━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
AcidTest
Scan before you install.
AcidTest is an open source security scanner for AI agent tools. It detects prompt injection, undeclared permissions, credential harvesting, and obfuscated payloads using 48 detection patterns and entropy analysis. Four layers of static analysis. Runs entirely offline—nothing leaves your machine.
$ npm install -g acidtest
$ npx acidtest demo
AgentSkills —
Scan SKILL.md files for prompt injection, permission
mismatches, and obfuscated code.
MCP Servers —
Auto-detect and audit mcp.json, server.json, and
package.json configurations.
CI/CD Ready —
GitHub Actions templates and pre-commit hooks for
automated scanning.
Agents Auditing Agents —
Run AcidTest as an MCP server. Let Claude scan tools
before installing them.