inkog icon indicating copy to clipboard operation
inkog copied to clipboard

Published 1 month ago verified publisher icon inkog-io

Metadata

Logic static security scanner for AI agents. OWASP LLM Top 10, EU AI Act compliance.

Inkog

Static security scanner for AI agents
Catch infinite loops, token bombing, and prompt injection before deployment

License Go Report Card

Inkog Demo

Install (30 seconds)

curl -fsSL https://inkog.io/install.sh | sh

Other methods:

Method Command
Homebrew brew tap inkog-io/inkog && brew install inkog
Go go install github.com/inkog-io/inkog/cmd/inkog@latest
Binary Download from Releases

Quick Start

# Get your API key at https://app.inkog.io
export INKOG_API_KEY=sk_live_your_key_here

# Scan your agent code
inkog .

What It Detects

Comprehensive detection for:

  • OWASP LLM Top 10 — Prompt injection, insecure output handling, and more
  • OWASP Agentic Security — Tool misuse, identity spoofing, resource overload
  • EU AI Act — Article 12, 14, 15 compliance checks
  • Governance Violations — AGENTS.md manifest validation

View vulnerability patterns →

image

Supported Frameworks

Code-First: LangChain · LangGraph · CrewAI · AutoGen · OpenAI Agents · Semantic Kernel · LlamaIndex · Haystack · DSPy · Phidata · Smolagents · PydanticAI · Google ADK

No-Code: n8n · Flowise · Langflow · Dify · Microsoft Copilot Studio · Salesforce Agentforce

CI/CD Integration

- uses: inkog-io/inkog@v1
  with:
    api-key: ${{ secrets.INKOG_API_KEY }}
    sarif-upload: true

Full GitHub Action docs →

Policies

Filter findings by security policy:

# Low noise - only proven vulnerabilities
inkog . --policy low-noise

# Governance-focused (Article 14 controls)
inkog . --policy governance

# EU AI Act compliance
inkog . --policy eu-ai-act

Learn more about policies →

MCP Server (Claude, ChatGPT, Cursor)

Native integration for AI coding assistants. Scan agent code directly from Claude, ChatGPT, or Cursor.

npx -y @inkog-io/mcp

7 Security Tools:

  • inkog-scan - Vulnerability scanning
  • inkog-explain - Remediation guidance
  • inkog-governance - AGENTS.md verification
  • inkog-compliance - EU AI Act, NIST, OWASP reports
  • inkog-mlbom - ML Bill of Materials
  • inkog-mcp-audit - First tool to audit MCP servers for security before installation
  • inkog-a2a-audit - Multi-agent security - Detect infinite delegation loops, privilege escalation in CrewAI, Swarm, LangGraph

Multi-Agent Security (A2A): For topology analysis and agent delegation auditing, use the MCP server integration. Ask your AI assistant: "Audit my CrewAI agents for security issues" or "How many agents are in my LangGraph workflow?"

MCP Integration Docs → | A2A Security Tutorial →

Roadmap

Feature Status
IDE Extensions (VS Code) Planned
Python SDK Planned
JavaScript SDK Planned

Documentation

Contributing

See CONTRIBUTING.md

License

Apache 2.0 — See LICENSE

Metadata

27
Stars
10
Forks
27
Watchers

Owner

verified publisher icon inkog-io

Metadata

Logic static security scanner for AI agents. OWASP LLM Top 10, EU AI Act compliance.

Back