Show HN: Scan your AI agents for dangerous capabilities
smashini
41 points
19 comments
July 06, 2026
Related Discussions
Found 5 related stories in 681.8ms across 14,015 title embeddings via pgvector HNSW
- Show HN: Open-source playground to red-team AI agents with exploits published zachdotai · 21 pts · March 15, 2026 · 64% similar
- Show HN: Benchmark your eng team's AI agent maturity in 5 minutes adamgold7 · 13 pts · July 14, 2026 · 63% similar
- Show HN: AISlop, a CLI for catching AI generated code smells Heavykenny · 72 pts · May 29, 2026 · 62% similar
- Show HN: Git for AI Agents doshay · 97 pts · May 08, 2026 · 62% similar
- Show HN: A prompt that builds the most capable AI agent system fainir · 12 pts · March 28, 2026 · 62% similar
Discussion Highlights (6 comments)
smashini
Hey all :) I've been working an open-source toolkit to stop AI agents from running amok. You can scan your code (Python, JS, TS) and it will flag any risks and can offer fixes. It runs offline, but you can wire an LLM to do code analysis as well. You can run it with: npx @makerchecker/scan Would love to get any feedback!
__MatrixMan__
Why build separate frameworks for this kind of thing when your operating system is right there? You can make a file called "orders" and you can run your agent as a user with write access to that file, or as one that doesn't, and then you don't need scans or audits to tell you whether the agent can create orders or not, you can just take your operating system's word for it. Is there anything all this bolt-on AI security stuff does that can't instead be handled by donning a sysadmin hat and managing your agents as separate users?
pelagicAustral
haha! WHAT!? So, we had agents that came with a default setting to request for specific permission to perform an action, then we said "screw it!", we need speed and everybody started coding and releasing agents out in the wild to do whatever they want unchecked... and now we have a product that brings back the safeguards... A few years ago we have abstraction after abstraction coming in the way of blocking actual development (js ecosystem bloat), and now we have layer upon layer for coding with AI...
ucsandman
this is cool I'm working on a similar project called DashClaw. Great work!
christkarani
great stuff working in a similar project that enforces guardrails at runtime
Zie_Mordecai
Really great idea, simple yet effective.