A small tool checks AI agent configs for security mistakes
agentlint is a Python and GitHub Action for checking MCP server s used by AI agents. A bad setup can accidentally give an AI agent access to the whole , expose API keys written inside config files, or skip the human approval step before dangerous actions. agentlint looks for broad file access, hardcoded credentials and keys, missing manual , and malformed .
It is open source and can make CI builds fail when it finds risky settings. It can be installed as a Python package, and its is public.
Key points
- agentlint checks MCP server configs for security mistakes.
- It looks for AI agents with overly broad file access.
- It can catch exposed API keys or credentials in config files.
- It checks whether dangerous tools still require manual approval.
- It can run in CI and fail a build when risky settings are found.