Agent Security Harness
MaliciousAudited by VirusTotal on May 1, 2026.
Overview
Type: OpenClaw Skill Name: agent-security-harness Version: 4.4.2 The bundle describes a security testing harness for AI agents with 470 tests covering protocol integrity (MCP, A2A, x402) and decision governance. While the documentation (README.md, SKILL.md) frames the tool as a defensive resource for red-teaming and AIUC-1 compliance, it includes high-risk capabilities such as APT simulations (GTG-1002), jailbreak testing, and modules for simulating data exfiltration and backdoor creation (docs/ADVANCED.md, docs/TEST-INVENTORY.md). These adversarial features, while aligned with the stated purpose of a security tool, constitute high-risk behaviors that warrant a suspicious classification per the provided guidelines.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Installing the skill means trusting the external package and its dependencies, not just the documentation shown here.
The executable behavior comes from an external PyPI package and installed binary rather than code included in the reviewed skill files.
pip install agent-security-harness ... requires: bins: - agent-security ... package: agent-security-harness
Install only from the expected PyPI/GitHub source, pin versions where possible, and review the package code before using it in sensitive environments.
Running scans against unauthorized or production systems could cause operational noise or policy violations.
The skill is designed to send active adversarial security probes; this is purpose-aligned but can affect logs, rate limits, or service behavior if used on the wrong target.
Do NOT run against production systems without explicit written authorization. Use isolated staging environments or test accounts. This tool sends adversarial protocol messages
Use only on systems you own or are explicitly authorized to test, preferably in staging, and apply rate limits/delays for sensitive targets.
Using real production credentials could expose privileged systems to adversarial test traffic.
The harness may use operator-provided credentials to authenticate to test endpoints; this is disclosed and aligned with the tool's purpose.
API key environment variables (e.g. `PLATFORM_API_KEY`) are test fixtures the operator provides for their own staging endpoints
Use test accounts or narrowly scoped credentials, avoid production secrets, and rotate credentials after sensitive test runs if needed.
If exposed on a network without authentication, other clients could trigger scans or audits through the server.
The optional MCP server can expose scan tools to MCP-compatible agents; unauthenticated access is disclosed but should be handled carefully if the server is reachable beyond localhost.
exposes all scanning and audit tools as MCP tools ... If no `--api-key` is set, all tools are accessible without authentication.
Keep MCP server mode bound to localhost unless necessary, set an API key for shared or remote use, and avoid `--host 0.0.0.0` without access controls.
Saved reports could reveal endpoint behavior, vulnerabilities, or sensitive test traffic if shared too broadly.
Audit reports may persist detailed request/response data from tested systems, which can include sensitive operational context.
JSON reports with full request/response transcripts serve as audit evidence
Store reports securely, scrub sensitive data before sharing, and review CI artifact retention and access controls.