Public AI agent scan radar

AI Agent Security Radar

A no-execution snapshot of popular public AI agent repos across browser automation, coding agents, multi-agent frameworks, graph runtimes, code-execution agents, and MCP-backed tool surfaces. Scores are heuristic triage signals, not confirmed vulnerabilities, certification, endorsement, or commissioned audit results.

Run your own scan AI agent audit service Request paid audit Open fixed quote

Sample8 public AI agent repos

Method90 selected public text files per repo via GitHub API

SafetyNo clone, dependency install, target execution, or live-service calls

HandoffUSD $1,000 human audit for one agent, repo, or slice

How to read this

Use the score to prioritize review, not to claim a bug

The scanner fetched public GitHub metadata and selected text blobs on June 20, 2026 Asia/Shanghai time. It looked for agent/tool surfaces, remote listeners, write actions, credential paths, auth gates, redaction, tests, and CI.

A lower score means the selected files produced more review signals. It can still miss controls outside the fetched slice, so paid work starts with fresh scope confirmation and evidence review.

Browser agents need review for authenticated sessions, clicks, downloads, page content, and JavaScript execution.

Coding agents and code-execution agents need sandbox, filesystem, network, token, and patch/write boundaries reviewed.

Multi-agent frameworks need memory, tool routing, human approval, remote runtime, and tenant boundary tests.

Radar snapshot

Popular public AI agent repos with review signals

browser-use/browser-use

Browser automation for AI agents

99,596 stars90 files scanned1 high / 2 medium

Top heuristic: Credential signals detected without redaction signals.

Run shareable scan Browser audit path AI agent audit path

OpenHands/OpenHands

AI-driven software development agent

77,768 stars90 files scanned1 high / 1 medium

Top heuristic: Write actions detected without obvious tool safety annotations.

Run shareable scan Coding agent audit path

microsoft/autogen

Agentic AI programming framework

59,075 stars90 files scanned1 high / 2 medium

Top heuristic: Credential signals detected without redaction signals.

Run shareable scan Multi-agent audit path

crewAIInc/crewAI

Multi-agent orchestration framework

53,986 stars90 files scanned1 high / 1 medium

Top heuristic: Write actions detected without obvious tool safety annotations.

Run shareable scan Multi-agent audit path

agno-agi/agno

Agent platform framework

40,769 stars90 files scanned2 high / 1 medium

Top heuristic: Write actions detected without obvious tool safety annotations.

Run shareable scan Agent platform audit path

langchain-ai/langgraph

Resilient agent graph framework

35,224 stars90 files scanned0 high / 2 medium

Top heuristic: Remote listener needs an explicit exposure policy.

Run shareable scan LangGraph audit path

huggingface/smolagents

Agents that think in code

27,935 stars90 files scanned1 high / 2 medium

Top heuristic: Credential signals detected without redaction signals.

Run shareable scan Code agent audit path

openai/openai-agents-python

Multi-agent workflow framework

27,266 stars90 files scanned0 high / 2 medium

Top heuristic: Remote listener needs an explicit exposure policy.

Run shareable scan AI agent audit path

Convert a signal

When to use the paid audit

You ship an AI agent that can browse, write files, execute code, call cloud APIs, use memory, or mutate workspace data.
The free scan points to write actions, credential paths, remote listeners, missing redaction evidence, or weak test visibility.
You need human validation, source-specific evidence, a ranked fix plan, and launch notes.
Payment starts only after written scope acceptance; the fixed quote is USD $1,000.

Start audit from Radar Open quote Review terms