A fast, lightweight security scanner for MCP servers and AI agent skills with built-in vulnerability detection.
ramparts is easy to set up with strong trust signals. Check agent compatibility and use-case fit before adding it to your workflow.
gh repo view highflame-ai/ramparts --webOpen the official repository or website.
Check the README for package manager, auth, and platform requirements.
Try it in a small test task inside your agent workflow.
Ramparts scans MCP servers and AI agent skill files for security issues like prompt injection, tool poisoning, and secret leakage. It helps developers find vulnerabilities before they can be exploited by attackers.
Ramparts is a security scanner designed for the AI agent ecosystem. It scans two critical surfaces: MCP servers (which agents talk to over the network) and skill files (which agents load from disk). For MCP servers, it discovers tools, resources, and prompts, then audits them for prompt injection, tool poisoning, secret leakage, path traversal, command injection, cross-origin escalation, and supply-chain CVEs via OSV.dev. For skill scanning, it analyzes markdown/YAML skill files (including agentskills.io bundles) for the same threat model, plus name collisions, allowed-tools grants, and bundled scripts. Ramparts uses YARA rules, LLM analysis, and OWASP MCP Top 10 tagging. It supports multiple transports (HTTP, SSE, stdio, subprocess) and is written in Rust for performance.
Strong trust signals; still review the README and permissions before production use.
Last commit was about 2 days ago.
89 GitHub stars indicate community interest.
13 open issues signal maintenance load.
Apache-2.0 license detected.
Scanning MCP servers before integrating them into an AI agent workflow
Auditing AI agent skill files for malicious instructions or excessive permissions
Detecting prompt injection and tool poisoning in third-party MCP servers
Validating skill bundles from agentskills.io for security compliance
Continuous security monitoring of MCP endpoints in CI/CD pipelines
Ramparts itself does not send data externally; all scanning is local.
Scanning untrusted MCP servers may trigger their logging or alerting mechanisms.
Skill scanning reads files from disk; ensure you have permission to scan the target files.
89
Stars
18
Forks
13
Issues
Apache-2.0
License
A terminal dashboard to monitor AI coding agents like Claude Code and Codex CLI in real-time.
A bridge between Streamable HTTP and stdio MCP transports, enabling flexible MCP server connectivity.
A full-stack AI Red Teaming platform for securing AI ecosystems with comprehensive scanning and evaluation.
3 security/trust notes recorded.
Setup difficulty is 2/5.