AGENTPREY

Getting Started

Quickstart

HTTP, OpenClaw, TUI, and upload/share flows.

Quickstart in 3 Steps

  1. Install the global CLI binary.
  2. Run either an HTTP scan or an OpenClaw local-path scan.
  3. Review local artifacts or the uploaded share link.

1) Install

bash
cargo install agentprey --lockedagentprey --helpagentprey scan --helpagentprey init

2) HTTP Scan

bash
agentprey scan   --target http://127.0.0.1:8787/chat   --category prompt-injection   --json-out ./scan.json   --html-out ./scan.html

3) Review Results

  • Check the terminal summary for vulnerable, resistant, and error counts.
  • Open scan.html for a human-readable report.
  • Use scan.json for CI parsing and automation.
  • If you used --upload, the CLI prints scan_run_id, share_id, and optional share_url.

Detailed Walkthrough

1) Start a Local Mock Target

bash
python3 scripts/mock_agent.py --mode vulnerable --port 8787

2) Inspect Available Vectors

bash
agentprey vectors list --category prompt-injection

3) Initialize Project Config + Auth Commands

bash
agentprey initagentprey auth activate --key <KEY>agentprey auth statusagentprey auth refreshagentprey vectors sync --pro

4) Run the HTTP Scanner

bash
agentprey scan --target http://127.0.0.1:8787/chat --category prompt-injection

5) Run an OpenClaw Local-Path Scan

bash
agentprey scan   --type openclaw   --target ./path/to/openclaw-project

6) Use TUI Mode

bash
agentprey scan   --target http://127.0.0.1:8787/chat   --category prompt-injection   --ui tui

7) Run From Config Defaults

bash
agentprey scan --config .agentprey.toml

8) Generate Output Artifacts

bash
agentprey scan --target http://127.0.0.1:8787/chat --category prompt-injection --json-out ./scan.json
bash
agentprey scan --target http://127.0.0.1:8787/chat --category prompt-injection --html-out ./scan.html

9) Upload And Share

bash
agentprey auth activate --key <KEY>agentprey vectors sync --proagentprey scan   --type openclaw   --target ./path/to/openclaw-project   --upload

Upload runs after the local scan completes. If the backend is configured with APP_BASE_URL, the CLI prints a share URL that resolves to /reports/<share_id>.

10) Tune Resilience Controls

bash
agentprey scan   --target http://127.0.0.1:8787/chat   --category prompt-injection   --retries 2   --retry-backoff-ms 250   --max-concurrent 2   --rate-limit-rps 10

11) Try a Resistant Target

bash
python3 scripts/mock_agent.py --mode resistant --port 8787agentprey scan --target http://127.0.0.1:8787/chat --category prompt-injection

Calibration Sanity Check

Vulnerable mode should trigger findings. Resistant mode should stay near-zero false positives.

bash
# vulnerable baselinepython3 scripts/mock_agent.py --mode vulnerable --port 8787agentprey scan --target http://127.0.0.1:8787/chat --category prompt-injection# resistant baselinepython3 scripts/mock_agent.py --mode resistant --port 8787agentprey scan --target http://127.0.0.1:8787/chat --category prompt-injection

Pro Activation

  1. Checkout from /pricing.
  2. Get your activation key from checkout success or email backup.
  3. Activate with agentprey auth activate --key <KEY>.
  4. Sync Pro vectors with agentprey vectors sync --pro.
  5. Run a Pro scan with the entitled vector bundle.
bash
agentprey auth activate --key <KEY>agentprey vectors sync --proagentprey scan   --type openclaw   --target ./path/to/openclaw-project   --upload

Troubleshooting

auth failed

Re-activate with the latest key, then refresh and verify local auth status.

bash
agentprey auth activate --key <KEY>agentprey auth refreshagentprey auth status

no vectors found

Verify the vectors directory and sync Pro vectors if you are on the Pro tier.

bash
agentprey vectors list --vectors-dir vectorsagentprey vectors sync --pro

connection refused

Start or fix the target service, then rerun scan against the correct endpoint.

bash
python3 scripts/mock_agent.py --mode vulnerable --port 8787agentprey scan --target http://127.0.0.1:8787/chat --category prompt-injection --html-out ./scan.html

Key Recovery

  1. Visit agentprey.com/recover.
  2. Enter your checkout email.
  3. If the email matches an account, AgentPrey will attempt to send a replacement key.
bash
agentprey auth activate --key <NEW_KEY>agentprey vectors sync --pro

← Previous

Installation

Next →

scan

AgentPrey docs are intentionally calmer than the marketing site. Product flair stays on the homepage.

QuickstartGitHub