A2A Security Scanner
Scan Agent-to-Agent (A2A) protocol implementations for security threats and vulnerabilities.
The A2A Security Scanner provides comprehensive security analysis for Agent-to-Agent protocol implementations. It combines static analysis, runtime monitoring, and AI-powered semantic detection to identify security threats across the A2A protocol stack.
View on GitHub | PyPI Package | Join Discord
Key Features
- Multiple Specialized Analyzers -- YARA rules, spec validation, heuristics, LLM-powered detection, and endpoint testing
- Multiple Threat Categories -- Complete coverage of A2A threat taxonomy
- REST API -- Easy integration into CI/CD pipelines and applications
- CLI Tools -- Command-line interface for manual security audits
- Agent Card Validation -- A2A protocol compliance checking
Installation
Prerequisites: Python 3.11+, uv (recommended), LLM Provider API Key (optional)
# Install as a CLI tool
uv tool install --python 3.13 cisco-ai-a2a-scanner
# Or install from source
uv tool install --python 3.13 --from git+https://github.com/cisco-ai-defense/a2a-scanner cisco-ai-a2a-scanner
# Verify installation
a2a-scanner list-analyzers
For local development:
git clone https://github.com/cisco-ai-defense/a2a-scanner.git
cd a2a-scanner
uv sync
source .venv/bin/activate
As a dependency in other projects:
uv add cisco-ai-a2a-scanner
from a2ascanner import Scanner, Config
from a2ascanner.core.models import ThreatSeverity
Quick Start
Scan an Agent Card
a2a-scanner scan-card examples/sample_agent_cards/unsafe_agent.json
# Scan with specific analyzers
a2a-scanner scan-card agent.json --analyzers yara,spec
# JSON output
a2a-scanner scan-card agent.json --output results.json
Scan Source Code
a2a-scanner scan-directory /path/to/agent/code
a2a-scanner scan-file agent.py
a2a-scanner scan-directory ./agents --pattern "**/*.py"
Scan Live Agent Endpoint
a2a-scanner scan-endpoint https://agent.example.com/api
a2a-scanner scan-endpoint https://agent.example.com/api --bearer-token "$TOKEN"
CLI Commands
| Command | Description |
|---|---|
scan-card | Scan an agent card JSON file |
scan-file | Scan a single source code file |
scan-directory | Scan a directory of files |
scan-endpoint | Scan a live agent endpoint |
scan-registry | Scan agents from a registry |
list-analyzers | List available analyzers |
Common options:
--dev # Development mode (allows localhost, skips SSL)
--debug # Enable debug logging
--analyzers yara,spec,heuristic,llm,endpoint
--output results.json # JSON output
--verbose # Detailed output
--bearer-token TOKEN # Bearer token for endpoints
Threat Detection
1. YARA Rules
Static pattern matching for detecting malicious patterns in agent cards, including agent impersonation, prompt injection, capability abuse, data exfiltration, routing manipulation, and tool poisoning attacks.
2. Spec Analyzer
Validates A2A protocol compliance: required field validation, data type checking, URL format validation, skill structure verification, and capability validation.
3. Heuristic Analyzer
Logic-based detection: suspicious URL patterns, cloud metadata access, command execution patterns, and credential harvesting indicators.
4. LLM Analyzer
AI-powered semantic analysis: intent classification, context grounding, subtle manipulation detection, and anomaly detection.
5. Endpoint Analyzer
Dynamic security testing of running A2A agent endpoints:
| Issue | Severity | Description |
|---|---|---|
| Endpoint unreachable | HIGH | Agent endpoint is not responding |
| Insecure HTTP | HIGH | Endpoint uses HTTP instead of HTTPS |
| Missing agent card | MEDIUM | No agent card found at standard locations |
| URL mismatch | MEDIUM | Agent card URL doesn't match endpoint URL |
| Missing security headers | MEDIUM | Missing X-Content-Type-Options, X-Frame-Options, or HSTS |
| No health endpoint | LOW | Missing /health or /healthz monitoring endpoint |
API Server
a2a-scanner-api
a2a-scanner-api --host 0.0.0.0 --port 8080
a2a-scanner-api --reload
| Endpoint | Description |
|---|---|
POST /scan/agent-card | Scan an agent card JSON |
POST /scan/source-code | Scan source code |
POST /scan/endpoint | Scan a live agent endpoint |
POST /scan/full | Full scan (all methods) |
GET /health | Health check |
Development Mode
a2a-scanner --dev scan-endpoint http://localhost:8000
a2a-scanner --dev --debug scan-endpoint http://localhost:9999
Configuration
# LLM Analyzer Configuration
export A2A_SCANNER_LLM_PROVIDER=azure
export A2A_SCANNER_LLM_API_KEY=your-key
export A2A_SCANNER_LLM_MODEL=gpt-4
export A2A_SCANNER_LLM_BASE_URL=https://your-instance.openai.azure.com
export A2A_SCANNER_LLM_API_VERSION=2025-01-01-preview
# API Server Configuration
export A2A_SCANNER_API_HOST=0.0.0.0
export A2A_SCANNER_API_PORT=8000
Documentation
| Guide | Description |
|---|---|
| Architecture | System architecture |
| Analyzer Guide | Analyzer implementation guide |
| Usage Guide | Comprehensive usage guide |
| Testing Guide | Testing documentation |
| A2A Threats Taxonomy | A2A threat taxonomy reference |
| Scanner Placement Guide | Scanner placement strategies |
| Dev Mode Guide | Development mode documentation |
| Contributing | Contribution guidelines |
Related Projects
- A2A Protocol -- Official A2A specification
- A2A Samples -- Example agent implementations
License
Apache 2.0 -- See LICENSE for details.