Home > MCP Servers > opena2a

opena2a

Open-source security tools for AI agents. Find vulnerabilities, fix root causes, prove compliance.

agent-security ai-agents ai-security claude-code compliance copilot credential-protection cursor mcp typescript

Why this rank:Recent releaseStrong adoptionHealthy release cadence

Description

Open-source security tools for AI agents. Find vulnerabilities, fix root causes, prove compliance.

README

OpenA2A: CLI · HackMyAgent · Secretless · AIM · Browser Guard · DVAA

opena2a

Open-source security platform for AI agents. Installed as opena2a-cli on npm.

npx opena2a-cli review

  OpenA2A Security Review  v0.8.21

  Findings
  -----------------------------------------------
  Credential scan        3 hardcoded keys
  Shadow AI              2 agents, 4 MCP servers
  Config integrity       unsigned
  Governance             no SOUL.md
  -----------------------------------------------
  Security Score   30 / 100  -> 85 by running opena2a protect

  Run: opena2a protect    (fix all findings)

All demos

Install globally if you prefer:

npm install -g opena2a-cli
brew tap opena2a-org/tap && brew install opena2a

Built-in Help

You do not need this README. The CLI has built-in discovery:

opena2a ?                           # Contextual recommendations for your project
opena2a ~shadow ai                  # Semantic search across all commands
opena2a "find leaked credentials"   # Natural language command matching
opena2a                             # Interactive guided wizard (no args)

Commands

Command	What it does
`opena2a review`	Full security dashboard — HTML report, 6-phase assessment
`opena2a detect`	Find shadow AI agents, MCP servers, AI configs. Governance score.
`opena2a protect`	Fix everything — credentials, .gitignore, config signing
`opena2a init`	Read-only security assessment with trust score
`opena2a identity create`	Cryptographic identity for your project
`opena2a harden-soul`	Generate SOUL.md governance rules
`opena2a scan`	204 security checks via HackMyAgent
`opena2a shield init`	Full security setup — all of the above, one command

Full command reference: opena2a.org/docs

Ecosystem

Each command routes to a specialized tool, installed on first use:

Command	Tool	Description
`detect`	Shadow AI	Discover AI agents, MCP servers, AI configs
`identity`	AIM	Cryptographic identity, audit logs, trust scoring
`scan`	HackMyAgent	204 security checks, 115 attack payloads, auto-fix
`scan-soul`	SOUL Scanner	72 governance controls, 9 domains, 6 profiles
`harden-skill`	Skill Hardener	Frontmatter validation, permission scoping, integrity pinning
`secrets`	Secretless AI	Credential management for AI coding tools
`mcp`	MCP Security	Audit, sign, and verify MCP server configurations
`benchmark`	OASB	222 attack scenarios, compliance scoring
`train`	DVAA	Vulnerable AI agent for security training
`create`	Skill Scaffolding	Secure skill templates with signing and heartbeat
`guard harden`	HackMyAgent	Scan skills for hardening issues, auto-fix

Use Cases

Developer using AI coding tools — 5 minutes
Security team assessing AI risk — 10 minutes
MCP server author — 15 minutes
CI/CD pipeline integration

Docs

Full command reference, Shield subcommands, scope drift detection, behavioral governance, credential patterns, and CI/CD examples: opena2a.org/docs

Requirements

Node.js >= 18
Optional: Docker (for opena2a train)

License

Apache-2.0

Website · Docs · Discord · GitHub

Release History

Version	Changes	Urgency	Date
v0.10.7	Resolves #188, #189, #190. ### Fixes - `opena2a login --ci` fails fast (#189): exits non-zero immediately with an actionable message (pointing at `--api-key`) instead of blocking on `Waiting for authentication...`. A CI job with cached valid credentials still returns 0. - opena2a-prefixed next-steps (#190): `trust` / `publish` / `registry --help` and opena2a-cli's own setup hints now cite `opena2a` commands instead of bundled tool names. Delegated ai-trust stdout is rebranded line-buffe	High	6/3/2026
v0.10.4	## What's Changed * ci(release): per-package tag triggers + wire @opena2a/ai-classifier by @thebenignhacker in https://github.com/opena2a-org/opena2a/pull/87 * feat(cli-ui): export observations + analyst-render for shared CLI use by @thebenignhacker in https://github.com/opena2a-org/opena2a/pull/88 * feat(cli): wire @opena2a/cli-ui renderObservationsBlock into opena2a review by @thebenignhacker in https://github.com/opena2a-org/opena2a/pull/89 * fix(cli): aggregate HMA findings into opena2a revi	High	5/28/2026
telemetry-v0.3.0	## What's Changed * docs(readme): mirror AIM README structure by @thebenignhacker in https://github.com/opena2a-org/opena2a/pull/146 * fix(protect): anchored CLI self-exemption — replace substring marker check (closes #77) by @thebenignhacker in https://github.com/opena2a-org/opena2a/pull/147 * fix(cli): register secure alias + check --nanomind/--rescan flags (closes #135) by @thebenignhacker in https://github.com/opena2a-org/opena2a/pull/141 * feat(credential-patterns): 0.1.1 — block-comment ma	High	5/24/2026
cli-v0.10.3	## What's Changed * chore(cli): bump to 0.10.3 — adopt @opena2a/telemetry 0.2.0 by @thebenignhacker in https://github.com/opena2a-org/opena2a/pull/145 Full Changelog: https://github.com/opena2a-org/opena2a/compare/telemetry-v0.2.0...cli-v0.10.3	High	5/11/2026
cli-v0.10.2	## Security - OAuth tokens move from plaintext `~/.opena2a/auth.json` to OS keychain. macOS Keychain via `security`; Linux Secret Service via `secret-tool`. Service `opena2a-cli`, account `${serverUrl}:access` / `:refresh` — visible as discrete entries in macOS Passwords.app. Metadata file at `~/.opena2a/auth.json` (mode `0600`) retained with new `tokenStorage: 'keychain' \| 'file'` discriminator. Under keychain mode the file does NOT contain the token strings. - **Transparent migration on f	High	4/30/2026
cli-v0.9.1	## What's Changed * fix(cli): wire --no-contribute end-to-end (closes #107) — 0.9.1 by @thebenignhacker in https://github.com/opena2a-org/opena2a/pull/108 Full Changelog: https://github.com/opena2a-org/opena2a/compare/cli-v0.9.0...cli-v0.9.1	High	4/29/2026
check-core-v0.1.0	## What's Changed * feat(check-core): extract @opena2a/check-core 0.1.0 (CA-034 M3) by @thebenignhacker in https://github.com/opena2a-org/opena2a/pull/97 Full Changelog: https://github.com/opena2a-org/opena2a/compare/cli-ui-v0.3.0...check-core-v0.1.0	High	4/23/2026
ai-classifier-v0.1.1	## What's Changed * ci(release): per-package tag triggers + wire @opena2a/ai-classifier by @thebenignhacker in https://github.com/opena2a-org/opena2a/pull/87 Full Changelog: https://github.com/opena2a-org/opena2a/compare/v0.8.24...ai-classifier-v0.1.1	High	4/22/2026
v0.8.23	### Bug Fixes - `--server cloud` now resolves to `https://aim.oa2a.org` (AIM Cloud Phase 7 backend). Previously pointed to `api.aim.opena2a.org`, which serves a different product (community). Bare `aim.opena2a.org` still routes to `api.aim.opena2a.org` for community users. - Updated `--server` help text and login error message to reference the new default. ### Install - npm: `npm install -g opena2a-cli@0.8.23` - Homebrew: `brew upgrade opena2a`	High	4/14/2026
v0.8.22	## What's new - AnaLM flag: `--analm` global option threaded through adapter system to HMA/ai-trust ## Bug fixes - Fix `scan secure .` routing (no longer errors with "secure does not exist") - Fix `check` error showing `hackmyagent` instead of `opena2a` for unrecognized targets	Medium	4/13/2026
v0.8.21	Picks up hackmyagent 0.17.1 (unified scoring, analyzer gating, FP reduction) and ai-trust 0.2.24 (default local scan, error status display).	Medium	4/12/2026
v0.8.19	Bump MIN_HMA_VERSION to 0.15.7 for unified publish endpoint support	High	4/9/2026
v0.8.18	## What's New - Unified publish endpoint: Scan results now POST to `/api/v1/trust/publish` - Legacy `/api/v1/trust/scan-report` used as fallback on 404 - Fix: `check express` now works (bumped HMA dep to ^0.15.7) - Fix: `train --help` no longer tries Docker delegation - Fix: removed erroneous 'check' from publish defaultArgs	Medium	4/9/2026
v0.8.16	## What's New - Runtime HMA version check: Warns when installed hackmyagent is below minimum required version (0.15.6) - Prevents confusing errors when using GitHub repo scanning with old HMA - GitHub target routing from feat/github-check now included	High	4/9/2026
v0.8.15	## opena2a-cli v0.8.15 ### Fixes - `runtime bogus` now shows descriptive subcommand list (matches guard/shield) - `publish --ci` no longer errors with "unknown option '--ci'" - Removed blind `--ci` injection into adapter subprocesses (broke tools that don't support it)	Medium	4/3/2026
v0.8.14	## opena2a-cli v0.8.14 ### Fixes - Forward `--format` and `--ci` flags to adapter subprocesses (scan, check, secrets, broker, etc.) - `opena2a scan --json` now produces JSON output (previously silently ignored) - Guard and runtime no-args now show descriptive subcommand lists	Medium	4/3/2026
v0.8.13	## opena2a-cli v0.8.13 ### Fixes - guard: Accept directory as positional arg (e.g. `opena2a guard .`) defaults to `status` subcommand - shield: Show subcommand list when run with no args instead of cryptic error - runtime: Same fix -- show subcommand help on no args - --json: Added as global flag (shorthand for `--format json`) works on all commands - identity verify: Fix crash with aim-core 0.1.2 (`unexpected type, use Uint8Array`) - All commands with subcommands now show f	Medium	4/3/2026
v0.8.12	Add READMEs for shared/contribute, sync npm READMEs	Medium	3/25/2026
v0.8.10	### Review Dashboard Overhaul - Real HMA scan — no more hardcoded score of 70; runs actual `hackmyagent secure` - Deduplicated findings — HMA: 103K rows → 30 unique checks with occurrence counts; Credentials: 515 → 7 grouped types - Risk education — amber "Why this matters" text on each HMA finding, 4-section strategic remediation guide - Merged Integrity into Hygiene — 7 tabs → 6 (Overview, HMA, Credentials, Shadow AI, Shield, Hygiene) - Dynamic trust score — formula shows a	Low	3/21/2026
v0.8.9	## Trust command fixes - Scan data now displays correctly (status, findings, last scanned date) - Supply chain vulnerability breakdown shown (was "Dependencies: undefined") - Weekly download counts displayed when available - Alternate source fallback: tries npm, pypi, github before giving up - Search fallback: shows 5 similar packages when package not found in registry	Low	3/20/2026
v0.8.8	Added @opena2a/contribute shared community trust contribution client. Fixed contribute endpoint to use api.oa2a.org.	Low	3/19/2026
v0.8.0	## OAuth Device Flow Login New commands for browser-based authentication with AIM servers: - `opena2a login` - Authenticate via browser (OAuth Device Authorization Grant, RFC 8628) - `opena2a logout` - Remove stored credentials - `opena2a whoami` - Show authentication status After login, all identity commands automatically use stored tokens -- no more `--api-key` needed. ### How it works ``` opena2a login # opens browser, shows code XXXX-XXXX	Low	3/18/2026
v0.7.2	### UX Fix - Changed 'no identity' to 'project not registered' -- the identity is about the project, not the agent	Low	3/15/2026
v0.7.1	### Bug Fix - `mcp audit` -- Fixed trust score endpoint. Was querying `/api/v1/packages/{name}` (404), now queries `/api/v1/trust/query?name={name}&type=mcp_server` (200). MCP servers now show real trust scores from the registry.	Low	3/15/2026
v0.7.0	## Registry Enrichment & Shared Library Consolidation ### New Features - `opena2a detect --registry` -- Enriches detected MCP servers with community trust scores from the live OpenA2A Registry. Shows trust data inline (e.g., `stripe Trust: 50/100`). Opt-in, 5-second timeout, graceful degradation. ### Infrastructure - Community scan-report endpoint live -- `POST /api/v1/trust/scan-report` accepts scan results from all CLI tools. Rate limited (100 req/min), anonymous, no auth required.	Low	3/15/2026
v0.6.3	## Shadow AI Detection & Identity Fixes ### New Features - `opena2a detect` — Shadow AI agent audit with governance scoring (0-100) - `--report` — HTML executive report for enterprise audiences - `--export-csv` — Asset inventory export for CMDB/ServiceNow with hostname, username, timestamp - Shadow AI tab in `opena2a review` (Phase 6 of 6) - 20+ AI agent/LLM detection patterns (Claude Code, Cursor, Copilot, Windsurf, Ollama, LM Studio, etc.) - Claude plugin MCP server discovery	Low	3/15/2026
v0.5.12	## Changes - Trust score now displays as percentage (e.g., `50%` instead of `0.5`) - Package type shows human-friendly labels (`MCP Server` instead of `mcp_server`) - Uses `displayType` from API when available, with local fallback mapping	Low	3/14/2026
v0.5.11	## opena2a-cli v0.5.11 ### Full aim-core Identity Coverage & Cross-Tool Integration Identity commands (12 subcommands): - `list`, `create`, `trust`, `audit`, `log`, `policy`, `check`, `sign`, `verify` - `attach` — connect security tools to AIM identity with selective enablement (`--tools`) - `detach` — disconnect tools and clear trust hints - `sync` — refresh trust hints and import new tool events Cross-tool integration: - Event bridges: Shield, ARP, HMA, ConfigGuard, Secretless event	Low	3/13/2026
v0.5.8	## Fixed - `claim` command now defaults source to 'npm' before registry lookup, matching `trust` behavior. Previously `claim express` failed with "No trust profile found" while `trust express` succeeded. - `trust --verbose` now shows request URL, response time (ms), agent ID, source, and version. Previously `--verbose` produced identical output to the default view.	Low	3/12/2026
v0.5.7	## Changes since v0.5.6 - Add help text examples for trust and claim commands - Add GitHub URL auto-parsing (https://github.com/org/repo auto-detects --source github) - Add verbose output on error paths (registry URL, request path, full error) - List valid --source values in help text	Low	3/12/2026
v0.5.6	## Changes since v0.3.3 - Add `trust` command for agent trust profile lookup - Add `claim` command for agent ownership verification - Ed25519 keypair generation and local key storage - --json flag alias on trust/claim commands - Source validation, empty input handling - Improved error messages with actionable next steps - Demo GIF updates with JetBrains Mono font	Low	3/12/2026
v0.3.3	## What's New `opena2a protect` is now a single command to fix all auto-fixable findings. After `opena2a init` diagnoses your project, run `opena2a protect` to fix everything in one step. ### New: Unified Fix-Everything Flow ```bash opena2a init # Diagnose (read-only) opena2a protect # Fix everything fixable opena2a init # Re-assess -- watch your score improve ``` ### What `protect` now fixes - Credentials -- Detect, vault, and replace hardcoded secrets with env var refere	Low	3/4/2026
v0.3.1	## What's New 17 bug fixes from a deep QA review covering security, correctness, and UX improvements across the CLI. ### Highlights - Review dashboard redesign: Score breakdown now uses structured explainers instead of generic stat cards - Natural language input fix: `opena2a find secrets` and `opena2a detect credentials` now work without shell quotes - Project-scoped Shield events: Events stored in `.opena2a/shield/` per-project instead of global `~/.opena2a/` - **Security fi	Low	3/3/2026
v0.1.2	DRIFT-002: AWS access key liveness verification with Bedrock drift detection. Manual SigV4 signing, no AWS SDK. 325 tests, 18 new for DRIFT-002.	Low	3/2/2026

Dependencies & License Audit

Loading dependencies...

Similar Packages

better-notion-mcpMarkdown-first MCP server for Notion API - composite tools optimized for AI agentsv2.34.4

cortex-hubSelf-hosted AI Agent Memory + Code Intelligence Platform — one MCP endpoint for persistent memory, AST-aware code search, shared knowledge, and quality enforcement across all your AI coding agents.v0.7.0

sqltools_mcp🔌 Access multiple databases seamlessly with SQLTools MCP, a versatile service supporting MySQL, PostgreSQL, SQL Server, DM8, and SQLite without multiple servers.main@2026-06-07

opentabsBrowser automation clicks buttons. OpenTabs calls APIs.main@2026-06-06

mcp-videoVideo editing MCP server for AI agents. 83 tools, 858 tests collected, 3 interfaces. Works with Claude Code, Cursor, and any MCP client. Local, fast, free.v1.5.1

More in MCP Servers

node9-proxyThe Execution Security Layer for the Agentic Era. Providing deterministic "Sudo" governance and audit logs for autonomous AI agents.

mcp-compressorAn MCP server wrapper for reducing tokens consumed by MCP tools.

claude-plugins-officialOfficial, Anthropic-managed directory of high quality Claude Code Plugins.

langchain4jLangChain4j is an open-source Java library that simplifies the integration of LLMs into Java applications through a unified API, providing access to popular LLMs and vector databases. It makes impleme