Real-time threat detection, behavioral analysis, and compliance scoring across 6 agent platforms. Open source and local-first.
AI agents are proliferating across enterprises, but security tooling hasn't kept pace. The attack surface is expanding faster than defenses can adapt.
Making it a high-value target for supply chain attacks
283 of 3,984 skills expose credentials (Koi Security audit)
Agent frameworks running without authentication
From secrets detection to attack chain correlation, AgentsMon covers the full spectrum of AI agent security operations.
153+ rules across secrets, code vulnerabilities, prompt injection, PII, and sandbox escape patterns.
Command monitoring, SSRF detection, path traversal, and sandbox escape prevention.
Global AI agent that orchestrates fleets, investigates threats, and manages platform integrity through natural language.
10 compliance frameworks including OWASP LLM Top 10, NIST AI RMF, EU AI Act, SOC 2, GDPR, HIPAA, and ISO 42001 with MITRE ATLAS mapping.
53 escape detection rules, 4-level trust scoring, and OWASP ASI compliance per agent.
6 pre-defined attack chains with temporal clustering and automatic linking.
Pre-install scanning, ClawHavoc IOC matching, and capability risk scoring. Catches prompt injection and supply chain attacks that VirusTotal's signature scanning misses.
OpenTelemetry (OTLP), Prometheus metrics, SIEM export (CEF/OCSF), webhooks, and bulk CSV/JSON download. One platform, every observability tool.
Three steps to comprehensive AI agent security monitoring.
Python SDK, Node.js SDK, or OpenClaw plugin. Pick your platform.
Real-time event ingestion, behavioral analysis, and threat detection begin automatically.
Receive alerts, run AI-powered investigations, and generate compliance reports.
Whether you're securing a single coding assistant or governing a fleet of autonomous agents, AgentsMon has you covered.
Detect credential leaks, prompt injection, SSRF, and sandbox escapes in real time. Correlate events into attack chains and receive autonomous threat investigations from the Sentinel Agent.
Map every finding to OWASP LLM Top 10, OWASP Agentic Top 10, and MITRE ATLAS. Generate immutable audit trails with SHA-256 hash chains. Export evidence in CEF or OCSF for your SIEM.
Govern agent permissions with 4-level trust scoring. Sandbox agents with 53 escape detection rules. Monitor session lifecycles and detect cross-session data leakage across your entire fleet.
Scan agent extensions before installation. Detect prompt injection, jailbreaks, and memory poisoning. Get AI-generated explanations for every finding and remediation guidance.
Test agent defenses against known attack chains. Simulate container escapes, SSRF, and confused deputy attacks. Validate detections against MITRE ATLAS techniques and 15+ tracked CVEs.
Export to Splunk, Datadog, Grafana, or Elastic via OTLP. Scrape Prometheus metrics. Push alerts to Slack/PagerDuty via webhooks. Bulk download events in CSV/JSON/JSONL.
Connect your AI agent platform to AgentsMon in minutes
Native skill integration, zero config. Install the AgentsMon skill and monitoring starts automatically with full event coverage.
Python SDK callback handler for LLM and tool monitoring. Drop in a single callback to capture all chain events and tool invocations.
Python SDK step/task callbacks for crew monitoring. Attach to any Crew instance to capture delegation, task completion, and tool usage.
Python SDK hooks for autonomous agent monitoring. Instrument the agent loop to track every command, file, and browse action.
Server middleware for tool call security. Send MCP server events directly to the ingestion API for real-time tool injection detection.
Universal REST API for any agent framework. Send structured events from any language or platform using a simple HTTP POST.
Most security tools are reactive — they detect and report. Aegis is agentic. Inspired by the OpenClaw chat concept, Aegis serves as the central figure of your mission control. It doesn't just watch; it performs tasks, schedules maintenance, and investigates deep forensics through a unified conversational interface.
From monitoring to operating system. Register, configure, test, benchmark, and deploy agents with security baked into every layer.
Version-controlled agent definitions with lifecycle management. Draft → Testing → Active → Paused → Retired.
Three execution modes: dry_run (simulate), test_run (trust=0), production (full trust). Every tool call runs through the monitoring pipeline.
Register, scan, and approve skills. 12 security patterns detect dangerous capabilities and scripts before agents can use them. Goes beyond VirusTotal's hash matching with behavioral capability analysis and agent-specific threat detection.
5 built-in safety tests + custom suites. Per-category scoring (safety, capability, performance, compliance) with A/B comparison.
Sandbox-as-a-Service. Any MCP-compatible agent can call into AgentsMon to safely execute commands, scan code, and query security intelligence — all trust-gated.
npx agentsmon-mcp
Trust-gated command execution. L0 callers get analysis-only; L1+ get approval. 150+ escape patterns checked before any command runs.
Scan any code for secrets, vulnerabilities, and prompt injection patterns. 20 injection rules + full secret/code scanner.
Full security intelligence access: dashboard, events, findings, alerts, correlations, and threat context — all via one tool.
Two access modes: native MCP over STDIO for Claude/GPT agents, or HTTP POST for any client. No SDK required.
34 purpose-built skills that teach agents how to interact with the sandbox runtime. Each skill is a SKILL.md file with CLI commands — no SDK, no code, just instructions agents follow.
base/skills/*/SKILL.md
Task lifecycle, sprint planning, canvas deployment, agent collaboration, vault secrets, and dynamic agent spawning.
Access control, code auditing, skill validation, security configuration, and container management.
Academic research, context anchoring, skill discovery, error pattern learning, and live data from Reddit & HackerNews.
Canvas design patterns with Lucide SVG reference, technical documentation, and canvas validation testing.
Sequential thinking chains, adaptive reasoning, project management, team orchestration, and context window optimization.
Git workflows, PR preparation and review, code cleanup, active maintenance, and agent commons patterns.
agentsmon-cli) that call REST APIsLike VirusTotal’s 70+ AV engines — but purpose-built for AI agent threats. 6 detection engines scan every file for prompt injection, sandbox escapes, supply chain poisoning, and more.
SecurityScanner, BehavioralMonitor, AdvancedThreatDetector, SupplyChainAnalyzer, SandboxMonitor, and YaraRuleEngine — each engine produces an independent verdict.
10 built-in rules detect crypto miners, reverse shells, C2 beacons, credential harvesting, and more. Add custom regex rules via API.
Like VirusTotal’s daily re-scans. Previously clean files get re-checked. Reputation drift triggers alerts when status changes.
Continuously expanding rule library built from real-world agent threat research.
AgentsMon validates itself. 13 scenarios exercise every detection engine with crafted malicious inputs, producing a publishable score and grade.
1. ValidationOrchestrator registers a validator agent via AgentRegistry
2. Creates 13 validation skills via SkillRegistry
3. Each scenario calls real service methods with known-malicious inputs
4. Asserts detection results: did the rule fire? Was the severity correct?
5. Produces a weighted score (0-100), letter grade (A-F), and publishable JSON/Markdown report
OpenClaw integrated VirusTotal to scan ClawHub skills — SHA-256 hash lookup against 70+ AV engines. Good for catching known malware. But OpenClaw acknowledged it's "not a silver bullet" — prompt injection, sandbox escapes, and capability abuse evade signature scanning entirely.
7.1% of ClawHub skills (283 of 3,984) contain critical credential-exposing
flaws
that are code patterns, not malware binaries. VirusTotal won't flag eval(userInput)
or a webhook exfiltration URL. AgentsMon will.
| Threat Type | AgentsMon | VirusTotal |
|---|---|---|
| Known malware (trojans, stealers) | Via IOCs | 70+ engines |
| Prompt injection (22 rules) | ✓ | — |
| Sandbox escape (53 rules) | ✓ | — |
| Supply chain IOCs (12 patterns) | ✓ | — |
| Capability risk analysis | 36+ patterns | — |
| Credential exposure in code | 29 rules | — |
| Runtime behavioral analysis | 115+ patterns | — |
| Trust-gated execution | 4 levels | — |
Source: The Hacker News, Feb 2026. Koi Security audit of 3,984 ClawHub skills.
One command spins up 4 containers, exercises every event type through the full analysis pipeline, and reports gaps. Loops until 100% satisfied.
Agent registration, dangerous commands, SSRF, sandbox escape, prompt injection, trust lifecycle, correlation chains, dashboard verification, SSE streaming
Backend (Node 20 + SQLite), Frontend (Vite + nginx), OpenClaw Simulator, Test Agent — all orchestrated via Docker Compose
Every event type verified end-to-end: ingestion → analysis → anomaly detection → alert creation → dashboard display → SSE broadcast
./e2e/run.sh openclaw --loop --verbose
Two product tiers: Auditor (passive monitoring) and Shield (active prevention). Both ship as pip/npm packages with fail-open safety.
pip install agentsmon
npm install @agentsmon/sdk
One security layer across every agent framework. See exactly what's covered.
| Feature | OC | LC | CA | AG | MCP | GEN |
|---|---|---|---|---|---|---|
| Security Scanning | ||||||
| Secret detection (29 rules) | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ |
| Code vulnerability scanning (32 rules) | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ |
| Prompt injection detection (20+ rules) | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ |
| Sandbox escape detection (53 rules) | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ |
| Dependency audit (npm) | ✓ | — | — | — | — | — |
| CVE tracking (framework-specific) | 4 | 2 | — | 1 | 4 | — |
| Behavioral Monitoring | ||||||
| Dangerous command detection (115+) | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ |
| File access anomaly detection | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ |
| SSRF & network request analysis | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ |
| PII detection & redaction (10 rules) | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ |
| Data exfiltration detection | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ |
| Memory poisoning detection | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ |
| Cross-session leakage detection | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ |
| AI-Powered Intelligence | ||||||
| Sentinel Agent (autonomous investigation) | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ |
| Attack chain correlation (6 chains) | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ |
| Trust level management (4 levels) | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ |
| AI-powered finding explanations | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ |
| Compliance & Audit | ||||||
| OWASP LLM Top 10 scoring | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ |
| OWASP ASI Top 10 compliance | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ |
| MITRE ATLAS mapping (35+ techniques) | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ |
| Immutable audit trail (SHA-256) | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ |
| SIEM export (CEF + OCSF) | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ |
| OpenTelemetry (OTLP) export | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ |
| Prometheus metrics + webhooks | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ |
| Platform-Specific Integrations | ||||||
| Config baseline & drift monitoring | ✓ | — | — | — | — | — |
| Skill / extension pre-install scanning | ✓ | — | — | — | — | — |
| MCP tool injection & server monitoring | ✓ | — | — | — | ✓ | — |
| Gateway security (IP blocking, brute force) | ✓ | — | — | — | — | — |
| CDP / WebSocket hijacking detection | ✓ | — | — | — | — | — |
| File integrity monitoring (SHA-256 baseline) | ✓ | — | — | — | — | — |
| Serialization CVE detection | — | ✓ | — | — | — | — |
| Autonomous action resource limits | — | — | — | ✓ | — | — |
A purpose-built dashboard for monitoring AI agent security posture in real time.
Built on industry frameworks to integrate with your existing security program.
Install AgentsMon in seconds. All data stays on your machine.
No cloud dependency, no telemetry, no vendor lock-in.
The Sentinel Agent starts automatically — set AI_API_KEY to enable
AI-powered investigations.