[Suggestion] Pre-install security scanning for CrewAI tools

[elliotllliu]

TL;DR

I built AgentShield, an open-source static security scanner for AI agent tools and skills. It catches backdoors, data exfiltration, prompt injection, and supply chain attacks before they reach your agents.

I think it's particularly relevant for CrewAI users because crews often pull in third-party tools — and a single malicious tool can compromise the entire crew's execution context.

Why This Matters for CrewAI

CrewAI agents execute tools with real system access — file I/O, HTTP requests, shell commands. When you install a community tool or custom skill, you're trusting that code with:

• Your API keys and environment variables
• File system access (SSH keys, configs, credentials)
• Network access (data exfiltration, C2 callbacks)
• The ability to influence other agents in the crew via prompt injection

There's currently no standard way to verify a tool before adding it to a crew.

What AgentShield Does

30 security rules, 100% offline, MIT licensed:

• Backdoor detection: eval(), exec(), dynamic code execution
• Data exfiltration: reads sensitive files + sends HTTP requests
• Prompt injection: 55+ patterns across 8 languages
• Python AST taint tracking: traces data flow through eval, pickle, subprocess, SQL queries
• Cross-file analysis: detects multi-step attack chains across files
• Supply chain: known CVE detection in dependencies

Quick scan

# Scan a tool before adding it to your crew
npx @elliotllliu/agent-shield scan ./my-crewai-tool/

# Scan from GitHub URL
npx @elliotllliu/agent-shield scan https://github.com/someone/crewai-tool

# CI gate: fail if score below 70
npx @elliotllliu/agent-shield scan ./tool/ --fail-under 70

Real-World Results

I scanned 493 Dify plugins as a benchmark — found 6 high-risk plugins with eval(), exec(), pipe-to-shell, and reverse shell patterns. These were published and installable by anyone. Full report.

Idea: Pre-Install Security Check for CrewAI Tools

It would be useful if CrewAI had a way to verify tools before they're added to a crew — either as a CLI command, a decorator, or a CI step. AgentShield could serve as the scanning engine for this.

Happy to discuss integration ideas or answer questions.

GitHub: https://github.com/elliotllliu/agent-shield

[Jairooh]

Pre-install scanning is a great first layer, but the harder problem is what happens after tools are loaded and agents start using them in production. An agent can use a perfectly safe tool in an unsafe way — chaining calls, passing sensitive data between tools, or using tools in contexts the developer never anticipated.

Runtime monitoring that watches how agents actually use tools (not just whether tools are safe in isolation) is the missing piece. We built this into AgentShield (useagentshield.com) — it tracks every tool call, scores risk based on context, and flags anomalous usage patterns in real-time.

Both layers (pre-install scanning + runtime monitoring) would make CrewAI significantly more secure.