AgentLint – Static security scanner for AI agent configurations (github.com)

AgentLint has been introduced as a robust static security scanner focused on AI agent configurations, enabling developers and security teams to audit code before execution. This tool addresses critical vulnerabilities associated with powerful AI coding agents, which can execute shell commands, reference sensitive credentials, and automatically trigger actions without user approval. By treating agent configuration files like executable code, AgentLint enhances security by scanning for risks such as shell command injections, secret leaks, and privilege escalations across various file types, including CLAUDE.md and .claude/ files. The significance of AgentLint lies in its tailored approach to the unique threats posed by AI agent configurations, which traditional linters may overlook. It employs a set of 20 security rules across multiple categories—including execution and secrets—while also integrating seamlessly into CI/CD pipelines. Key features include generating SARIF output for GitHub code scanning, supporting baseline suppressions for known issues, and offering automatic fixes for simpler security errors. As organizations increasingly rely on AI solutions, AgentLint serves as an essential tool for maintaining the integrity and safety of the software supply chain in this evolving landscape.