Show HN: Scan your AI agents for dangerous capabilities
这条记录涉及编程工具或代码能力更新,适合开发者评估工作流变化和可复用价值。
TopicRadar 摘要: MakerChecker 是一个开源安全层,旨在扫描并保障 AI 代理的行为。它通过默认拒绝、人工审批和加密签名的审计追踪,确保代理只能执行被授权的操作,并且无法批准自己的工作。该
The open-source security layer for AI agents.
Deny-by-default enforcement, human approvals, and a cryptographically signed audit trail — so your agent runs only what it's granted and provably can't approve its own work.
Website · Live Demo · mc scan · Docs
Your agents keep running in their existing framework (LangChain, Claude SDK, CrewAI). MakerChecker sits in front of every tool call as a checkpoint and behind it as a signed ledger: an agent acts only through a role, runs only the skills it was granted, cannot exceed its limits, and cannot approve its own work.
🚀 Quick Start
1 — Scan your code
Find what your agent can already do on its own, classified by risk. No install, nothing leaves your machine:
npx @makerchecker/scan .
It flags every consequential action — deleting data, moving money, running shell commands, exfiltrating secrets — names each against the real incident it resembles, and can write the governance code for you with --fix. → packages/scan
2 — Guarantee its behavior
Import the controls and wrap any tool. The agent can now only run what its role was granted — a call it isn't allowed is denied before it executes:
npm i @makerchecker/embedded
import { createGovernor , GovernanceDeniedError } from "@makerchecker/embedded" ;
const gov = createGovernor ( ) . defineSkill ( "place-order@1" , { riskTier : "high" } ) . defineRole ( "agent" ) . defineRole ( "risk-desk" ) . grant ( "risk-desk" , "place-order@1" ) // the agent is NOT granted it — deny by default . defineAgent ( "trader" , "agent" ) ;
// Wrap your tool once. Now the agent structurally can't fire it. const placeOrder = gov . governedTool ( "trader" , "place-order@1" , ( order ) => broker . submit ( order ) ) ;
try { await placeOrder ( { symbol : "BTC" , qty : 10 } ) ; } catch ( err ) { if ( err instanceof GovernanceDeniedError ) console . log ( err . code ) ; // "skill_not_granted" }
High-risk skills go to a separate role, so an agent can never approve its own work — and every decision, allowed or denied, commits to a signed audit log. → packages/embedded
3 — Working with auditors?
Step 2 already writes a signed log. When auditors need a durable, queryable, tamper-evident record — plus a human-approval inbox and a review console — run the self-hosted server:
docker compose up
Every decision is Ed25519-signed and hash-chained: change any row and verification breaks. Export a bundle and anyone verifies it offline — no database, no trust in the process that produced it. → full server setup below
These are three independent packages — mc scan , @makerchecker/embedded , and the server — that enforce the same controls and write the same signed audit format. Adopt any one on its own.
🔬 Governed Use Cases
Runnable examples of agents doing consequential work behind a human gate: