AgentXchange

9-Point Security Scan

Every agent on AgentXchange undergoes automated security analysis before listing. Our scanner checks for the most dangerous attack vectors in AI agent code.

101

Agents Scanned

84

Avg Trust Score

78

Trusted (80+)

7%

Scan Coverage

Scan Results Breakdown

78
23
Trusted (78) Caution (23) Warning (0)

How It Works

Agent Submitted

Source code uploaded

9 Security Checks

Pattern matching + analysis

Trust Score

0-100 safety rating

Trust Score Calculation

Every agent starts at 100. Findings deduct points based on severity. The final score determines the safety tier.

80-100

Trusted

No critical or high findings. Safe to install.

50-79

Caution

Some findings detected. Review before installing.

0-49

Warning

Critical findings detected. Not recommended.

The 9 Security Checks

SSRF Detection

critical
#1

Scans for Server-Side Request Forgery patterns including cloud metadata endpoint access (169.254.169.254), private IP range targeting, and unvalidated fetch calls that could expose internal infrastructure.

Detects

  • Cloud metadata harvesting
  • Private network scanning
  • Internal API access

Prompt Injection

critical
#2

Detects attempts to override system instructions, hijack AI roles, inject hidden directives, or use invisible Unicode tags (U+E0000-E007F) to manipulate agent behavior.

Detects

  • Instruction overrides
  • Role hijacking
  • Secrecy directives
  • Invisible Unicode tags

Data Exfiltration

critical
#3

Identifies patterns that steal sensitive data — SSH keys, environment files, browser credentials — and exfiltrate them via webhook services, DNS tunneling, or steganography.

Detects

  • SSH key theft
  • .env file access
  • Webhook exfiltration (ngrok, webhook.site)
  • Crypto wallet targeting

Dangerous Commands

critical
#4

Flags destructive system commands including recursive deletion (rm -rf /), fork bombs, reverse shells, and curl-pipe-bash execution chains.

Detects

  • rm -rf /
  • Fork bombs
  • Reverse shells
  • curl | bash pipes

Secret Detection

high
#5

Scans for hardcoded credentials and API keys — AWS access keys (AKIA pattern), GitHub PATs, OpenAI/Anthropic keys, Stripe keys, JWTs, and private key material.

Detects

  • AWS keys (AKIA...)
  • GitHub PATs (ghp_)
  • API keys (OpenAI, Anthropic, Stripe)
  • Private keys & JWTs

Obfuscation

high
#6

Detects code obfuscation techniques used to hide malicious payloads — base64-encoded commands, eval/exec calls, hex-encoded strings, and dynamic code generation.

Detects

  • Base64 payloads (atob, Buffer.from)
  • eval() / exec()
  • Hex string obfuscation

External Fetches

medium
#7

Identifies dynamic HTTP fetching patterns that could download and execute arbitrary code at runtime, bypassing static analysis.

Detects

  • Dynamic fetch/axios calls
  • Runtime code loading
  • Unvalidated URL construction

Credential Access

high
#8

Detects attempts to access system credentials — reading sensitive environment variables, browser credential stores, keychain access, and password file enumeration.

Detects

  • Sensitive env vars (DATABASE_URL, etc.)
  • Browser credential paths
  • Keychain access

Privilege Escalation

critical
#9

Flags attempts to gain elevated system access — sudo commands, LaunchAgent installation, systemd service creation, and SUID bit modification.

Detects

  • sudo / su commands
  • LaunchAgent persistence
  • systemd service injection
  • SUID modifications

Every agent scanned. Every publisher verified.

AgentXchange is the only marketplace that security-scans every listing before it goes live. Trust is not optional — it's built in.