41 OWASP Agentic AI violations detected across 27 major frameworks. Static analysis against 12 detection rules mapped to OWASP Agentic Top 10.
| Framework | Category | Stars | Verdict | Risk | OWASP | Findings | Scanned |
|---|---|---|---|---|---|---|---|
| AutoGPT | Autonomous Agent | 182K+ | ✗ FAIL | 65 | AA-03 AA-09 | exec(), os.system(), no sandbox | 2026-03-10 |
| BabyAGI | Autonomous Agent | 20K+ | ✗ FAIL | 55 | AA-03 AA-06 | exec(), eval(), supply chain | 2026-03-10 |
| Open Interpreter | Code Agent | 57K+ | ✗ FAIL | 80 | AA-03 AA-09 AA-01 | exec(), os.system(), child_process, no sandbox | 2026-03-10 |
| MetaGPT | Multi-Agent | 48K+ | ✗ FAIL | 50 | AA-03 AA-09 | subprocess shell=True, no sandbox | 2026-03-10 |
| GPT Engineer | Code Agent | 53K+ | ✗ FAIL | 55 | AA-03 AA-06 | exec(), subprocess, supply chain | 2026-03-10 |
| ChatDev | Multi-Agent | 27K+ | ✗ FAIL | 50 | AA-03 AA-09 | exec(), subprocess | 2026-03-10 |
| SuperAGI | Autonomous Agent | 15K+ | ✗ FAIL | 50 | AA-03 AA-01 | subprocess shell=True, excessive agency | 2026-03-10 |
| CAMEL | Multi-Agent | 6K+ | ✗ FAIL | 40 | AA-03 AA-06 | eval(), supply chain | 2026-03-10 |
| AgentGPT | Autonomous Agent | 32K+ | ✗ FAIL | 55 | AA-03 AA-09 AA-06 | eval(), no sandbox, supply chain | 2026-03-10 |
| LangChain | Agent Framework | 100K+ | ~ WARN | 26 | AA-06 AA-02 | Supply chain, prompt injection vectors | 2026-03-10 |
| CrewAI | Multi-Agent | 45K+ | ~ WARN | 23 | AA-06 AA-04 | Supply chain, excessive permissions | 2026-03-10 |
| Microsoft AutoGen | Multi-Agent | 50K+ | ~ WARN | 23 | AA-03 AA-06 | Code execution patterns, supply chain | 2026-03-10 |
| Semantic Kernel | Agent Framework | 23K+ | ~ WARN | 18 | AA-06 AA-07 | Supply chain, output handling | 2026-03-10 |
| TaskWeaver | Code Agent | 5K+ | ~ WARN | 23 | AA-03 AA-09 | Eval patterns, no sandbox | 2026-03-10 |
| OpenAI Agents SDK | Agent Framework | 19K+ | ~ WARN | 11 | AA-06 AA-01 | Supply chain, excessive agency config | 2026-03-10 |
| Haystack | Agent Framework | 18K+ | ~ WARN | 11 | AA-06 AA-07 | Supply chain, output handling | 2026-03-10 |
| Smolagents | Agent Framework | 15K+ | ~ WARN | 18 | AA-03 AA-06 | Code execution, supply chain | 2026-03-10 |
| Swarm | Multi-Agent | 18K+ | ~ WARN | 11 | AA-01 AA-06 | Excessive agency, supply chain | 2026-03-10 |
| Google ADK | Agent Framework | 15K+ | ✓ PASS | 3 | AA-06 | Minor supply chain note | 2026-03-10 |
| Anthropic Claude SDK | SDK | 8K+ | ✓ PASS | 0 | -- | No issues detected | 2026-03-10 |
| Vercel AI SDK | SDK | 12K+ | ✓ PASS | 0 | -- | No issues detected | 2026-03-10 |
| LlamaIndex | Agent Framework | 38K+ | ✓ PASS | 3 | AA-06 | Minor supply chain note | 2026-03-10 |
| Phidata | Agent Framework | 18K+ | ✓ PASS | 0 | -- | No issues detected | 2026-03-10 |
| Instructor | SDK | 9K+ | ✓ PASS | 0 | -- | No issues detected | 2026-03-10 |
| Mastra | Agent Framework | 10K+ | ✓ PASS | 0 | -- | No issues detected | 2026-03-10 |
| Amazon Bedrock Agents | Cloud Agent | N/A | ✓ PASS | 3 | AA-06 | Minor supply chain note | 2026-03-10 |
| AgentSign SDK | Identity SDK | OSS | ✓ PASS | 0 | -- | No issues detected | 2026-03-10 |
The AgentSign Registry performs automated static analysis of publicly available open-source code. All scanned projects are sourced from public GitHub repositories under their respective open-source licences. This is the same approach used by established security scanning services such as Snyk, Sonatype OSS Index, and the GitHub Advisory Database.
What we scan for: Code patterns mapped to the OWASP Agentic AI Top 10 (2025) and OWASP MCP Top 10. These are industry-standard security benchmarks, not proprietary criteria.
Fair use and responsible disclosure: This registry is published in good faith for the purpose of improving agentic AI security. If you are a maintainer of a listed project and believe a finding is inaccurate or wish to discuss remediation, please contact contact@agentsign.dev. We will promptly review and update any disputed findings.
AgentSign Registry is provided "as is" without warranty. CyberSecAI Ltd accepts no liability for decisions made based on registry data. All trademarks and project names are the property of their respective owners.
Create .github/workflows/agentsign.yml in your repo:
# .github/workflows/agentsign.yml
name: AgentSign Security Scan
on: [push, pull_request]
jobs:
scan:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: razashariff/agentsign-action@v1
with:
path: '.'
fail-on: 'FAIL'
Every push and PR gets scanned against 12 OWASP rules. FAIL blocks the merge.
Show your security status. Copy this line:
Replace YOUR-AGENT-NAME with your agent name. PASS = green, WARN = yellow, FAIL = red.
POST your code directly. No auth needed:
curl -X POST https://registry.agentsign.dev/api/scan \
-H "Content-Type: application/json" \
-d '{"code": "YOUR_CODE_HERE", "name": "my-agent"}'
Returns verdict, risk score, and findings mapped to OWASP Agentic AI Top 10.
shields.io-compatible badge. PASS = green, WARN = yellow, FAIL = red. Cached 5 minutes.
curl https://registry.agentsign.dev/api/badge/autogpt
{ "schemaVersion": 1, "label": "AgentSign", "message": "FAIL", "color": "red" }
Scan agent code against 12 OWASP rules. Max 50KB.
curl -X POST https://registry.agentsign.dev/api/scan \
-H "Content-Type: application/json" \
-d '{"code": "exec(user_input)", "name": "my-agent"}'
{ "verdict": "FAIL", "risk_score": 40, "findings": [...] }
Current rules version and count.
{ "version": "1.0.0", "rule_count": 12 }
Full registry as JSON. All 27 frameworks with verdicts and scores.
The registry scans. The platform secures. Three API calls to zero trust.