MCPcopy Index your code
hub / github.com/Tencent/AI-Infra-Guard

github.com/Tencent/AI-Infra-Guard @v4.1.15 sqlite

repository ↗ · DeepWiki ↗ · release v4.1.15 ↗
8,109 symbols 26,786 edges 625 files 1,432 documented · 18%
README
<h1 align="center"><img vertical-align="middle" width="400px" src="https://github.com/Tencent/AI-Infra-Guard/raw/v4.1.15/img/logo-full-new.png" alt="A.I.G"/></h1>

📖 Documentation  |  🌐 🇨🇳 中文 · 🇯🇵 日本語 · 🇪🇸 Español · 🇩🇪 Deutsch · 🇫🇷 Français · 🇰🇷 한국어 · 🇧🇷 Português · 🇷🇺 Русский

<a href="https://github.com/tencent/AI-Infra-Guard/stargazers">
  <img src="https://img.shields.io/github/stars/tencent/AI-Infra-Guard?style=social" alt="GitHub stars">
</a>
<a href="https://github.com/Tencent/AI-Infra-Guard">
    <img alt="GitHub downloads" src="https://img.shields.io/github/downloads/Tencent/AI-Infra-Guard/total">
</a>
<a href="https://github.com/Tencent/AI-Infra-Guard">
    <img alt="docker pulls" src="https://img.shields.io/docker/pulls/zhuquelab/aig-server.svg?color=gold">
</a>
<a href="https://github.com/Tencent/AI-Infra-Guard">
    <img alt="Release" src="https://img.shields.io/github/v/release/Tencent/AI-Infra-Guard?color=green">
</a>
<a href="https://deepwiki.com/Tencent/AI-Infra-Guard">
   <img src="https://deepwiki.com/badge.svg" alt="Ask DeepWiki">
</a>






<a href="https://clawhub.ai/aigsec/edgeone-clawscan" target="_blank">
   <img src="https://img.shields.io/badge/ClawHub-EdgeOne%20ClawScan-a870dc" alt="EdgeOne ClawScan">
</a>
<a href="https://clawhub.ai/aigsec/edgeone-skill-scanner" target="_blank">
   <img src="https://img.shields.io/badge/ClawHub-EdgeOne%20Skill%20Scanner-2ea44f" alt="EdgeOne Skill Scanner">
</a>
<a href="https://clawhub.ai/aigsec/aig-scanner" target="_blank">
   <img src="https://img.shields.io/badge/ClawHub-AIG%20Scanner-e6a817" alt="AIG Scanner">
</a>

Tencent%2FAI-Infra-Guard | Trendshift

  Tencent%2FAI-Infra-Guard | blackhat  Tencent%2FAI-Infra-Guard | awesome-deepseek-integration

<h2 align="center">🚀 AI Red Teaming Platform by Tencent Zhuque Lab</h2>

A.I.G (AI-Infra-Guard) integrates capabilities such as ClawScan(OpenClaw Security Scan), Agent Scan,AI infra vulnerability scan, MCP Server & Agent Skills scan, and Jailbreak Evaluation, aiming to provide users with the most comprehensive, intelligent, and user-friendly solution for AI security risk self-examination.

We are committed to making A.I.G(AI-Infra-Guard) the industry-leading AI red teaming platform. More stars help this project reach a wider audience, attracting more developers to contribute, which accelerates iteration and improvement. Your star is crucial to us!

Give us a Star

📋 User Feedback Survey

Help us improve A.I.G! Please take 3-5 minutes to fill out our User Feedback Survey. Users who provide high-quality feedback and leave a valid email address will receive an exclusive Tencent souvenir gift.

🚀 What's New

  • 2026-06-18 · v4.1.14 — Prompt Security: 9 new single-turn jailbreak operators; new aig-agent-redteam skill for comprehensive Agent red-team assessment.
  • 2026-06-11 · v4.1.13 — New version check API endpoint; security scoring switched to absolute deduction model for clearer risk assessment.
  • 2026-06-08 · v4.1.12 — Fingerprint library expanded: 39 new AI Web fingerprints added, 18 existing fingerprints enhanced.
  • 2026-05-28 · v4.1.10 — Coverage expanded to 68 AI components (added junoclaw, lollms, sglang); 600+ new CVE rules; WebSocket agent provider support for Agent Scan.
  • 2026-05-21 · v4.1.9 — Prompt Security: 26 new attack operators (20 single-turn + 6 multi-turn); scanning agents hardened against indirect prompt injection.
  • 2026-05-14 · v4.1.8 — Coverage expanded to 64 AI components (6 new: InstructLab, LMDeploy, SuperAGI, Pipecat, Paperclip, QnABot); vuln database deduplicated and cleaned.
  • 2026-04-23 · v4.1.6 — Coverage expanded to 58 AI components (added FastGPT, Upsonic); vuln database refreshed across 7 components.
  • 2026-04-23 · v4.1.5 — Detects exposed AI agent config files (13 paths); manual update for jailbreak datasets and vuln databases.
  • 2026-04-17 · v4.1.4 — HTTPS model endpoints with self-signed certificates now supported.
  • 2026-04-09 · v4.1.3 — Coverage expanded to 55 AI components; added crewai, kubeai, lobehub.
  • 2026-04-03 · v4.1.2 — Three new skills on ClawHub (edgeone-clawscan, edgeone-skill-scanner, aig-scanner) + manual task stop.
  • 2026-03-25 · v4.1.1 — ☠️ Detects LiteLLM supply chain attack (CRITICAL); added Blinko & New-API coverage.
  • 2026-03-23 · v4.1 — OpenClaw vulnerability database expanded with 281 new CVE/GHSA entries.
  • 2026-03-10 · v4.0 — Launched EdgeOne ClawScan (OpenClaw Security Scan) and Agent-Scan framework.

👉 CHANGELOG · 🩺 Try EdgeOne ClawScan

Table of Contents

🚀 Quick Start

Deployment with Docker

Docker RAM Disk Space
20.10 or higher 4GB+ 10GB+
# This method pulls pre-built images from Docker Hub for a faster start
git clone https://github.com/Tencent/AI-Infra-Guard.git
cd AI-Infra-Guard
# For Docker Compose V2+, replace 'docker-compose' with 'docker compose'
docker-compose -f docker-compose.images.yml up -d

Once the service is running, you can access the A.I.G web interface at: http://localhost:8088

Use from OpenClaw

You can also call A.I.G directly from OpenClaw chat via the aig-scanner skill.

clawhub install aig-scanner

Then configure AIG_BASE_URL to point to your running A.I.G service.

For more details, see the aig-scanner README.

📦 More installation options

Other Installation Methods

Method 2: One-Click Install Script (Recommended)

# This method will automatically install Docker and launch A.I.G with one command
curl https://raw.githubusercontent.com/Tencent/AI-Infra-Guard/refs/heads/main/docker.sh | bash

Method 3: Build and run from source

git clone https://github.com/Tencent/AI-Infra-Guard.git
cd AI-Infra-Guard
# This method builds a Docker image from local source code and starts the service
# (For Docker Compose V2+, replace 'docker-compose' with 'docker compose')
docker-compose up -d

Note: The AI-Infra-Guard project is positioned as an AI red teaming platform for internal use by enterprises or individuals. It currently lacks an authentication mechanism and should not be deployed on public networks.

For more information, see: https://tencent.github.io/AI-Infra-Guard/?menu=getting-started

Try the Online Pro Version

Experience the Pro version with advanced features and improved performance. The Pro version requires an invitation code and is prioritized for contributors who have submitted issues, pull requests, or discussions, or actively help grow the community. Visit: https://aigsec.ai/.

✨ Features

Feature More Info
ClawScan(OpenClaw Security Scan) Supports one-click evaluation of OpenClaw security risks. It detects insecure configurations, Skill risks, CVE vulnerabilities, and privacy leakage.
Agent Scan This is an independent, multi-agent automated scanning framework. It is designed to evaluate the security of AI agent workflows. It seamlessly supports agents running across various platforms, including Dify and Coze.
MCP Server & Agent Skills scan It thoroughly detects 14 major categories of security risks. The detection applies to both MCP Servers and Agent Skills. It flexibly supports scanning from both source code and remote URLs.
AI infra vulnerability scan This scanner precisely identifies over 100 AI framework components. It covers more than 1600 known CVE vulnerabilities. Supported frameworks include Ollama, ComfyUI, vLLM, n8n, Triton Inference Server and more.
Jailbreak Evaluation It assesses prompt security risks using carefully curated datasets. The evaluation applies multiple attack methods to test robustness. It also provides detailed cross-model comparison capabilities.

💎 Additional Benefits

  • 🖥️ Modern Web Interface: User-friendly UI with one-click scanning and real-time progress tracking
  • 🔌 Complete API: Full interface documentation and Swagger specifications for easy integration
  • 🤖 Agent-Ready: Plug-and-play agent skills on ClawHub — EdgeOne ClawScan, EdgeOne Skill Scanner, and AIG Scanner — seamlessly embed security scanning into any AI agent workflow
  • 🌐 Multi-Language: Chinese and English interfaces with localized documentation
  • 🐳 Cross-Platform: Linux, macOS, and Windows support with Docker-based deployment
  • 🆓 Free & Open Source: Completely free under the Apache 2.0 license

🖼️ Showcase

A.I.G Main Interface

A.I.G Main Page

Plugin Management

Plugin Management

🗺️ Quick Usage Guide

After deployment, open http://localhost:8088 in your browser.

AI Infrastructure Vulnerability Scan

What to enter as the target URL / IP?

The target is the network address of a running AI service you want to scan - not a GitHub URL or source code path. A.I.G connects to the live service and fingerprints it for known CVE vulnerabilities.

Scenario Example target
A locally running vLLM instance http://127.0.0.1:8000
An Ollama server on your LAN http://192.168.1.100:11434
A ComfyUI instance exposed internally http://10.0.0.5:8188
Multiple hosts (one per line) 192.168.1.0/24 (CIDR), 10.0.0.1-10.0.0.20 (range)

Step-by-step: Scan a local vLLM instance

  1. Start vLLM normally (e.g. python -m vllm.entrypoints.api_server --model meta-llama/...)
  2. In the A.I.G web UI, click "AI基础设施安全扫描 / AI Infra Scan"
  3. Enter http://127.0.0.1:8000 (or the IP/port where vLLM is listening)
  4. Click Start Scan - A.I.G will fingerprint the service and match it against 1600+ known CVEs
  5. View the report: component version, matched vulnerabilities, severity, and remediation links

💡 Tip: To scan the nightly build of vLLM specifically, just run that nightly build and point A.I.G at its address. The scanner detects the version automatically.

MCP Server & Agent Skills Scan

Enter either a remote URL (e.g. https://github.com/user/mcp-server) or upload a local source archive - no running instance required.

Jailbreak Evaluation

Configure the target LLM's API endpoint (base URL + API key) in Settings → Model Config, then select a dataset and start the evaluation.


📖 User Guide

Visit our online documentation: [https://tencent.github.io/AI-Infra-Guard/](https://te

Extension points exported contracts — how you extend this code

Exp (Interface)
Exp 定义了表达式接口 所有表达式类型都需要实现 Name() 方法 [4 implementers]
common/fingerprints/parser/synax.go
TaskInterface (Interface)
(no doc) [4 implementers]
common/agent/tasks.go
Result (Interface)
Result defines an interface for result output 定义了结果输出的接口
common/runner/result.go
AIModel (Interface)
(no doc) [1 implementers]
common/utils/models/openai.go
Agent (Interface)
(no doc)
internal/mcp/utils/utils.go
FingerPrintFunc (Interface)
FingerPrintFunc 指纹识别接口 实现此接口可以添加自定义的指纹识别逻辑 [1 implementers]
common/fingerprints/preload/preload.go
ResultCallback (FuncType)
ResultCallback 任务结果回调函数类型
common/agent/tasks.go
ActionLogCallback (FuncType)
ActionLogCallback 插件日志回调函数类型
common/agent/tasks.go

Core symbols most depended-on inside this repo

get
called by 582
common/websocket/static/assets/main-BAY6OusZ.js
n
called by 515
common/websocket/static/assets/main-BAY6OusZ.js
push
called by 451
common/websocket/static/assets/main-BAY6OusZ.js
e
called by 437
common/websocket/static/assets/main-BAY6OusZ.js
l
called by 367
common/websocket/static/assets/main-BAY6OusZ.js
replace
called by 335
common/websocket/static/assets/main-BAY6OusZ.js
register
called by 329
common/agent/agent.go
slice
called by 327
common/websocket/static/assets/main-BAY6OusZ.js

Shape

Function 4,853
Method 2,459
Class 576
Struct 202
FuncType 7
Interface 6
TypeAlias 6

Languages

TypeScript60%
Python27%
Go12%

Modules by API surface

common/websocket/static/assets/main-BAY6OusZ.js4,889 symbols
internal/gologger/types.go75 symbols
agent-scan/core/agent_adapter/adapter.py47 symbols
common/websocket/task_manager.go44 symbols
pkg/database/database_test.go39 symbols
common/websocket/knowledge2_api.go35 symbols
pkg/database/task.go34 symbols
common/websocket/task.go31 symbols
common/agent/types.go31 symbols
AIG-PromptSecurity/deepteam/plugin_system/plugin_manager.py29 symbols
AIG-PromptSecurity/cli/aig_logger.py28 symbols
common/agent/agent.go26 symbols

Dependencies from manifests, versioned

filippo.io/edwards25519v1.1.0 · 1×
github.com/KyleBanks/depthv1.2.1 · 1×
github.com/Mzack9999/gcachev0.0.0-2023041008182 · 1×
github.com/Mzack9999/go-http-digest-auth-clientv0.6.1-0.20220414142 · 1×
github.com/PuerkitoBio/purellv1.1.1 · 1×
github.com/PuerkitoBio/urlescv0.0.0-2017081014372 · 1×
github.com/akrylysov/pogrebv0.10.1 · 1×
github.com/andybalholm/brotliv1.1.0 · 1×
github.com/andybalholm/cascadiav1.3.2 · 1×
github.com/asaskevich/govalidatorv0.0.0-2023030114320 · 1×

Datastores touched

productionDatabase · 1 repos

For agents

$ claude mcp add AI-Infra-Guard \
  -- python -m otcore.mcp_server <graph>

⬇ download graph artifact