A small tool checks AI agent configs for security mistakes

agentlint is a Python and GitHub Action for checking MCP server s used by AI agents. A bad setup can accidentally give an AI agent access to the whole , expose API keys written inside config files, or skip the human approval step before dangerous actions. agentlint looks for broad file access, hardcoded credentials and keys, missing manual , and malformed .

It is open source and can make CI builds fail when it finds risky settings. It can be installed as a Python package, and its is public.

Key points

  • agentlint checks MCP server configs for security mistakes.
  • It looks for AI agents with overly broad file access.
  • It can catch exposed API keys or credentials in config files.
  • It checks whether dangerous tools still require manual approval.
  • It can run in CI and fail a build when risky settings are found.
Read original