KYA™ · Know Your Agent

Agent Trust Registry

Public registry of preliminary KYA™ signals for source-visible agent projects.
Scores support due diligence and capability controls. They are not final security certifications.

30
Agents tracked
30
Preliminary scans
2371
Findings flagged
1096
CVEs detected
Static analysis + OSV.dev CVE scan + NVIDIA Llama 70B audit · Questions? [email protected]
Tiers
Sovereign ≥85
Partner ≥72
Node ≥58
Rejected <58
Blended score: 30% manual baseline + 70% live analysis
Audit Methodology

How we score agents

Every score in this registry is produced by a three-stage preliminary pipeline run against a prioritized sample of the agent's public source code — no installs, no clones, no marketing materials. We inspect capabilities, check dependencies, and run an independent AI review.

Scores are a blend of our manual safety baseline (30%) and the live analysis result (70%). The baseline captures things code can't show: organizational maturity, incident history, and published safety disclosures. The live analysis reflects what's actually in the codebase today.

On false positives. Static analysis is inherently noisy. A CLI tool using child_process looks the same as a malicious subprocess call. An agent that legitimately browses the web will flag network patterns. We surface these signals — we don't suppress them — because the operator needs to make that judgment for their context. Over time, our detection patterns improve as we build type-aware and context-aware rules. Treat scores as a starting point for due diligence, not a final verdict.

01

Static code analysis

Pattern-based scan across a prioritized source sample fetched via GitHub API — no disk writes, no execution. We flag capabilities such as shell execution, code evaluation, and network access for review. A capability signal is not, by itself, a confirmed vulnerability.

02

Dependency CVE scan

We parse package.json and requirements.txt files without installing anything. Each dependency is queried against OSV.dev — Google's open vulnerability database — using their batch API. CVSS ≥7.0 is flagged as High, 4.0–7.0 as Medium. We also flag unpinned version ranges (^, ~, *) as supply chain risk.

03

AI-powered semantic audit

Source files are passed to a large language model (Llama 3.1 70B via NVIDIA NIM) with a structured security prompt. The model looks for issues static patterns miss: unsafe prompt construction, missing input validation on tool calls, context leakage between sessions, and missing human-in-the-loop checkpoints. This stage catches behavioral risks, not just syntactic ones.

04

Score composition

Five dimensions are scored: Framework (design-level guardrails), Code Health (quality and safety of implementation), Tool Permissions (blast radius of tool access), Prompt Safety (injection resistance), and Loop Safety (termination guarantees). These combine into a raw score, which is then blended with our manual baseline. Scores are re-run periodically as frameworks evolve.

Code Source Available
79
Claude Code
Anthropic
Partner Preliminary scan Jul 14, 2026 Static refresh · AI findings preserved
H:2 M:2 I:79
Prompt SafetyTool Abuse Risk
Top finding ████████████████████████████████████ — classified
20/26 prioritized files · c9181ca
General Open Source
78
UI-TARS
ByteDance
Partner Preliminary scan Jul 14, 2026 Static refresh · AI findings preserved
H:1 M:2 I:6
Prompt SafetyTool Abuse Risk
Top finding ████████████████████████████████████ — classified
4/5 prioritized files · 582f3a7
General Open Source
77
ZeroClaw
ZeroClaw Labs
Partner Preliminary scan Jul 14, 2026 Static refresh · AI findings preserved
H:1 M:2 I:44
Prompt SafetyTool Abuse Risk
Top finding ████████████████████████████████████ — classified
26 deps scanned via OSV.dev
58/61 prioritized files · 1f8ab7b
General Open Source
76
LangChain Agent
LangChain Inc.
Partner Preliminary scan Jul 14, 2026 Static refresh · AI findings preserved
H:1 M:2 I:2
Prompt Safety
Top finding ████████████████████████████████████ — classified
60/2536 prioritized files · d260c52
Multi-Agent Open Source
76
LangGraph
LangChain Inc.
Partner Preliminary scan Jul 14, 2026 Static refresh · AI findings preserved
H:1 M:2 I:5
Prompt SafetyTool Abuse Risk
Top finding ████████████████████████████████████ — classified
20 deps scanned via OSV.dev
60/462 prioritized files · b96f617
General Open Source
74
OpenClaw
OpenClaw Labs
Partner Preliminary scan Jul 14, 2026 Static refresh · AI findings preserved
H:2 M:2 I:1
Prompt SafetyTool Abuse Risk
Top finding ████████████████████████████████████ — classified
60 deps scanned via OSV.dev
60/19753 prioritized files · b93f4bb
General Open Source
72
PicoClaw
Sipeed
Partner Preliminary scan Jul 14, 2026 Static refresh · AI findings preserved
H:2 M:2 I:5
Prompt SafetyTool Abuse Risk
Top finding ████████████████████████████████████ — classified
50 deps scanned via OSV.dev
60/64 prioritized files · 85dcfcc
Multi-Agent Open Source
70
CrewAI
CrewAI Inc.
Node Preliminary scan Jul 14, 2026 Static refresh · AI findings preserved
H:2 M:2 I:35
Prompt SafetyTool Abuse Risk
Top finding ████████████████████████████████████ — classified
60/1277 prioritized files · 0e5d0ec
Multi-Agent Open Source
69
AutoGen
Microsoft Research
Node Preliminary scan Jul 14, 2026 Static refresh · AI findings preserved
H:2 M:3 I:9 CVE:1
Dependency VulnerabilityPrompt SafetyTool Abuse Risk
Top finding ████████████████████████████████████ — classified
38 deps scanned via OSV.dev
60/593 prioritized files · 027ecf0
General Open Source
63
Moltis
Moltis Org
Node Preliminary scan Jul 14, 2026 Static refresh · AI findings preserved
M:16 I:27 CVE:14
Dependency VulnerabilityPrompt SafetyTool Abuse Risk
23 deps scanned via OSV.dev
60/272 prioritized files · 025e057
General Open Source
62
PydanticAI
Pydantic
Node Preliminary scan Jul 14, 2026 Static refresh · AI findings preserved
H:4 M:3 I:5
Loop SafetyPrompt SafetyTool Abuse Risk
Top finding ████████████████████████████████████ — classified
56/570 prioritized files · e4adbef
Multi-Agent Open Source
62
OpenAI Swarm
OpenAI
Node Preliminary scan Jul 14, 2026 Static refresh · AI findings preserved
H:4 M:3 I:4
Loop SafetyPrompt SafetyTool Abuse Risk
Top finding ████████████████████████████████████ — classified
55/63 prioritized files · 6af0b4c
General Open Source
60
UI-TARS Desktop
ByteDance
Node Preliminary scan Jul 14, 2026 Static refresh · AI findings preserved
H:1 M:166 I:63 CVE:164
Dependency VulnerabilityPrompt SafetyTool Abuse Risk
Top finding ████████████████████████████████████ — classified
376 deps scanned via OSV.dev
60/1252 prioritized files · c2ad42e
Multi-Agent Open Source
59
Paperclip
PaperclipAI
Node Preliminary scan Jul 14, 2026 Static refresh · AI findings preserved
H:1 M:18 I:43 CVE:16
Dependency VulnerabilityPrompt SafetyTool Abuse Risk
Top finding ████████████████████████████████████ — classified
105 deps scanned via OSV.dev
60/2025 prioritized files · cfa5e07
General Open Source
58
LlamaIndex
LlamaIndex Inc.
Node Preliminary scan Jul 14, 2026 Static refresh · AI findings preserved
H:1 M:18 I:2 CVE:16
Dependency VulnerabilityTool Abuse RiskPrompt Safety
Top finding ████████████████████████████████████ — classified
17 deps scanned via OSV.dev
60/3950 prioritized files · 67514f6
General Open Source
58
IronClaw
Near AI
Node Preliminary scan Jul 14, 2026 Static refresh · AI findings preserved
H:2 M:20 I:170 CVE:18
Dependency VulnerabilityPrompt SafetyTool Abuse Risk
Top finding ████████████████████████████████████ — classified
30 deps scanned via OSV.dev
27/459 prioritized files · b0b268d
Research Open Source
57
Dexter
virattt
Rejected Preliminary scan Jul 14, 2026 Static refresh · AI findings preserved
H:3 M:7 I:13 CVE:5
Loop SafetyDependency VulnerabilityPrompt SafetyTool Abuse Risk
Top finding ████████████████████████████████████ — classified
35 deps scanned via OSV.dev
60/217 prioritized files · 823052e
General Open Source
55
Mastra
Mastra AI
Rejected Preliminary scan Jul 14, 2026 Static refresh · AI findings preserved
H:2 M:57 I:52 CVE:55
Dependency VulnerabilityPrompt SafetyTool Abuse Risk
Top finding ████████████████████████████████████ — classified
166 deps scanned via OSV.dev
60/7340 prioritized files · 5ccc2d5
Code Open Source
55
OpenHands
All Hands AI
Rejected Preliminary scan Jul 14, 2026 Static refresh · AI findings preserved
H:3 M:9 I:7 CVE:5
Loop SafetyDependency VulnerabilityPrompt SafetyTool Abuse Risk
Top finding ████████████████████████████████████ — classified
97 deps scanned via OSV.dev
60/1443 prioritized files · a55f1de
General Open Source
55
Cherry Studio
CherryHQ
Rejected Preliminary scan Jul 14, 2026 Static refresh · AI findings preserved
H:2 M:37 I:10 CVE:35
Dependency VulnerabilityPrompt SafetyTool Abuse Risk
Top finding ████████████████████████████████████ — classified
406 deps scanned via OSV.dev
60/3373 prioritized files · 30a184a
General Open Source
54
OpenFang
RightNow AI
Rejected Preliminary scan Jul 14, 2026 Static refresh · AI findings preserved
H:2 M:23 I:393 CVE:21
Dependency VulnerabilityPrompt SafetyTool Abuse Risk
Top finding ████████████████████████████████████ — classified
9 deps scanned via OSV.dev
36/39 prioritized files · acf2587
General Open Source
52
smolagents
Hugging Face
Rejected Preliminary scan Jul 14, 2026 Static refresh · AI findings preserved
H:2 M:157 I:36 CVE:155
Loop SafetyDependency VulnerabilityPrompt SafetyTool Abuse Risk
Top finding ████████████████████████████████████ — classified
26 deps scanned via OSV.dev
27/77 prioritized files · e3a5b89
General Open Source
52
Hermes Agent
NousResearch
Rejected Preliminary scan Jul 14, 2026 Static refresh · AI findings preserved
H:2 M:25 I:23 CVE:23
Dependency VulnerabilityPrompt SafetyTool Abuse Risk
Top finding ████████████████████████████████████ — classified
179 deps scanned via OSV.dev
36/3897 prioritized files · 7e84d2b
General Open Source
51
Semantic Kernel
Microsoft
Rejected Preliminary scan Jul 14, 2026 Static refresh · AI findings preserved
H:3 M:79 I:11 CVE:78
Loop SafetyDependency VulnerabilityPrompt SafetyTool Abuse Risk
Top finding ████████████████████████████████████ — classified
35 deps scanned via OSV.dev
60/1268 prioritized files · c781da1
General Open Source
51
AutoGPT
Significant Gravitas
Rejected Preliminary scan Jul 14, 2026 Static refresh · AI findings preserved
H:2 M:13 I:21 CVE:11
Dependency VulnerabilityPrompt SafetyTool Abuse Risk
Top finding ████████████████████████████████████ — classified
151 deps scanned via OSV.dev
20/2099 prioritized files · 4573029
General Open Source
49
Strands Agents
AWS / Strands
Rejected Preliminary scan Jul 14, 2026 Static refresh · AI findings preserved
H:4 M:6 I:24 CVE:4
Loop SafetyDependency VulnerabilityPrompt SafetyTool Abuse Risk
Top finding ████████████████████████████████████ — classified
125 deps scanned via OSV.dev
60/1268 prioritized files · beddc3f
General Open Source
48
Agno
Agno (ex-Phidata)
Rejected Preliminary scan Jul 14, 2026 Static refresh · AI findings preserved
H:2 M:333 I:2 CVE:328
Dependency VulnerabilityPrompt SafetyTool Abuse Risk
Top finding ████████████████████████████████████ — classified
348 deps scanned via OSV.dev
60/4206 prioritized files · 9153a17
Multi-Agent Open Source
47
MetaGPT
FoundationAgents
Rejected Preliminary scan Jul 14, 2026 Static refresh · AI findings preserved
H:3 M:110 I:13 CVE:108
Loop SafetyDependency VulnerabilityPrompt SafetyTool Abuse Risk
Top finding ████████████████████████████████████ — classified
97 deps scanned via OSV.dev
60/919 prioritized files · 11cdf46
Multi-Agent Open Source
47
Agency Swarm
VRSEN
Rejected Preliminary scan Jul 14, 2026 Static refresh · AI findings preserved
H:2 M:23 I:12 CVE:21
Loop SafetyDependency VulnerabilityTool Abuse Risk
Top finding ████████████████████████████████████ — classified
22 deps scanned via OSV.dev
60/326 prioritized files · 4fb6452
General Open Source
40
Nanobot
HKUDS
Rejected Preliminary scan Jul 14, 2026 Static refresh · AI findings preserved
H:4 M:20 I:29 CVE:18
Loop SafetyDependency VulnerabilityTool Abuse RiskPrompt Safety
Top finding ████████████████████████████████████ — classified
46 deps scanned via OSV.dev
29/561 prioritized files · 0fd4d0a

Apply for a KYA™ evaluation.

Approved capabilities depend on your agent, operator, jurisdiction, cohort, and licensed infrastructure partners. A preliminary registry score does not guarantee financial access.

Get Quick Sell token