exit-code }}

runs:
  using: 'composite'
  steps:
    - name: Determine version
      id: version
      shell: bash
      run: |
        if [ "${{ inputs.version }}" = "latest" ]; then
          VERSION=$(curl -s https://api.github.com/repos/limaronaldo/agentshield/releases/latest | grep '"tag_name"' | sed -E 's/.*"([^"]+)".*/\1/')
          if [ -z "$VERSION" ]; then
            echo "::error::Could not determine latest version. Specify version explicitly."
            exit 1
          fi
        else
          VERSION="${{ inputs.version }}"
        fi
        echo "version=$VERSION" >> $GITHUB_OUTPUT

    - name: Determine platform
      id: platform
      shell: bash
      run: |
        case "${{ runner.os }}-${{ runner.arch }}" in
          Linux-X64)   TARGET="x86_64-unknown-linux-gnu" ;;
          Linux-ARM64) TARGET="aarch64-unknown-linux-gnu" ;;
          macOS-X64)   TARGET="x86_64-apple-darwin" ;;
          macOS-ARM64) TARGET="aarch64-apple-darwin" ;;
          Windows-X64) TARGET="x86_64-pc-windows-msvc" ;;
          *) echo "::error::Unsupported platform: ${{ runner.os }}-${{ runner.arch }}"; exit 1 ;;
        esac
        echo "target=$TARGET" >> $GITHUB_OUTPUT

    - name: Download AgentShield
      shell: bash
      run: |
        VERSION="${{ steps.version.outputs.version }}"
        TARGET="${{ steps.platform.outputs.target }}"
        BASE_URL="https://github.com/limaronaldo/agentshield/releases/download/${VERSION}"

        if [[ "$TARGET" == *"windows"* ]]; then
          ARCHIVE="agentshield-${VERSION}-${TARGET}.zip"
          curl -fsSL "${BASE_URL}/${ARCHIVE}" -o agentshield.zip
          unzip -o agentshield.zip -d ${{ runner.temp }}/agentshield
        else
          ARCHIVE="agentshield-${VERSION}-${TARGET}.tar.gz"
          curl -fsSL "${BASE_URL}/${ARCHIVE}" -o agentshield.tar.gz
          mkdir -p ${{ runner.temp }}/agentshield
          tar xzf agentshield.tar.gz -C ${{ runner.temp }}/agentshield
        fi

        chmod +x ${{ runner.temp }}/agentshield/agentshield* 2>/dev/null || true
        echo "${{ runner.temp }}/agentshield" >> $GITHUB_PATH

    - name: Run scan
      id: scan
      shell: bash
      run: |
        ARGS="scan ${{ inputs.path }}"
        ARGS="$ARGS --fail-on ${{ inputs.fail-on }}"

        SARIF_FILE=""
        if [ "${{ inputs.format }}" = "sarif" ]; then
          SARIF_FILE="${{ runner.temp }}/agentshield-results.sarif"
          ARGS="$ARGS --format sarif --output $SARIF_FILE"
        else
          ARGS="$ARGS --format ${{ inputs.format }}"
        fi

        if [ -n "${{ inputs.config }}" ]; then
          ARGS="$ARGS --config ${{ inputs.config }}"
        fi

        set +e
        agentshield $ARGS
        EXIT_CODE=$?
        set -e

        echo "exit-code=$EXIT_CODE" >> $GITHUB_OUTPUT
        echo "sarif-file=$SARIF_FILE" >> $GITHUB_OUTPUT

        # Count findings from SARIF if available
        if [ -n "$SARIF_FILE" ] && [ -f "$SARIF_FILE" ]; then
          COUNT=$(python3 -c "import json; d=json.load(open('$SARIF_FILE')); print(len(d.get('runs',[{}])[0].get('results',[])))" 2>/dev/null || echo "0")
          echo "finding-count=$COUNT" >> $GITHUB_OUTPUT
        else
          echo "finding-count=0" >> $GITHUB_OUTPUT
        fi

        # Don't fail here — let the upload step run first
        echo "AGENTSHIELD_EXIT=$EXIT_CODE" >> $GITHUB_ENV

    - name: Upload SARIF to GitHub Code Scanning
      if: inputs.upload-sarif == 'true' && inputs.format == 'sarif' && steps.scan.outputs.sarif-file != ''
      uses: github/codeql-action/upload-sarif@v3
      with:
        sarif_file: ${{ steps.scan.outputs.sarif-file }}
        category: agentshield
      continue-on-error: true

    - name: Check result
      shell: bash
      run: |
        if [ "$AGENTSHIELD_EXIT" = "1" ]; then
          echo "::error::AgentShield found findings above the '${{ inputs.fail-on }}' threshold"
          exit 1
        elif [ "$AGENTSHIELD_EXIT" = "2" ]; then
          echo "::error::AgentShield encountered a scan error"
          exit 2
        fi