Agentic Radar
@splx-ai
A security scanner for your LLM agentic workflows
Overview
What is Agentic Radar?
Agentic Radar is a security scanner designed to analyze and assess agentic workflows for security and operational insights. It helps developers, researchers, and security professionals understand how agentic systems function and identify potential vulnerabilities.
How to use Agentic Radar?
Install via pip, then use the scan or test commands. For example: agentic-radar scan langgraph -i path/to/folder -o report.html or agentic-radar test openai-agents "path/to/example.py". The test command requires OPENAI_API_KEY or AZURE_OPENAI_API_KEY set as an environment variable.
Key features of Agentic Radar
- Scans agentic codebases for workflow visualization and tool identification
- Detects MCP servers used by agents in the system
- Maps detected tools to known vulnerabilities (OWASP LLM Top 10, OWASP Agentic AI)
- Supports prompt hardening to improve system prompts automatically
- Includes runtime testing for prompt injection, PII leakage, harmful content, and fake news
- Generates a comprehensive HTML report for easy reviewing and sharing
- Provides a CI/CD workflow example for GitHub Actions integration
Use cases of Agentic Radar
- Security auditing of multi-agent applications before deployment
- Identifying and mitigating prompt injection vulnerabilities in agentic workflows
- Generating shareable security reports for compliance or team review
- Understanding the tool landscape and MCP server dependencies of an agent system
FAQ from Agentic Radar
What frameworks does Agentic Radar support?
Scan supports LangGraph, CrewAI, n8n, OpenAI Agents, and Autogen. Test currently supports OpenAI Agents. Prompt hardening supports OpenAI Agents, CrewAI, and Autogen.
Are there any prerequisites to use Agentic Radar?
Just Python (pip) installed on your machine. Some features like runtime testing require OPENAI_API_KEY set as an environment variable.
How does the runtime testing work?
The tool injects itself into the provided agentic workflow, launches it with simulated adversarial inputs (e.g., for prompt injection), and evaluates results using an oracle LLM based on success conditions aligned with OWASP LLM Top 10.
Can I customize the tests for vulnerabilities?
Yes, you can provide a YAML file with custom test names, inputs, and success conditions using the --config option.
Where does Agentic Radar store data?
Agentic Radar runs locally on your machine. Scans and tests process your code and agent workflows in-place; reports are generated as HTML files that you can save and share. No data is sent to external servers except API calls to OpenAI when using features that require an API key.
Tags
More from Reasoning
n8n - Secure Workflow Automation for Technical Teams
n8n-io
AWorld: Advancing Agentic AI
inclusionAI
n8n Workflow Builder MCP Server
makafeli
Code Reasoning MCP Server
mettamatt
n8n Workflow Builder MCP Server
salacoste