Pick your stack. Watch its blast radius.
A real, pre-computed scan of a public agent framework — watch it map every place untrusted input could reach a real action.
A developer runs pip install. The framework is now inside their agent — with all the power it ships with.
We trace every path where untrusted input — a web page, an email, a doc — could reach a real action: the exec calls, the sends, the system writes.
We count what one compromised agent could actually do. That number is the blast radius.
▸ Below is that scan, replayed on a real public framework. Pick one and watch.
Replaying a real pre-computed scan of a public framework. We never run your private code — the real scan is a local CLI + a human.
This was a replay of a pre-computed scan on a public, open-source repo — on a pinned commit. Your real scan is run by a human on our local CLI, never in your browser and never on this page. We under-report by design: we only count what we can prove reachable.
Don’t See
Your Stack?
Drop any public GitHub repo. A human runs the real scan on our local CLI, maps its blast radius, and adds it to the board — then emails you the report.



