📦
Opena2a CLI
Unified CLI for the OpenA2A security platform
0 installs
Trust: 42 — Fair
Agents
Ask AI about Opena2a CLI
Powered by Claude · Grounded in docs
I know everything about Opena2a CLI. Ask me about installation, configuration, usage, or troubleshooting.
0/500
Loading tools...
Reviews
Documentation
OpenA2A: CLI · HackMyAgent · Secretless · AIM · Browser Guard · DVAA
opena2a
Open-source security platform for AI agents. Installed as opena2a-cli on npm.
npx opena2a-cli review
OpenA2A Security Review v0.8.21
Findings
-----------------------------------------------
Credential scan 3 hardcoded keys
Shadow AI 2 agents, 4 MCP servers
Config integrity unsigned
Governance no SOUL.md
-----------------------------------------------
Security Score 30 / 100 -> 85 by running opena2a protect
Run: opena2a protect (fix all findings)
Install globally if you prefer:
npm install -g opena2a-cli
brew tap opena2a-org/tap && brew install opena2a
Built-in Help
You do not need this README. The CLI has built-in discovery:
opena2a ? # Contextual recommendations for your project
opena2a ~shadow ai # Semantic search across all commands
opena2a "find leaked credentials" # Natural language command matching
opena2a # Interactive guided wizard (no args)
Commands
| Command | What it does |
|---|---|
opena2a review | Full security dashboard — HTML report, 6-phase assessment |
opena2a detect | Find shadow AI agents, MCP servers, AI configs. Governance score. |
opena2a protect | Fix everything — credentials, .gitignore, config signing |
opena2a init | Read-only security assessment with trust score |
opena2a identity create | Cryptographic identity for your project |
opena2a harden-soul | Generate SOUL.md governance rules |
opena2a scan | 238 security checks via HackMyAgent |
opena2a shield init | Full security setup — all of the above, one command |
Full command reference: opena2a.org/docs
Ecosystem
Each command routes to a specialized tool, installed on first use:
| Command | Tool | Description |
|---|---|---|
detect | Shadow AI | Discover AI agents, MCP servers, AI configs |
identity | AIM | Cryptographic identity, audit logs, trust scoring |
scan | HackMyAgent | 238 security checks, 164 attack payloads, auto-fix |
scan-soul | SOUL Scanner | 72 governance controls, 9 domains, 6 profiles |
harden-skill | Skill Hardener | Frontmatter validation, permission scoping, integrity pinning |
secrets | Secretless AI | Credential management for AI coding tools |
mcp | MCP Security | Audit, sign, and verify MCP server configurations |
benchmark | OASB | 222 attack scenarios, compliance scoring |
train | DVAA | Vulnerable AI agent for security training |
create | Skill Scaffolding | Secure skill templates with signing and heartbeat |
guard harden | HackMyAgent | Scan skills for hardening issues, auto-fix |
Use Cases
- Developer using AI coding tools — 5 minutes
- Security team assessing AI risk — 10 minutes
- MCP server author — 15 minutes
- CI/CD pipeline integration
Docs
Full command reference, Shield subcommands, scope drift detection, behavioral governance, credential patterns, and CI/CD examples: opena2a.org/docs
Requirements
- Node.js >= 18
- Optional: Docker (for
opena2a train)
License
Apache-2.0