agentprey

agentprey is a developer-first security scanner for AI agents.

Install

cargo install agentprey --locked

Update

cargo install agentprey --locked --force

Quickstart

HTTP endpoint scan:

agentprey scan \
  --target https://your-agent.example/api \
  --category prompt-injection \
  --json-out ./scan.json \
  --html-out ./scan.html

Local-path OpenClaw scan:

agentprey scan \
  --type openclaw \
  --target ./path/to/openclaw-project

TUI mode:

agentprey scan \
  --target https://your-agent.example/api \
  --category prompt-injection \
  --ui tui

Pro upload and share flow:

agentprey auth activate --key <KEY>
agentprey vectors sync --pro
agentprey scan \
  --type openclaw \
  --target ./path/to/openclaw-project \
  --upload

Successful uploads print scan_run_id and share_id, plus share_url when the backend is configured with APP_BASE_URL.

Notes

• The published crate bundles the free vector set for out-of-the-box scans.
• --target accepts either an HTTP endpoint or a local OpenClaw project path, depending on --type.
• The default API base URL can be overridden with AGENTPREY_API_URL or .agentprey.toml [auth].api_url.
• Exit codes are stable for CI: 0 clean, 1 vulnerabilities found, 2 runtime or explicit upload failure.

Current limitations

• The website does not run live scans; cloud support is upload plus public share links.
• OpenClaw scans require a checked-out local project path.
• No MCP adapter or browser dashboard is shipped today.
• Telemetry is off by default when --upload is omitted.

Project repository: https://github.com/agentprey/agentprey