skillpack.co
All solutions

Tencent AI-Infra-Guard

active

Most comprehensive OSS AI red teaming tool. 3,264 stars. Full-stack: ClawScan, Agent Scan, Skills Scan, MCP scan, jailbreak eval. 43 AI framework components, 589 CVEs cataloged. v4.0 released.

Score 81
Tencent AI-Infra-Guard in action

Where it wins

3,264 stars — highest in agent security sub-category

Full-stack: ClawScan, Agent Scan, Skills Scan, MCP scan, jailbreak eval

43 AI framework components and 589 CVEs cataloged

Fully open source — no commercial dependencies

v4.0 released — actively developed

Where to be skeptical

Enterprise trust signals mostly from Chinese tech ecosystem — Western adoption still building

Breadth may come at cost of depth vs specialized tools like Snyk Agent Scan

Editorial verdict

#2 agent/MCP security scanner. Most comprehensive OSS red teaming tool — ClawScan, Agent Scan, Skills Scan, MCP scan, jailbreak eval. 3,264 stars (highest in agent security). 43 AI framework components, 589 CVEs cataloged. Best for OSS-first teams wanting breadth without commercial dependencies.

Related

Security

#04of 10

Most comprehensive OSS AI red teaming — full-stack scanning without commercial dependencies

CodeQL (via GitHub MCP Server)

88

GitHub-native SAST via CodeQL, accessible through the official GitHub MCP Server. Copilot Autofix generates fixes from CodeQL alerts. GitHub Security Lab Taskflow Agent found ~30 real CVEs. Zero extra setup for GitHub users.

TruffleHog

88

18K+ stars. 800+ secret types. Unique credential verification — confirms if leaked creds are still active. Scans S3, Docker, Slack — not just git. No official MCP but community integrations exist.

Gitleaks

88

24.4K stars — most-starred secret scanner. 150+ patterns. Fastest pre-commit scanner. The community default for pre-commit secret detection. No official MCP.

HexStrike AI

80

Dominant offensive security MCP repo. 7,561 stars — largest security MCP repo period. 150+ cybersecurity tools via MCP. Autonomous pentesting, vulnerability discovery, bug bounty automation.

Public evidence

Raw GitHub source

GitHub README peek

Constrained peek so you can sanity-check the source material without leaving the site.

<p align="center"> <h1 align="center"><img vertical-align="middle" width="400px" src="https://raw.githubusercontent.com/Tencent/AI-Infra-Guard/main/img/logo-full-new.png" alt="A.I.G"/></h1> </p> <p align="center"> <a href="https://tencent.github.io/AI-Infra-Guard/">📖 Documentation</a> &nbsp;|&nbsp; 🌐 <a href="./readme/README_ZH.md">🇨🇳 中文</a> · <a href="./readme/README_JA.md">🇯🇵 日本語</a> · <a href="./readme/README_ES.md">🇪🇸 Español</a> · <a href="./readme/README_DE.md">🇩🇪 Deutsch</a> · <a href="./readme/README_FR.md">🇫🇷 Français</a> · <a href="./readme/README_KR.md">🇰🇷 한국어</a> · <a href="./readme/README_PT.md">🇧🇷 Português</a> · <a href="./readme/README_RU.md">🇷🇺 Русский</a> </p> <p align="center"> <a href="https://github.com/tencent/AI-Infra-Guard/stargazers"> </a> <a href="https://github.com/Tencent/AI-Infra-Guard"> </a> <a href="https://github.com/Tencent/AI-Infra-Guard"> </a> <a href="https://github.com/Tencent/AI-Infra-Guard"> </a> <a href="https://deepwiki.com/Tencent/AI-Infra-Guard"> <img src="https://deepwiki.com/badge.svg" alt="Ask DeepWiki"> </a> </p> <p align="center"> <a href="https://clawhub.ai/aigsec/edgeone-clawscan" target="_blank"> </a> <a href="https://clawhub.ai/aigsec/edgeone-skill-scanner" target="_blank"> </a> <a href="https://clawhub.ai/aigsec/aig-scanner" target="_blank"> </a> </p> <p align="center"> <a href="https://trendshift.io/repositories/13637" target="_blank"><picture><source media="(prefers-color-scheme: dark)" srcset="https://trendshift.io/api/badge/repositories/13637"><source media="(prefers-color-scheme: light)" srcset="https://trendshift.io/api/badge/repositories/13637"><img src="https://trendshift.io/api/badge/repositories/13637" alt="Tencent%2FAI-Infra-Guard | Trendshift" width="250" height="55"/></picture></a>&nbsp; <a href="https://www.blackhat.com/eu-25/arsenal/schedule/index.html#aigai-infra-guard-48381" target="_blank"><img src="https://raw.githubusercontent.com/Tencent/AI-Infra-Guard/main/img/blackhat.png" alt="Tencent%2FAI-Infra-Guard | blackhat" width="175" height="55"/></a>&nbsp; <a href="https://github.com/deepseek-ai/awesome-deepseek-integration" target="_blank"><img src="https://raw.githubusercontent.com/Tencent/AI-Infra-Guard/main/img/awesome-deepseek.png" alt="Tencent%2FAI-Infra-Guard | awesome-deepseek-integration" width="273" height="55"/></a> </p> <br> <p align="center"> <h2 align="center">🚀 AI Red Teaming Platform by Tencent Zhuque Lab</h2> </p>

A.I.G (AI-Infra-Guard) integrates capabilities such as ClawScan(OpenClaw Security Scan), Agent Scan,AI infra vulnerability scan, MCP Server & Agent Skills scan, and Jailbreak Evaluation, aiming to provide users with the most comprehensive, intelligent, and user-friendly solution for AI security risk self-examination.

<p> We are committed to making A.I.G(AI-Infra-Guard) the industry-leading AI red teaming platform. More stars help this project reach a wider audience, attracting more developers to contribute, which accelerates iteration and improvement. Your star is crucial to us! </p> <p align="center"> <a href="https://github.com/Tencent/AI-Infra-Guard"> </a> </p> <br>

🚀 What's New

  • 2026-06-08 · v4.1.12 — Fingerprint library expanded: 39 new AI Web fingerprints added, 18 existing fingerprints enhanced.
  • 2026-06-04 · v4.1.11 — New trusted-by endorsements: Wuhan University and Unicom Digital Tech.
  • 2026-05-28 · v4.1.10 — Coverage expanded to 68 AI components (added junoclaw, lollms, sglang); 600+ new CVE rules; WebSocket agent provider support for Agent Scan.
  • 2026-05-21 · v4.1.9 — Prompt Security: 26 new attack operators (20 single-turn + 6 multi-turn); scanning agents hardened against indirect prompt injection.
  • 2026-05-14 · v4.1.8 — Coverage expanded to 64 AI components (6 new: InstructLab, LMDeploy, SuperAGI, Pipecat, Paperclip, QnABot); vuln database deduplicated and cleaned.
  • 2026-04-23 · v4.1.6 — Coverage expanded to 58 AI components (added FastGPT, Upsonic); vuln database refreshed across 7 components.
  • 2026-04-23 · v4.1.5 — Detects exposed AI agent config files (13 paths); manual update for jailbreak datasets and vuln databases.
  • 2026-04-17 · v4.1.4 — HTTPS model endpoints with self-signed certificates now supported.
  • 2026-04-09 · v4.1.3 — Coverage expanded to 55 AI components; added crewai, kubeai, lobehub.
  • 2026-04-03 · v4.1.2 — Three new skills on ClawHub (edgeone-clawscan, edgeone-skill-scanner, aig-scanner) + manual task stop.
  • 2026-03-25 · v4.1.1 — ☠️ Detects LiteLLM supply chain attack (CRITICAL); added Blinko & New-API coverage.
  • 2026-03-23 · v4.1 — OpenClaw vulnerability database expanded with 281 new CVE/GHSA entries.
  • 2026-03-10 · v4.0 — Launched EdgeOne ClawScan (OpenClaw Security Scan) and Agent-Scan framework.

👉 CHANGELOG · 🩺 Try EdgeOne ClawScan

Table of Contents

  • 🚀 Quick Start
  • ✨ Features
  • 🖼️ Showcase
  • 📖 User Guide
  • 🔧 API Documentation
  • 🏗️ Architecture Evolution
  • 📝 Contribution Guide
  • 🛡️ About the Team
  • 🙏 Acknowledgements
  • 💬 Join the Community
  • 📖 Citation
  • 📚 Papers
  • ⚖️ License & Attribution <br><br>

🚀 Quick Start

Deployment with Docker
DockerRAMDisk Space
20.10 or higher4GB+10GB+
# This method pulls pre-built images from Docker Hub for a faster start
git clone https://github.com/Tencent/AI-Infra-Guard.git
cd AI-Infra-Guard
# For Docker Compose V2+, replace 'docker-compose' with 'docker compose'
docker-compose -f docker-compose.images.yml up -d

Once the service is running, you can access the A.I.G web interface at: http://localhost:8088 <br>

Use from OpenClaw

You can also call A.I.G directly from OpenClaw chat via the aig-scanner skill.

clawhub install aig-scanner

Then configure AIG_BASE_URL to point to your running A.I.G service.

For more details, see the aig-scanner README.

<details> <summary><strong>📦 More installation options</strong></summary>
Other Installation Methods

Method 2: One-Click Install Script (Recommended)

# This method will automatically install Docker and launch A.I.G with one command
curl https://raw.githubusercontent.com/Tencent/AI-Infra-Guard/refs/heads/main/docker.sh | bash

Method 3: Build and run from source

git clone https://github.com/Tencent/AI-Infra-Guard.git
cd AI-Infra-Guard
# This method builds a Docker image from local source code and starts the service
# (For Docker Compose V2+, replace 'docker-compose' with 'docker compose')
docker-compose up -d

Note: The AI-Infra-Guard project is positioned as an AI red teaming platform for internal use by enterprises or individuals. It currently lacks an authentication mechanism and should not be deployed on public networks.

For more information, see: https://tencent.github.io/AI-Infra-Guard/?menu=getting-started

View on GitHub →