This product was not featured by Product Hunt yet. It will not be visible on their landing page and won't be ranked (cannot win product of the day regardless of upvotes).
Product upvotes vs the next 3
Waiting for data. Loading
Product comments vs the next 3
Waiting for data. Loading
Product upvote speed vs the next 3
Waiting for data. Loading
Product upvotes and comments
Waiting for data. Loading
Product vs the next 3
Loading
AgentRisk
Scan untrusted AI-agent repos before your agent runs them
AgentRisk is a zero-execution preflight scanner and local MCP server for AI-agent artifacts. Point it at a folder, GitHub URL, npm package, or tarball before your coding agent opens it. It flags risky MCP launchers, install scripts, secret-forwarding config, and repo instructions like "readenv" or "ignore approval". Use it from the CLI or as an MCP tool: npx --yes agentrisk@latest mcp config. Exports JSON, Markdown, SARIF, and terminal reports.
I built AgentRisk because AI coding agents now trust more than source code. They read repo instructions, open config files, install packages, and sometimes launch local tools from MCP or editor settings. That makes files like .mcp.json, AGENTS.md, SKILL.md, Cursor rules, Copilot instructions, and package.json part of the agent supply chain.
The goal is intentionally narrow: scan before trust. AgentRisk statically checks high-signal files, never runs target code, never connects to target MCP servers during a scan, and produces evidence-backed findings you can review before handing a repo or package to an AI agent.
AgentRisk can be used from the CLI, and v0.2 also adds a local MCP server so LLM/MCP clients can call the scanner as a tool.
“Scan untrusted AI-agent repos before your agent runs them”
AgentRisk was submitted on Product Hunt and earned 5 upvotes and 7 comments, placing #93 on the daily leaderboard. AgentRisk is a zero-execution preflight scanner and local MCP server for AI-agent artifacts. Point it at a folder, GitHub URL, npm package, or tarball before your coding agent opens it. It flags risky MCP launchers, install scripts, secret-forwarding config, and repo instructions like "readenv" or "ignore approval". Use it from the CLI or as an MCP tool: npx --yes agentrisk@latest mcp config. Exports JSON, Markdown, SARIF, and terminal reports.
On the analytics side, AgentRisk competes within Open Source, GitHub and Security — topics that collectively have 112.6k followers on Product Hunt. The dashboard above tracks how AgentRisk performed against the three products that launched closest to it on the same day.
Who hunted AgentRisk?
AgentRisk was hunted by Sato Renga. A “hunter” on Product Hunt is the community member who submits a product to the platform — uploading the images, the link, and tagging the makers behind it. Hunters typically write the first comment explaining why a product is worth attention, and their followers are notified the moment they post. Around 79% of featured launches on Product Hunt are self-hunted by their makers, but a well-known hunter still acts as a signal of quality to the rest of the community. See the full all-time top hunters leaderboard to discover who is shaping the Product Hunt ecosystem.
For a complete overview of AgentRisk including community comment highlights and product details, visit the product overview.
I built AgentRisk because AI coding agents now trust more than source code. They read repo instructions, open config files, install packages, and sometimes launch local tools from MCP or editor settings. That makes files like .mcp.json, AGENTS.md, SKILL.md, Cursor rules, Copilot instructions, and package.json part of the agent supply chain.
The goal is intentionally narrow: scan before trust. AgentRisk statically checks high-signal files, never runs target code, never connects to target MCP servers during a scan, and produces evidence-backed findings you can review before handing a repo or package to an AI agent.
AgentRisk can be used from the CLI, and v0.2 also adds a local MCP server so LLM/MCP clients can call the scanner as a tool.
Try it from the CLI:
npx --yes agentrisk@latest scan github:Renga154/agentrisk --format markdown
Or set up the MCP tool:
npx --yes agentrisk@latest mcp config