aegis scan results for 39 AI agent repositories.
Scanned 0 Python files.
Last updated: April 2026.
36 out of 39 scanned repositories have zero governance on their AI tool calls.
0 out of 39 have any form of selection governance (detecting what agents choose NOT to show).
Combined: 2,555 ungoverned tool calls across 35,616 Python files.
| Repository | Stars | Files | Findings | Grade | Categories |
|---|
aegis scan performs static AST analysis on Python files. It detects tool calls, LLM API invocations,
subprocess executions, and MCP tool definitions that lack a governance wrapper (policy check, guardrail, or approval gate).
Each finding is mapped to the OWASP Top 10 for Agentic Applications. A governance wrapper does not mean the code is vulnerable — it means there is no automated policy enforcement at that call site.
Selection governance check: We also verified whether each framework implements any form of selection-by-negation detection, option filtering audit, or commit-reveal protocol. None do.
Scanner source:
aegis/cli/scan.py.
Results are reproducible — clone the repo and run aegis scan ..
Find ungoverned AI tool calls in your codebase.