Introduction

Quickstart in 3 Steps

1. Install the CLI globally.
2. Run a scan against your target.
3. Review the terminal summary and output artifacts.

cargo install agentprey --lockedagentprey --helpagentprey scan --helpagentprey init

agentprey scan   --target http://127.0.0.1:8787/chat   --category prompt-injection   --json-out ./scan.json   --html-out ./scan.html

What AgentPrey Is

agentprey is a developer-first security scanner for AI agents. It runs targeted prompt-injection vectors against your HTTP endpoint or local OpenClaw project, analyzes responses, and returns actionable findings with confidence, severity, and OWASP mappings.

What It Does

• Runs real attack vectors from YAML against HTTP targets and local OpenClaw project paths.
• Surfaces vulnerable, resistant, and error outcomes per vector.
• Writes JSON and HTML artifacts for CI, triage, and sharing.
• Supports plain output and --ui tui terminal mode.
• Can upload completed scans and return public share links when cloud upload is enabled.
• Supports retries, backoff, rate limits, and bounded concurrency.
• Defaults to response redaction for safer artifact handling.

Who It Is For

• Security engineers building repeatable AI red-team checks.
• AI developers hardening agent prompts, tools, and orchestration.
• DevSecOps teams adding security gates before deploy.

Next Steps

Start with Installation, then run the repo flow in Quickstart.

Current Limitations

• No live web scanning from the Vercel site. The web app hosts docs, checkout/recovery flows, replays, and share pages.
• No browser dashboard or fuller web auth/product loop yet. Cloud support is upload plus public-by-link reports.
• No MCP adapter is shipped today.
• No telemetry is sent by default when --upload is omitted.