← Back to search
@microsoft/agentos-mcp-server
Public Preview — AgentOS MCP Server for Claude Desktop: Build, deploy, and manage policy-compliant autonomous agents
D
58.6 / 100
Versions
4.0.0 latest Jun 5, 2026
3.7.0 May 18, 2026
3.6.0 May 18, 2026
3.5.0 May 8, 2026
3.4.0 May 5, 2026
3.3.0 Apr 27, 2026
3.2.2 Apr 22, 2026
3.2.1 Apr 22, 2026
3.2.0 Apr 22, 2026
3.1.1 Apr 21, 2026
3.1.0 Apr 11, 2026
3.0.1 Apr 1, 2026
3.0.0 Mar 26, 2026
2.3.0 Mar 26, 2026
2.2.0 Mar 18, 2026
1.1.0 Mar 8, 2026
1.0.1 Mar 6, 2026
1.0.0 Mar 4, 2026
Tools 0
No tools indexed yet.
Permissions 0
No permissions indexed yet.
Scan Findings 518
info
package.json metadata
info
pyproject.toml metadata
info
Tool: read_file
info
Tool: write_file
info
Tool: query_database
info
Tool: filesystem_read
info
Tool: database_query
info
Tool: api_call
info
Tool: check_trust
info
Tool: get_trust_score
info
Tool: establish_handshake
info
Tool: verify_delegation
info
Tool: record_interaction
info
Tool: get_identity
info
Transport: stdio
info
Required env vars (158)
low
Tool 'read_file' has no annotations
low
Tool 'write_file' has no annotations
low
Tool 'query_database' has no annotations
low
Tool 'filesystem_read' has no annotations
low
Tool 'database_query' has no annotations
low
Tool 'api_call' has no annotations
low
Tool 'check_trust' has no annotations
low
Tool 'get_trust_score' has no annotations
low
Tool 'establish_handshake' has no annotations
low
Tool 'verify_delegation' has no annotations
low
Tool 'record_interaction' has no annotations
low
Tool 'get_identity' has no annotations
high
Hardcoded API key in agent-governance-python/agent-os/tests/test_security_skills.py
medium
Permission: network access detected
low
Permission: filesystem access detected
high
Permission: shell access detected
medium
Permission: database access detected
low
Permission: env_vars access detected
medium
Excessive dependency count: 324 direct dependencies
medium
Suspicious package name: react-dom
medium
Vulnerable dependency: zod@3.22.0 (GHSA-m95q-7qp3-xv42)
medium
Vulnerable dependency: mcp@1.0.0 (GHSA-3qhf-m339-9g5v)
medium
Vulnerable dependency: mcp@1.0.0 (GHSA-9h52-p55h-vw2f)
medium
Vulnerable dependency: mcp@1.0.0 (GHSA-j975-95f5-7wqh)
medium
Vulnerable dependency: pytest@7.4.0 (GHSA-6w46-j5rx-g56g)
medium
Vulnerable dependency: pynacl@1.5.0 (GHSA-mrfv-m5wm-5w6w)
medium
Vulnerable dependency: python-multipart@0.0.26 (GHSA-pp6c-gr5w-3c5g)
medium
Vulnerable dependency: langchain-core@1.2.28 (GHSA-pjwx-r37v-7724)
medium
Vulnerable dependency: llama-index-core@0.13.0,<0.15.0 (GHSA-3wxx-q3gv-pvvv)
medium
Vulnerable dependency: llama-index-core@0.13.0,<0.15.0 (GHSA-488g-hw5f-x29p)
medium
Vulnerable dependency: llama-index-core@0.13.0,<0.15.0 (GHSA-7753-xrfw-ch36)
medium
Vulnerable dependency: llama-index-core@0.13.0,<0.15.0 (GHSA-cr7q-2w66-hjcm)
medium
Vulnerable dependency: llama-index-core@0.13.0,<0.15.0 (GHSA-fxc2-8m62-m85x)
medium
Vulnerable dependency: llama-index-core@0.13.0,<0.15.0 (GHSA-j3wr-m6xh-64hg)
medium
Vulnerable dependency: llama-index-core@0.13.0,<0.15.0 (GHSA-r6gp-rff2-p3hf)
medium
Vulnerable dependency: llama-index-core@0.13.0,<0.15.0 (GHSA-wvpx-g427-q9wc)
medium
Vulnerable dependency: cryptography@46.0.7,<47.0 (GHSA-3ww4-gg4f-jr7f)
medium
Vulnerable dependency: cryptography@46.0.7,<47.0 (GHSA-9v9h-cgj8-h64p)
medium
Vulnerable dependency: cryptography@46.0.7,<47.0 (GHSA-hggm-jpg3-v476)
medium
Vulnerable dependency: cryptography@46.0.7,<47.0 (GHSA-m959-cc7f-wv43)
medium
Vulnerable dependency: cryptography@46.0.7,<47.0 (GHSA-q3cj-2r34-2cwc)
medium
Vulnerable dependency: cryptography@46.0.7,<47.0 (GHSA-r6ph-v2qm-q3c2)
medium
Vulnerable dependency: cryptography@46.0.7,<47.0 (PYSEC-2017-8)
medium
Vulnerable dependency: cryptography@46.0.7,<47.0 (PYSEC-2021-62)
medium
Vulnerable dependency: cryptography@46.0.7,<47.0 (PYSEC-2026-35)
medium
Vulnerable dependency: pyyaml@6.0,<7.0 (GHSA-8q59-q68h-6hv4)
medium
Vulnerable dependency: pyyaml@6.0,<7.0 (GHSA-rprw-h62v-c2w7)
medium
Vulnerable dependency: pyyaml@6.0,<7.0 (PYSEC-2018-49)
medium
Vulnerable dependency: pyyaml@6.0,<7.0 (PYSEC-2021-142)
medium
Vulnerable dependency: httpx@0.27.0,<1.0 (GHSA-h8pj-cxx2-jfg2)
medium
Vulnerable dependency: httpx@0.27.0,<1.0 (PYSEC-2022-183)
medium
Vulnerable dependency: pydantic@2.4.0,<3.0 (GHSA-5jqp-qgf6-3pvh)
medium
Vulnerable dependency: pydantic@2.4.0,<3.0 (GHSA-mr82-8j83-vxmv)
medium
Vulnerable dependency: pydantic@2.4.0,<3.0 (PYSEC-2021-47)
medium
Vulnerable dependency: pydantic@2.5.0,<3.0 (GHSA-5jqp-qgf6-3pvh)
medium
Vulnerable dependency: pydantic@2.5.0,<3.0 (GHSA-mr82-8j83-vxmv)
medium
Vulnerable dependency: pydantic@2.5.0,<3.0 (PYSEC-2021-47)
medium
Vulnerable dependency: numpy@1.20.0,<2.0 (GHSA-2fc2-6r4j-p65h)
medium
Vulnerable dependency: numpy@1.20.0,<2.0 (GHSA-5545-2q6w-2gh6)
medium
Vulnerable dependency: numpy@1.20.0,<2.0 (GHSA-9fq2-x9r6-wfmf)
medium
Vulnerable dependency: numpy@1.20.0,<2.0 (GHSA-cw6w-4rcx-xphc)
medium
Vulnerable dependency: numpy@1.20.0,<2.0 (GHSA-f7c7-j99h-c22f)
medium
Vulnerable dependency: numpy@1.20.0,<2.0 (GHSA-fpfv-jqm9-f5jm)
medium
Vulnerable dependency: numpy@1.20.0,<2.0 (GHSA-frgw-fgh6-9g52)
medium
Vulnerable dependency: numpy@1.20.0,<2.0 (PYSEC-2017-1)
medium
Vulnerable dependency: numpy@1.20.0,<2.0 (PYSEC-2018-33)
medium
Vulnerable dependency: numpy@1.20.0,<2.0 (PYSEC-2018-34)
medium
Vulnerable dependency: numpy@1.20.0,<2.0 (PYSEC-2019-108)
medium
Vulnerable dependency: numpy@1.20.0,<2.0 (PYSEC-2021-856)
medium
Vulnerable dependency: numpy@1.20.0,<2.0 (PYSEC-2021-857)
medium
Vulnerable dependency: fastapi@0.115.0,<1.0 (GHSA-8h2j-cgx8-6xv7)
medium
Vulnerable dependency: fastapi@0.115.0,<1.0 (PYSEC-2021-100)
medium
Vulnerable dependency: fastapi@0.115.0,<1.0 (PYSEC-2024-38)
medium
Vulnerable dependency: pypdf@6.10.2,<7.0 (GHSA-2q4j-m29v-hq73)
medium
Vulnerable dependency: pypdf@6.10.2,<7.0 (GHSA-2rw7-x74f-jg35)
medium
Vulnerable dependency: pypdf@6.10.2,<7.0 (GHSA-3crg-w4f6-42mx)
medium
Vulnerable dependency: pypdf@6.10.2,<7.0 (GHSA-4f6g-68pf-7vhv)
medium
Vulnerable dependency: pypdf@6.10.2,<7.0 (GHSA-4pxv-j86v-mhcw)
medium
Vulnerable dependency: pypdf@6.10.2,<7.0 (GHSA-4xc4-762w-m6cg)
medium
Vulnerable dependency: pypdf@6.10.2,<7.0 (GHSA-7gw9-cf7v-778f)
medium
Vulnerable dependency: pypdf@6.10.2,<7.0 (GHSA-7hfw-26vp-jp8m)
medium
Vulnerable dependency: pypdf@6.10.2,<7.0 (GHSA-87mj-5ggw-8qc3)
medium
Vulnerable dependency: pypdf@6.10.2,<7.0 (GHSA-996q-pr4m-cvgq)
medium
Vulnerable dependency: pypdf@6.10.2,<7.0 (GHSA-9m86-7pmv-2852)
medium
Vulnerable dependency: pypdf@6.10.2,<7.0 (GHSA-9mvc-8737-8j8h)
medium
Vulnerable dependency: pypdf@6.10.2,<7.0 (GHSA-f2v5-7jq9-h8cg)
medium
Vulnerable dependency: pypdf@6.10.2,<7.0 (GHSA-hqmh-ppp3-xvm7)
medium
Vulnerable dependency: pypdf@6.10.2,<7.0 (GHSA-jfx9-29x2-rv3j)
medium
Vulnerable dependency: pypdf@6.10.2,<7.0 (GHSA-jj6c-8h6c-hppx)
medium
Vulnerable dependency: pypdf@6.10.2,<7.0 (GHSA-m449-cwjh-6pw7)
medium
Vulnerable dependency: pypdf@6.10.2,<7.0 (GHSA-qpxp-75px-xjcp)
medium
Vulnerable dependency: pypdf@6.10.2,<7.0 (GHSA-vr63-x8vc-m265)
medium
Vulnerable dependency: pypdf@6.10.2,<7.0 (GHSA-wgvp-vg3v-2xq3)
medium
Vulnerable dependency: pypdf@6.10.2,<7.0 (GHSA-x284-j5p8-9c5p)
medium
Vulnerable dependency: pypdf@6.10.2,<7.0 (GHSA-x7hp-r3qg-r3cj)
medium
Vulnerable dependency: lxml@4.9.3,<7.0 (GHSA-55x5-fj6c-h6m8)
medium
Vulnerable dependency: lxml@4.9.3,<7.0 (GHSA-57qw-cc2g-pv5p)
medium
Vulnerable dependency: lxml@4.9.3,<7.0 (GHSA-jq4v-f5q6-mjqq)
medium
Vulnerable dependency: lxml@4.9.3,<7.0 (GHSA-pgww-xf46-h92r)
medium
Vulnerable dependency: lxml@4.9.3,<7.0 (GHSA-vfmq-68hx-4jfw)
medium
Vulnerable dependency: lxml@4.9.3,<7.0 (GHSA-wrxv-2j5q-m38w)
medium
Vulnerable dependency: lxml@4.9.3,<7.0 (GHSA-xp26-p53h-6h2p)
medium
Vulnerable dependency: lxml@4.9.3,<7.0 (PYSEC-2014-9)
medium
Vulnerable dependency: lxml@4.9.3,<7.0 (PYSEC-2018-12)
medium
Vulnerable dependency: lxml@4.9.3,<7.0 (PYSEC-2021-19)
medium
Vulnerable dependency: lxml@4.9.3,<7.0 (PYSEC-2021-852)
medium
Vulnerable dependency: lxml@4.9.3,<7.0 (PYSEC-2022-230)
medium
Vulnerable dependency: lxml@4.9.3,<7.0 (PYSEC-2026-87)
medium
Vulnerable dependency: python-multipart@0.0.22,<1.0 (GHSA-2jv5-9r88-3w3p)
medium
Vulnerable dependency: python-multipart@0.0.22,<1.0 (GHSA-59g5-xgcq-4qw3)
medium
Vulnerable dependency: python-multipart@0.0.22,<1.0 (GHSA-mj87-hwqh-73pj)
medium
Vulnerable dependency: python-multipart@0.0.22,<1.0 (GHSA-pp6c-gr5w-3c5g)
medium
Vulnerable dependency: python-multipart@0.0.22,<1.0 (GHSA-wp53-j4wj-2cfg)
medium
Vulnerable dependency: numpy@1.26.2,<2.0 (GHSA-2fc2-6r4j-p65h)
medium
Vulnerable dependency: numpy@1.26.2,<2.0 (GHSA-5545-2q6w-2gh6)
medium
Vulnerable dependency: numpy@1.26.2,<2.0 (GHSA-9fq2-x9r6-wfmf)
medium
Vulnerable dependency: numpy@1.26.2,<2.0 (GHSA-cw6w-4rcx-xphc)
medium
Vulnerable dependency: numpy@1.26.2,<2.0 (GHSA-f7c7-j99h-c22f)
medium
Vulnerable dependency: numpy@1.26.2,<2.0 (GHSA-fpfv-jqm9-f5jm)
medium
Vulnerable dependency: numpy@1.26.2,<2.0 (GHSA-frgw-fgh6-9g52)
medium
Vulnerable dependency: numpy@1.26.2,<2.0 (PYSEC-2017-1)
medium
Vulnerable dependency: numpy@1.26.2,<2.0 (PYSEC-2018-33)
medium
Vulnerable dependency: numpy@1.26.2,<2.0 (PYSEC-2018-34)
medium
Vulnerable dependency: numpy@1.26.2,<2.0 (PYSEC-2019-108)
medium
Vulnerable dependency: numpy@1.26.2,<2.0 (PYSEC-2021-856)
medium
Vulnerable dependency: numpy@1.26.2,<2.0 (PYSEC-2021-857)
medium
Vulnerable dependency: scikit-learn@1.6.1,<2.0 (GHSA-jjw5-xxj6-pcv5)
medium
Vulnerable dependency: scikit-learn@1.6.1,<2.0 (GHSA-jw8x-6495-233v)
medium
Vulnerable dependency: scikit-learn@1.6.1,<2.0 (PYSEC-2020-107)
medium
Vulnerable dependency: scikit-learn@1.6.1,<2.0 (PYSEC-2020-108)
medium
Vulnerable dependency: scikit-learn@1.6.1,<2.0 (PYSEC-2024-110)
medium
Vulnerable dependency: pyyaml@6.0.0,<7.0 (GHSA-8q59-q68h-6hv4)
medium
Vulnerable dependency: pyyaml@6.0.0,<7.0 (GHSA-rprw-h62v-c2w7)
medium
Vulnerable dependency: pyyaml@6.0.0,<7.0 (PYSEC-2018-49)
medium
Vulnerable dependency: pyyaml@6.0.0,<7.0 (PYSEC-2021-142)
medium
Vulnerable dependency: aiohttp@3.13.4,<4.0 (GHSA-2vrm-gr82-f7m5)
medium
Vulnerable dependency: aiohttp@3.13.4,<4.0 (GHSA-3wq7-rqq7-wx6j)
medium
Vulnerable dependency: aiohttp@3.13.4,<4.0 (GHSA-45c4-8wx5-qw6w)
medium
Vulnerable dependency: aiohttp@3.13.4,<4.0 (GHSA-54jq-c3m8-4m76)
medium
Vulnerable dependency: aiohttp@3.13.4,<4.0 (GHSA-5m98-qgg9-wh84)
medium
Vulnerable dependency: aiohttp@3.13.4,<4.0 (GHSA-63hf-3vf5-4wqf)
medium
Vulnerable dependency: aiohttp@3.13.4,<4.0 (GHSA-69f9-5gxw-wvc2)
medium
Vulnerable dependency: aiohttp@3.13.4,<4.0 (GHSA-6jhg-hg63-jvvf)
medium
Vulnerable dependency: aiohttp@3.13.4,<4.0 (GHSA-6mq8-rvhq-8wgg)
medium
Vulnerable dependency: aiohttp@3.13.4,<4.0 (GHSA-7gpw-8wmc-pm8g)
medium
Vulnerable dependency: aiohttp@3.13.4,<4.0 (GHSA-8495-4g3g-x7pr)
medium
Vulnerable dependency: aiohttp@3.13.4,<4.0 (GHSA-8qpw-xqxj-h4r2)
medium
Vulnerable dependency: aiohttp@3.13.4,<4.0 (GHSA-9548-qrrj-x5pj)
medium
Vulnerable dependency: aiohttp@3.13.4,<4.0 (GHSA-966j-vmvw-g2g9)
medium
Vulnerable dependency: aiohttp@3.13.4,<4.0 (GHSA-c427-h43c-vf67)
medium
Vulnerable dependency: aiohttp@3.13.4,<4.0 (GHSA-fh55-r93g-j68g)
medium
Vulnerable dependency: aiohttp@3.13.4,<4.0 (GHSA-g84x-mcqj-x9qq)
medium
Vulnerable dependency: aiohttp@3.13.4,<4.0 (GHSA-gfw2-4jvh-wgfg)
medium
Vulnerable dependency: aiohttp@3.13.4,<4.0 (GHSA-hcc4-c3v8-rx92)
medium
Vulnerable dependency: aiohttp@3.13.4,<4.0 (GHSA-jj3x-wxrx-4x23)
medium
Vulnerable dependency: aiohttp@3.13.4,<4.0 (GHSA-m5qp-6w8w-w647)
medium
Vulnerable dependency: aiohttp@3.13.4,<4.0 (GHSA-mqqc-3gqh-h2x8)
medium
Vulnerable dependency: aiohttp@3.13.4,<4.0 (GHSA-mwh4-6h8g-pg8w)
medium
Vulnerable dependency: aiohttp@3.13.4,<4.0 (GHSA-p998-jp59-783m)
medium
Vulnerable dependency: aiohttp@3.13.4,<4.0 (GHSA-pjjw-qhg8-p2p9)
medium
Vulnerable dependency: aiohttp@3.13.4,<4.0 (GHSA-q3qx-c6g2-7pw2)
medium
Vulnerable dependency: aiohttp@3.13.4,<4.0 (GHSA-qvrw-v9rv-5rjx)
medium
Vulnerable dependency: aiohttp@3.13.4,<4.0 (GHSA-v6wp-4m6f-gcjg)
medium
Vulnerable dependency: aiohttp@3.13.4,<4.0 (GHSA-w2fm-2cpv-w7v5)
medium
Vulnerable dependency: aiohttp@3.13.4,<4.0 (GHSA-xx9p-xxvh-7g8j)
medium
Vulnerable dependency: aiohttp@3.13.4,<4.0 (PYSEC-2021-76)
medium
Vulnerable dependency: aiohttp@3.13.4,<4.0 (PYSEC-2023-120)
medium
Vulnerable dependency: aiohttp@3.13.4,<4.0 (PYSEC-2023-246)
medium
Vulnerable dependency: aiohttp@3.13.4,<4.0 (PYSEC-2023-247)
medium
Vulnerable dependency: aiohttp@3.13.4,<4.0 (PYSEC-2023-250)
medium
Vulnerable dependency: aiohttp@3.13.4,<4.0 (PYSEC-2023-251)
medium
Vulnerable dependency: aiohttp@3.13.4,<4.0 (PYSEC-2024-26)
medium
Vulnerable dependency: mcp@1.0.0,<2.0 (GHSA-3qhf-m339-9g5v)
medium
Vulnerable dependency: mcp@1.0.0,<2.0 (GHSA-9h52-p55h-vw2f)
medium
Vulnerable dependency: mcp@1.0.0,<2.0 (GHSA-j975-95f5-7wqh)
medium
Vulnerable dependency: pydantic@2.4.0,<3.0.0 (GHSA-5jqp-qgf6-3pvh)
medium
Vulnerable dependency: pydantic@2.4.0,<3.0.0 (GHSA-mr82-8j83-vxmv)
medium
Vulnerable dependency: pydantic@2.4.0,<3.0.0 (PYSEC-2021-47)
medium
Vulnerable dependency: numpy@1.24.0,<2.0 (GHSA-2fc2-6r4j-p65h)
medium
Vulnerable dependency: numpy@1.24.0,<2.0 (GHSA-5545-2q6w-2gh6)
medium
Vulnerable dependency: numpy@1.24.0,<2.0 (GHSA-9fq2-x9r6-wfmf)
medium
Vulnerable dependency: numpy@1.24.0,<2.0 (GHSA-cw6w-4rcx-xphc)
medium
Vulnerable dependency: numpy@1.24.0,<2.0 (GHSA-f7c7-j99h-c22f)
medium
Vulnerable dependency: numpy@1.24.0,<2.0 (GHSA-fpfv-jqm9-f5jm)
medium
Vulnerable dependency: numpy@1.24.0,<2.0 (GHSA-frgw-fgh6-9g52)
medium
Vulnerable dependency: numpy@1.24.0,<2.0 (PYSEC-2017-1)
medium
Vulnerable dependency: numpy@1.24.0,<2.0 (PYSEC-2018-33)
medium
Vulnerable dependency: numpy@1.24.0,<2.0 (PYSEC-2018-34)
medium
Vulnerable dependency: numpy@1.24.0,<2.0 (PYSEC-2019-108)
medium
Vulnerable dependency: numpy@1.24.0,<2.0 (PYSEC-2021-856)
medium
Vulnerable dependency: numpy@1.24.0,<2.0 (PYSEC-2021-857)
medium
Vulnerable dependency: uvicorn@0.27.0,<1.0 (GHSA-33c7-2mpw-hg34)
medium
Vulnerable dependency: uvicorn@0.27.0,<1.0 (GHSA-f97h-2pfx-f59f)
medium
Vulnerable dependency: uvicorn@0.27.0,<1.0 (PYSEC-2020-150)
medium
Vulnerable dependency: uvicorn@0.27.0,<1.0 (PYSEC-2020-151)
medium
Vulnerable dependency: pydantic@2.5.3,<3.0 (GHSA-5jqp-qgf6-3pvh)
medium
Vulnerable dependency: pydantic@2.5.3,<3.0 (GHSA-mr82-8j83-vxmv)
medium
Vulnerable dependency: pydantic@2.5.3,<3.0 (PYSEC-2021-47)
medium
Vulnerable dependency: cryptography@46.0.7,<49.0 (GHSA-3ww4-gg4f-jr7f)
medium
Vulnerable dependency: cryptography@46.0.7,<49.0 (GHSA-9v9h-cgj8-h64p)
medium
Vulnerable dependency: cryptography@46.0.7,<49.0 (GHSA-hggm-jpg3-v476)
medium
Vulnerable dependency: cryptography@46.0.7,<49.0 (GHSA-m959-cc7f-wv43)
medium
Vulnerable dependency: cryptography@46.0.7,<49.0 (GHSA-q3cj-2r34-2cwc)
medium
Vulnerable dependency: cryptography@46.0.7,<49.0 (GHSA-r6ph-v2qm-q3c2)
medium
Vulnerable dependency: cryptography@46.0.7,<49.0 (PYSEC-2017-8)
medium
Vulnerable dependency: cryptography@46.0.7,<49.0 (PYSEC-2021-62)
medium
Vulnerable dependency: cryptography@46.0.7,<49.0 (PYSEC-2026-35)
medium
Vulnerable dependency: pynacl@1.5.0,<2.0 (GHSA-mrfv-m5wm-5w6w)
medium
Vulnerable dependency: pydantic@2.0,<3.0 (GHSA-5jqp-qgf6-3pvh)
medium
Vulnerable dependency: pydantic@2.0,<3.0 (GHSA-mr82-8j83-vxmv)
medium
Vulnerable dependency: pydantic@2.0,<3.0 (PYSEC-2021-47)
high
Generic API Key Assignment found in docs/security/scanning.md
high
Hardcoded Password found in examples/quickstart/autogen_governed.py
high
Generic API Key Assignment found in agent-governance-typescript/agent-os-vscode/src/extension.ts
high
Generic API Key Assignment found in agent-governance-typescript/agent-os-vscode/src/server/browserPolicyEditor.ts
high
Generic API Key Assignment found in agent-governance-typescript/agent-os-vscode/src/webviews/policyEditor/PolicyEditorPanel.ts
high
Hardcoded Password found in agent-governance-python/agent-os/docs/use-cases.md
high
Hardcoded Password found in agent-governance-python/agent-os/examples/self-evaluating/docs/UNIVERSAL_SIGNAL_BUS.md
high
Hardcoded Password found in agent-governance-python/agent-os/examples/self-evaluating/examples/sample_full_stack_agent.py
high
Hardcoded Password found in agent-governance-python/agent-os/examples/self-evaluating/examples/example_universal_signal_bus.py
high
Hardcoded Password found in agent-governance-python/agent-os/modules/observability/alertmanager/alertmanager.yml
high
Hardcoded Password found in agent-governance-python/agent-os/modules/scak/build_and_publish.ps1
high
Hardcoded Password found in agent-governance-python/agent-os/modules/control-plane/benchmark/red_team_dataset.py
medium
Hex string literal (>50 chars) in agent-governance-golang/packages/agentmesh/audit_test.go:135
medium
Hex string literal (>50 chars) in examples/reasoning-attestation-governed/getting_started.py:231
medium
Buffer.from base64 in agent-governance-typescript/src/identity.ts:518
medium
Buffer.from base64 in agent-governance-typescript/src/identity.ts:543
medium
Buffer.from base64 in agent-governance-typescript/src/encryption/mesh-client.ts:991
medium
Hex string literal (>50 chars) in agent-governance-python/agentmesh-integrations/mastra-agentmesh/src/audit.ts:13
medium
Hex string literal (>50 chars) in agent-governance-python/agentmesh-integrations/mastra-agentmesh/src/audit.ts:135
high
Long unicode escape chain in agent-governance-python/agent-os/examples/trading-governance/demo.py:781
high
Long unicode escape chain in agent-governance-python/agent-os/examples/trading-governance/demo.py:783
high
Long unicode escape chain in agent-governance-python/agent-os/examples/trading-governance/demo.py:788
medium
Buffer.from base64 in agent-governance-python/agent-mesh/services/api/src/services/identity.ts:34
medium
Buffer.from base64 in agent-governance-python/agent-mesh/services/api/src/services/identity.ts:50
medium
Buffer.from base64 in agent-governance-python/agent-mesh/services/api/src/services/identity.ts:60
info
SLSA Build Level 3 detected
high
High-risk OAuth scope: admin
info
Could not connect to MCP server for output poisoning scan
info
Could not connect to MCP server for behavioral verification
info
SBOM generated: 579 components
info
MITRE ATLAS technique coverage summary
info
ATLAS: Adversarial ML Supply Chain (AML.T0043)
info
ATLAS: Poison Training Data (AML.T0020)
info
ATLAS: Poison Training Data (AML.T0020)
info
package.json metadata
info
pyproject.toml metadata
info
Tool: read_file
info
Tool: write_file
info
Tool: query_database
info
Tool: filesystem_read
info
Tool: database_query
info
Tool: api_call
info
Tool: check_trust
info
Tool: get_trust_score
info
Tool: establish_handshake
info
Tool: verify_delegation
info
Tool: record_interaction
info
Tool: get_identity
info
Transport: stdio
info
Required env vars (153)
low
Tool 'read_file' has no annotations
low
Tool 'write_file' has no annotations
low
Tool 'query_database' has no annotations
low
Tool 'filesystem_read' has no annotations
low
Tool 'database_query' has no annotations
low
Tool 'api_call' has no annotations
low
Tool 'check_trust' has no annotations
low
Tool 'get_trust_score' has no annotations
low
Tool 'establish_handshake' has no annotations
low
Tool 'verify_delegation' has no annotations
low
Tool 'record_interaction' has no annotations
low
Tool 'get_identity' has no annotations
high
Hardcoded API key in agent-governance-python/agent-os/tests/test_security_skills.py
medium
Permission: network access detected
low
Permission: filesystem access detected
high
Permission: shell access detected
medium
Permission: database access detected
low
Permission: env_vars access detected
medium
Excessive dependency count: 326 direct dependencies
medium
Suspicious package name: react-dom
medium
Vulnerable dependency: zod@3.22.0 (GHSA-m95q-7qp3-xv42)
medium
Vulnerable dependency: mcp@1.0.0 (GHSA-3qhf-m339-9g5v)
medium
Vulnerable dependency: mcp@1.0.0 (GHSA-9h52-p55h-vw2f)
medium
Vulnerable dependency: mcp@1.0.0 (GHSA-j975-95f5-7wqh)
medium
Vulnerable dependency: pynacl@1.5.0 (GHSA-mrfv-m5wm-5w6w)
medium
Vulnerable dependency: pytest@7.4.0 (GHSA-6w46-j5rx-g56g)
medium
Vulnerable dependency: python-multipart@0.0.26 (GHSA-pp6c-gr5w-3c5g)
medium
Vulnerable dependency: llama-index-core@0.13.0,<0.15.0 (GHSA-3wxx-q3gv-pvvv)
medium
Vulnerable dependency: llama-index-core@0.13.0,<0.15.0 (GHSA-488g-hw5f-x29p)
medium
Vulnerable dependency: llama-index-core@0.13.0,<0.15.0 (GHSA-7753-xrfw-ch36)
medium
Vulnerable dependency: llama-index-core@0.13.0,<0.15.0 (GHSA-cr7q-2w66-hjcm)
medium
Vulnerable dependency: llama-index-core@0.13.0,<0.15.0 (GHSA-fxc2-8m62-m85x)
medium
Vulnerable dependency: llama-index-core@0.13.0,<0.15.0 (GHSA-j3wr-m6xh-64hg)
medium
Vulnerable dependency: llama-index-core@0.13.0,<0.15.0 (GHSA-r6gp-rff2-p3hf)
medium
Vulnerable dependency: llama-index-core@0.13.0,<0.15.0 (GHSA-wvpx-g427-q9wc)
medium
Vulnerable dependency: cryptography@46.0.7,<47.0 (GHSA-3ww4-gg4f-jr7f)
medium
Vulnerable dependency: cryptography@46.0.7,<47.0 (GHSA-9v9h-cgj8-h64p)
medium
Vulnerable dependency: cryptography@46.0.7,<47.0 (PYSEC-2021-62)
medium
Vulnerable dependency: pyyaml@6.0,<7.0 (GHSA-rprw-h62v-c2w7)
medium
Vulnerable dependency: pyyaml@6.0,<7.0 (PYSEC-2018-49)
medium
Vulnerable dependency: pyyaml@6.0,<7.0 (GHSA-8q59-q68h-6hv4)
medium
Vulnerable dependency: httpx@0.27.0,<1.0 (PYSEC-2022-183)
medium
Vulnerable dependency: langchain-core@1.2.28 (GHSA-pjwx-r37v-7724)
medium
Vulnerable dependency: cryptography@46.0.7,<47.0 (GHSA-q3cj-2r34-2cwc)
medium
Vulnerable dependency: cryptography@46.0.7,<47.0 (GHSA-r6ph-v2qm-q3c2)
medium
Vulnerable dependency: pydantic@2.4.0,<3.0 (PYSEC-2021-47)
medium
Vulnerable dependency: pydantic@2.4.0,<3.0 (GHSA-mr82-8j83-vxmv)
medium
Vulnerable dependency: numpy@1.20.0,<2.0 (GHSA-5545-2q6w-2gh6)
medium
Vulnerable dependency: numpy@1.20.0,<2.0 (GHSA-f7c7-j99h-c22f)
medium
Vulnerable dependency: numpy@1.20.0,<2.0 (PYSEC-2018-34)
medium
Vulnerable dependency: numpy@1.20.0,<2.0 (GHSA-cw6w-4rcx-xphc)
medium
Vulnerable dependency: numpy@1.20.0,<2.0 (PYSEC-2017-1)
medium
Vulnerable dependency: numpy@1.20.0,<2.0 (PYSEC-2021-857)
medium
Vulnerable dependency: fastapi@0.115.0,<1.0 (PYSEC-2021-100)
medium
Vulnerable dependency: fastapi@0.115.0,<1.0 (PYSEC-2024-38)
medium
Vulnerable dependency: pydantic@2.5.0,<3.0 (GHSA-mr82-8j83-vxmv)
medium
Vulnerable dependency: pypdf@6.10.2,<7.0 (GHSA-2q4j-m29v-hq73)
medium
Vulnerable dependency: pypdf@6.10.2,<7.0 (GHSA-2rw7-x74f-jg35)
medium
Vulnerable dependency: pypdf@6.10.2,<7.0 (GHSA-3crg-w4f6-42mx)
medium
Vulnerable dependency: pypdf@6.10.2,<7.0 (GHSA-4f6g-68pf-7vhv)
medium
Vulnerable dependency: pypdf@6.10.2,<7.0 (GHSA-4pxv-j86v-mhcw)
medium
Vulnerable dependency: pypdf@6.10.2,<7.0 (GHSA-4xc4-762w-m6cg)
medium
Vulnerable dependency: pypdf@6.10.2,<7.0 (GHSA-7gw9-cf7v-778f)
medium
Vulnerable dependency: pypdf@6.10.2,<7.0 (GHSA-7hfw-26vp-jp8m)
medium
Vulnerable dependency: pypdf@6.10.2,<7.0 (GHSA-87mj-5ggw-8qc3)
medium
Vulnerable dependency: pypdf@6.10.2,<7.0 (GHSA-996q-pr4m-cvgq)
medium
Vulnerable dependency: pypdf@6.10.2,<7.0 (GHSA-9m86-7pmv-2852)
medium
Vulnerable dependency: pypdf@6.10.2,<7.0 (GHSA-9mvc-8737-8j8h)
medium
Vulnerable dependency: pypdf@6.10.2,<7.0 (GHSA-f2v5-7jq9-h8cg)
medium
Vulnerable dependency: pypdf@6.10.2,<7.0 (GHSA-hqmh-ppp3-xvm7)
medium
Vulnerable dependency: pypdf@6.10.2,<7.0 (GHSA-jfx9-29x2-rv3j)
medium
Vulnerable dependency: pypdf@6.10.2,<7.0 (GHSA-jj6c-8h6c-hppx)
medium
Vulnerable dependency: pypdf@6.10.2,<7.0 (GHSA-m449-cwjh-6pw7)
medium
Vulnerable dependency: pypdf@6.10.2,<7.0 (GHSA-qpxp-75px-xjcp)
medium
Vulnerable dependency: pypdf@6.10.2,<7.0 (GHSA-vr63-x8vc-m265)
medium
Vulnerable dependency: pypdf@6.10.2,<7.0 (GHSA-wgvp-vg3v-2xq3)
medium
Vulnerable dependency: pypdf@6.10.2,<7.0 (GHSA-x284-j5p8-9c5p)
medium
Vulnerable dependency: pypdf@6.10.2,<7.0 (GHSA-x7hp-r3qg-r3cj)
medium
Vulnerable dependency: lxml@4.9.3,<7.0 (GHSA-55x5-fj6c-h6m8)
medium
Vulnerable dependency: lxml@4.9.3,<7.0 (GHSA-57qw-cc2g-pv5p)
medium
Vulnerable dependency: lxml@4.9.3,<7.0 (GHSA-jq4v-f5q6-mjqq)
medium
Vulnerable dependency: lxml@4.9.3,<7.0 (GHSA-pgww-xf46-h92r)
medium
Vulnerable dependency: lxml@4.9.3,<7.0 (GHSA-vfmq-68hx-4jfw)
medium
Vulnerable dependency: lxml@4.9.3,<7.0 (GHSA-wrxv-2j5q-m38w)
medium
Vulnerable dependency: lxml@4.9.3,<7.0 (GHSA-xp26-p53h-6h2p)
medium
Vulnerable dependency: lxml@4.9.3,<7.0 (PYSEC-2014-9)
medium
Vulnerable dependency: lxml@4.9.3,<7.0 (PYSEC-2018-12)
medium
Vulnerable dependency: lxml@4.9.3,<7.0 (PYSEC-2021-19)
medium
Vulnerable dependency: lxml@4.9.3,<7.0 (PYSEC-2021-852)
medium
Vulnerable dependency: lxml@4.9.3,<7.0 (PYSEC-2022-230)
medium
Vulnerable dependency: python-multipart@0.0.22,<1.0 (GHSA-2jv5-9r88-3w3p)
medium
Vulnerable dependency: python-multipart@0.0.22,<1.0 (GHSA-59g5-xgcq-4qw3)
medium
Vulnerable dependency: python-multipart@0.0.22,<1.0 (GHSA-mj87-hwqh-73pj)
medium
Vulnerable dependency: python-multipart@0.0.22,<1.0 (GHSA-pp6c-gr5w-3c5g)
medium
Vulnerable dependency: python-multipart@0.0.22,<1.0 (GHSA-wp53-j4wj-2cfg)
medium
Vulnerable dependency: numpy@1.26.2,<2.0 (GHSA-2fc2-6r4j-p65h)
medium
Vulnerable dependency: numpy@1.26.2,<2.0 (GHSA-5545-2q6w-2gh6)
medium
Vulnerable dependency: numpy@1.26.2,<2.0 (GHSA-9fq2-x9r6-wfmf)
medium
Vulnerable dependency: numpy@1.26.2,<2.0 (GHSA-cw6w-4rcx-xphc)
medium
Vulnerable dependency: numpy@1.26.2,<2.0 (GHSA-f7c7-j99h-c22f)
medium
Vulnerable dependency: numpy@1.26.2,<2.0 (GHSA-fpfv-jqm9-f5jm)
medium
Vulnerable dependency: numpy@1.26.2,<2.0 (GHSA-frgw-fgh6-9g52)
medium
Vulnerable dependency: numpy@1.26.2,<2.0 (PYSEC-2017-1)
medium
Vulnerable dependency: numpy@1.26.2,<2.0 (PYSEC-2018-33)
medium
Vulnerable dependency: numpy@1.26.2,<2.0 (PYSEC-2018-34)
medium
Vulnerable dependency: numpy@1.26.2,<2.0 (PYSEC-2019-108)
medium
Vulnerable dependency: numpy@1.26.2,<2.0 (PYSEC-2021-856)
medium
Vulnerable dependency: numpy@1.26.2,<2.0 (PYSEC-2021-857)
medium
Vulnerable dependency: scikit-learn@1.6.1,<2.0 (GHSA-jjw5-xxj6-pcv5)
medium
Vulnerable dependency: scikit-learn@1.6.1,<2.0 (GHSA-jw8x-6495-233v)
medium
Vulnerable dependency: scikit-learn@1.6.1,<2.0 (PYSEC-2020-107)
medium
Vulnerable dependency: scikit-learn@1.6.1,<2.0 (PYSEC-2020-108)
medium
Vulnerable dependency: scikit-learn@1.6.1,<2.0 (PYSEC-2024-110)
medium
Vulnerable dependency: numpy@1.20.0,<2.0 (GHSA-2fc2-6r4j-p65h)
medium
Vulnerable dependency: numpy@1.20.0,<2.0 (GHSA-9fq2-x9r6-wfmf)
medium
Vulnerable dependency: numpy@1.20.0,<2.0 (GHSA-fpfv-jqm9-f5jm)
medium
Vulnerable dependency: numpy@1.20.0,<2.0 (GHSA-frgw-fgh6-9g52)
medium
Vulnerable dependency: numpy@1.20.0,<2.0 (PYSEC-2018-33)
medium
Vulnerable dependency: numpy@1.20.0,<2.0 (PYSEC-2019-108)
medium
Vulnerable dependency: numpy@1.20.0,<2.0 (PYSEC-2021-856)
medium
Vulnerable dependency: pydantic@2.4.0,<3.0 (GHSA-5jqp-qgf6-3pvh)
medium
Vulnerable dependency: pyyaml@6.0.0,<7.0 (GHSA-8q59-q68h-6hv4)
medium
Vulnerable dependency: pyyaml@6.0.0,<7.0 (GHSA-rprw-h62v-c2w7)
medium
Vulnerable dependency: pyyaml@6.0.0,<7.0 (PYSEC-2018-49)
medium
Vulnerable dependency: pyyaml@6.0.0,<7.0 (PYSEC-2021-142)
medium
Vulnerable dependency: aiohttp@3.13.4,<4.0 (GHSA-3wq7-rqq7-wx6j)
medium
Vulnerable dependency: aiohttp@3.13.4,<4.0 (GHSA-45c4-8wx5-qw6w)
medium
Vulnerable dependency: aiohttp@3.13.4,<4.0 (GHSA-54jq-c3m8-4m76)
medium
Vulnerable dependency: aiohttp@3.13.4,<4.0 (GHSA-5m98-qgg9-wh84)
medium
Vulnerable dependency: aiohttp@3.13.4,<4.0 (GHSA-69f9-5gxw-wvc2)
medium
Vulnerable dependency: aiohttp@3.13.4,<4.0 (GHSA-6jhg-hg63-jvvf)
medium
Vulnerable dependency: aiohttp@3.13.4,<4.0 (GHSA-6mq8-rvhq-8wgg)
medium
Vulnerable dependency: aiohttp@3.13.4,<4.0 (GHSA-7gpw-8wmc-pm8g)
medium
Vulnerable dependency: aiohttp@3.13.4,<4.0 (GHSA-8495-4g3g-x7pr)
medium
Vulnerable dependency: aiohttp@3.13.4,<4.0 (GHSA-966j-vmvw-g2g9)
medium
Vulnerable dependency: aiohttp@3.13.4,<4.0 (GHSA-c427-h43c-vf67)
medium
Vulnerable dependency: aiohttp@3.13.4,<4.0 (GHSA-fh55-r93g-j68g)
medium
Vulnerable dependency: aiohttp@3.13.4,<4.0 (GHSA-g84x-mcqj-x9qq)
medium
Vulnerable dependency: aiohttp@3.13.4,<4.0 (GHSA-hcc4-c3v8-rx92)
medium
Vulnerable dependency: aiohttp@3.13.4,<4.0 (GHSA-mqqc-3gqh-h2x8)
medium
Vulnerable dependency: aiohttp@3.13.4,<4.0 (GHSA-mwh4-6h8g-pg8w)
medium
Vulnerable dependency: aiohttp@3.13.4,<4.0 (GHSA-pjjw-qhg8-p2p9)
medium
Vulnerable dependency: aiohttp@3.13.4,<4.0 (GHSA-q3qx-c6g2-7pw2)
medium
Vulnerable dependency: aiohttp@3.13.4,<4.0 (GHSA-xx9p-xxvh-7g8j)
medium
Vulnerable dependency: aiohttp@3.13.4,<4.0 (PYSEC-2021-76)
medium
Vulnerable dependency: aiohttp@3.13.4,<4.0 (PYSEC-2023-120)
medium
Vulnerable dependency: aiohttp@3.13.4,<4.0 (PYSEC-2023-251)
medium
Vulnerable dependency: mcp@1.0.0,<2.0 (GHSA-3qhf-m339-9g5v)
medium
Vulnerable dependency: pydantic@2.4.0,<3.0.0 (GHSA-5jqp-qgf6-3pvh)
medium
Vulnerable dependency: pydantic@2.4.0,<3.0.0 (GHSA-mr82-8j83-vxmv)
medium
Vulnerable dependency: pydantic@2.4.0,<3.0.0 (PYSEC-2021-47)
medium
Vulnerable dependency: numpy@1.24.0,<2.0 (GHSA-2fc2-6r4j-p65h)
medium
Vulnerable dependency: numpy@1.24.0,<2.0 (GHSA-5545-2q6w-2gh6)
medium
Vulnerable dependency: numpy@1.24.0,<2.0 (GHSA-9fq2-x9r6-wfmf)
medium
Vulnerable dependency: numpy@1.24.0,<2.0 (GHSA-cw6w-4rcx-xphc)
medium
Vulnerable dependency: numpy@1.24.0,<2.0 (GHSA-f7c7-j99h-c22f)
medium
Vulnerable dependency: numpy@1.24.0,<2.0 (GHSA-fpfv-jqm9-f5jm)
medium
Vulnerable dependency: numpy@1.24.0,<2.0 (GHSA-frgw-fgh6-9g52)
medium
Vulnerable dependency: numpy@1.24.0,<2.0 (PYSEC-2017-1)
medium
Vulnerable dependency: numpy@1.24.0,<2.0 (PYSEC-2018-33)
medium
Vulnerable dependency: numpy@1.24.0,<2.0 (PYSEC-2018-34)
medium
Vulnerable dependency: numpy@1.24.0,<2.0 (PYSEC-2019-108)
medium
Vulnerable dependency: numpy@1.24.0,<2.0 (PYSEC-2021-856)
medium
Vulnerable dependency: numpy@1.24.0,<2.0 (PYSEC-2021-857)
medium
Vulnerable dependency: fastapi@0.115.0,<1.0 (GHSA-8h2j-cgx8-6xv7)
medium
Vulnerable dependency: uvicorn@0.27.0,<1.0 (GHSA-33c7-2mpw-hg34)
medium
Vulnerable dependency: uvicorn@0.27.0,<1.0 (GHSA-f97h-2pfx-f59f)
medium
Vulnerable dependency: uvicorn@0.27.0,<1.0 (PYSEC-2020-150)
medium
Vulnerable dependency: uvicorn@0.27.0,<1.0 (PYSEC-2020-151)
medium
Vulnerable dependency: pydantic@2.5.3,<3.0 (GHSA-5jqp-qgf6-3pvh)
medium
Vulnerable dependency: pydantic@2.5.3,<3.0 (GHSA-mr82-8j83-vxmv)
medium
Vulnerable dependency: pydantic@2.5.3,<3.0 (PYSEC-2021-47)
medium
Vulnerable dependency: cryptography@46.0.7,<49.0 (GHSA-3ww4-gg4f-jr7f)
medium
Vulnerable dependency: cryptography@46.0.7,<49.0 (GHSA-9v9h-cgj8-h64p)
medium
Vulnerable dependency: cryptography@46.0.7,<49.0 (GHSA-hggm-jpg3-v476)
medium
Vulnerable dependency: cryptography@46.0.7,<49.0 (GHSA-m959-cc7f-wv43)
medium
Vulnerable dependency: cryptography@46.0.7,<49.0 (GHSA-q3cj-2r34-2cwc)
medium
Vulnerable dependency: cryptography@46.0.7,<49.0 (PYSEC-2017-8)
medium
Vulnerable dependency: pynacl@1.5.0,<2.0 (GHSA-mrfv-m5wm-5w6w)
medium
Vulnerable dependency: httpx@0.27.0,<1.0 (GHSA-h8pj-cxx2-jfg2)
medium
Vulnerable dependency: aiohttp@3.13.4,<4.0 (GHSA-2vrm-gr82-f7m5)
medium
Vulnerable dependency: aiohttp@3.13.4,<4.0 (GHSA-63hf-3vf5-4wqf)
medium
Vulnerable dependency: aiohttp@3.13.4,<4.0 (GHSA-8qpw-xqxj-h4r2)
medium
Vulnerable dependency: aiohttp@3.13.4,<4.0 (GHSA-9548-qrrj-x5pj)
medium
Vulnerable dependency: aiohttp@3.13.4,<4.0 (GHSA-gfw2-4jvh-wgfg)
medium
Vulnerable dependency: aiohttp@3.13.4,<4.0 (GHSA-jj3x-wxrx-4x23)
medium
Vulnerable dependency: aiohttp@3.13.4,<4.0 (GHSA-m5qp-6w8w-w647)
medium
Vulnerable dependency: aiohttp@3.13.4,<4.0 (GHSA-p998-jp59-783m)
medium
Vulnerable dependency: aiohttp@3.13.4,<4.0 (GHSA-qvrw-v9rv-5rjx)
medium
Vulnerable dependency: aiohttp@3.13.4,<4.0 (GHSA-v6wp-4m6f-gcjg)
medium
Vulnerable dependency: aiohttp@3.13.4,<4.0 (GHSA-w2fm-2cpv-w7v5)
medium
Vulnerable dependency: aiohttp@3.13.4,<4.0 (PYSEC-2023-246)
medium
Vulnerable dependency: aiohttp@3.13.4,<4.0 (PYSEC-2023-247)
medium
Vulnerable dependency: aiohttp@3.13.4,<4.0 (PYSEC-2023-250)
medium
Vulnerable dependency: aiohttp@3.13.4,<4.0 (PYSEC-2024-26)
medium
Vulnerable dependency: pyyaml@6.0,<7.0 (PYSEC-2021-142)
medium
Vulnerable dependency: mcp@1.0.0,<2.0 (GHSA-9h52-p55h-vw2f)
medium
Vulnerable dependency: mcp@1.0.0,<2.0 (GHSA-j975-95f5-7wqh)
medium
Vulnerable dependency: pydantic@2.5.0,<3.0 (GHSA-5jqp-qgf6-3pvh)
medium
Vulnerable dependency: pydantic@2.5.0,<3.0 (PYSEC-2021-47)
medium
Vulnerable dependency: cryptography@46.0.7,<47.0 (GHSA-hggm-jpg3-v476)
medium
Vulnerable dependency: cryptography@46.0.7,<47.0 (GHSA-m959-cc7f-wv43)
medium
Vulnerable dependency: cryptography@46.0.7,<47.0 (PYSEC-2017-8)
medium
Vulnerable dependency: pydantic@2.0,<3.0 (GHSA-5jqp-qgf6-3pvh)
medium
Vulnerable dependency: pydantic@2.0,<3.0 (GHSA-mr82-8j83-vxmv)
medium
Vulnerable dependency: pydantic@2.0,<3.0 (PYSEC-2021-47)
medium
Vulnerable dependency: cryptography@46.0.7,<49.0 (GHSA-r6ph-v2qm-q3c2)
medium
Vulnerable dependency: cryptography@46.0.7,<49.0 (PYSEC-2021-62)
high
Generic API Key Assignment found in docs/security-scanning.md
high
Generic API Key Assignment found in docs/security/scanning.md
high
Hardcoded Password found in examples/quickstart/autogen_governed.py
high
Generic API Key Assignment found in agent-governance-typescript/agent-os-vscode/src/extension.ts
high
Generic API Key Assignment found in agent-governance-typescript/agent-os-vscode/src/server/browserPolicyEditor.ts
high
Generic API Key Assignment found in agent-governance-typescript/agent-os-vscode/src/webviews/policyEditor/PolicyEditorPanel.ts
high
Hardcoded Password found in agent-governance-python/agent-os/docs/use-cases.md
high
Hardcoded Password found in agent-governance-python/agent-os/examples/self-evaluating/docs/UNIVERSAL_SIGNAL_BUS.md
high
Hardcoded Password found in agent-governance-python/agent-os/examples/self-evaluating/examples/sample_full_stack_agent.py
high
Hardcoded Password found in agent-governance-python/agent-os/examples/self-evaluating/examples/example_universal_signal_bus.py
high
Hardcoded Password found in agent-governance-python/agent-os/modules/observability/alertmanager/alertmanager.yml
high
Hardcoded Password found in agent-governance-python/agent-os/modules/scak/build_and_publish.ps1
high
Hardcoded Password found in agent-governance-python/agent-os/modules/control-plane/benchmark/red_team_dataset.py
medium
Hex string literal (>50 chars) in agent-governance-golang/packages/agentmesh/audit_test.go:135
medium
Hex string literal (>50 chars) in examples/reasoning-attestation-governed/getting_started.py:231
medium
Buffer.from base64 in agent-governance-typescript/src/identity.ts:518
medium
Buffer.from base64 in agent-governance-typescript/src/identity.ts:543
medium
Buffer.from base64 in agent-governance-typescript/src/encryption/mesh-client.ts:991
medium
Hex string literal (>50 chars) in agent-governance-python/agentmesh-integrations/mastra-agentmesh/src/audit.ts:13
medium
Hex string literal (>50 chars) in agent-governance-python/agentmesh-integrations/mastra-agentmesh/src/audit.ts:135
high
Long unicode escape chain in agent-governance-python/agent-os/examples/trading-governance/demo.py:781
high
Long unicode escape chain in agent-governance-python/agent-os/examples/trading-governance/demo.py:783
high
Long unicode escape chain in agent-governance-python/agent-os/examples/trading-governance/demo.py:788
medium
Buffer.from base64 in agent-governance-python/agent-mesh/services/api/src/services/identity.ts:34
medium
Buffer.from base64 in agent-governance-python/agent-mesh/services/api/src/services/identity.ts:50
medium
Buffer.from base64 in agent-governance-python/agent-mesh/services/api/src/services/identity.ts:60
info
SLSA Build Level 3 detected
high
High-risk OAuth scope: admin
info
Could not connect to MCP server for output poisoning scan
info
Could not connect to MCP server for behavioral verification
info
SBOM generated: 571 components
info
MITRE ATLAS technique coverage summary
info
ATLAS: Adversarial ML Supply Chain (AML.T0043)