Agentcheck – Check what an AI agent can access before you run it

Gallery

About

Hey HN! I've just open-sourced agentcheck, a fast, read-only CLI tool that scans your shell and reports what an AI agent could access: cloud IAM credentials, API keys, Kubernetes contexts, local tools, and more.Main features:- Broad coverage: scans AWS, GCP, Azure, 100+ API key environment variables and credential files, Kubernetes, Docker, SSH keys, Terraform configs, and .env files- Severity levels: every finding is tagged LOW, MODERATE, HIGH, or CRITICAL so you know what actually matters- CI/CD integration: run agentcheck --ci to fail a pipeline if findings exceed a configurable threshold, with JSON and Markdown output for automation- Configurable: extend it with your own env vars, credential files, and CLI tool checks via a config fileWhen you hand a shell to an AI agent, it inherits everything in that environment: cloud credentials, API keys, SSH keys, kubectl contexts. That's often more access than you'd consciously grant, and it’s hard to keep track of what permissions your user account actually has. Agentcheck makes that surface area visible before you run the agent.It’s a single Go binary, no dependencies. Install with Homebrew:brew install Pringled/tap/agentcheckCode: github.com/Pringled/agentcheckLet me know if you have any feedback!