Try it

Pre-release Some features are still in development and will be available soon.

Documentation

Static Analyzer for
Agent Reliability

Trustabl scans any AI agent repo - Claude SDK, OpenAI Agents SDK, or Google ADK - and reports reliability and safety weaknesses before they reach production.
Read the Docs →
View on GitHub
A few of the checks Trustabl runs
CSDK-003
Claude
Network call has no timeout
MCP-010
MCP
Tool registration shells out
OAI-012
OpenAI
Tool body spawns a subprocess
ADK-008
ADK
BashTool missing metacharacter blocking
CSDK-002
Claude
Tool parameters not type-annotated
MCP-008
MCP
SSRF / caller-controlled URL
OAI-003
OpenAI
Tool sets strict_mode=False
CSDK-110
Claude
Subagent granted the built-in Bash tool
ADK-101
ADK
LlmAgent has no description
OAI-106
OpenAI
Agent wires MCP servers without guardrails
MCP-004
MCP
MCP tool network call has no timeout
CSDK-004
Claude
Path used in I/O without validation
OAI-201
OpenAI
Project uses default OpenAI tracing
CSDK-003
Claude
Network call has no timeout
MCP-010
MCP
Tool registration shells out
OAI-012
OpenAI
Tool body spawns a subprocess
ADK-008
ADK
BashTool missing metacharacter blocking
CSDK-002
Claude
Tool parameters not type-annotated
MCP-008
MCP
SSRF / caller-controlled URL
OAI-003
OpenAI
Tool sets strict_mode=False
CSDK-110
Claude
Subagent granted the built-in Bash tool
ADK-101
ADK
LlmAgent has no description
OAI-106
OpenAI
Agent wires MCP servers without guardrails
MCP-004
MCP
MCP tool network call has no timeout
CSDK-004
Claude
Path used in I/O without validation
OAI-201
OpenAI
Project uses default OpenAI tracing
CSDK-101
Claude
Claude subagent granted the Bash tool
OAI-013
OpenAI
eval/exec/compile on dynamic input
MCP-001
MCP
MCP tool has no description
ADK-102
ADK
Agent with BashTool has no before_tool_callback
CSDK-006
Claude
Mutating tool has no idempotency key
MCP-014
MCP
MCP tool uses eval / new Function
OAI-102
OpenAI
tool_use_behavior="stop_on_first_tool"
ADK-003
ADK
Network call has no timeout
CSDK-001
Claude
Tool has no description
MCP-005
MCP
MCP tool path used without validation
OAI-005
OpenAI
Network call has no timeout
ADK-104
ADK
Agent has no safety_settings
CSDK-102
Claude
Claude subagent granted the WebSearch tool
CSDK-101
Claude
Claude subagent granted the Bash tool
OAI-013
OpenAI
eval/exec/compile on dynamic input
MCP-001
MCP
MCP tool has no description
ADK-102
ADK
Agent with BashTool has no before_tool_callback
CSDK-006
Claude
Mutating tool has no idempotency key
MCP-014
MCP
MCP tool uses eval / new Function
OAI-102
OpenAI
tool_use_behavior="stop_on_first_tool"
ADK-003
ADK
Network call has no timeout
CSDK-001
Claude
Tool has no description
MCP-005
MCP
MCP tool path used without validation
OAI-005
OpenAI
Network call has no timeout
ADK-104
ADK
Agent has no safety_settings
CSDK-102
Claude
Claude subagent granted the WebSearch tool
Read-only
Never writes to your repo
Deterministic
Identical inputs, identical output
Py + TS
Languages analyzed
MCP
Servers, tools & plugins
SARIF
Plus JSON & terminal output
Coverage

Built for Every Major Agent SDK - and MCP

Trustabl audits the major agent SDKs and MCP servers. It is honest about its blind spots, emitting an explicit "unaudited SDK" finding rather than a falsely clean result.

Claude Agent SDK

Python
TypeScript
Tools, agents, and subagents - checked for reliability and safety across the SDK surface.
View rules →

OpenAI Agents SDK

Python
TypeScript
Tools, agents, and project-wide configuration - checked for reliability and safety.
View rules →

Google ADK

Python
JavaScript
Go
Java
Function tools and LlmAgents - checked for reliability and safety across all supported languages.
View rules →

MCP

TypeScript
Go
Rust
MCP server tool registrations and config files - audited by a dedicated MCP rule pack.
View rules →
Every rule is scoped to where the risk lives - tool, agent, subagent, or repo. See the full coverage matrix.
Use Cases

Built for the Full Agent Lifecycle

From CI gates to air-gapped offline environments - Trustabl fits every workflow without writing a single file to your repo.
CI / CD

Gate Agent Code in CI

Use exit codes as a contract: 0 = clean, 1 = findings >= medium, 2 = scanner error. The gate never flakes - identical commits always yield identical results.
GitHub

PR Annotations via SARIF

Emit SARIF 2.1.0 and upload with codeql-action/upload-sarif. Findings surface as inline PR annotations with stable fingerprints.
Security

Pre-Release Safety Audit

Catch shell-out tools missing human approval, network calls without timeouts, agents without guardrails, and project-wide bypassPermissions.
Baseline

Inventory Existing Codebases

Point Trustabl at an established repo to get a structured inventory of all agents, tools, guardrails, subagents, and MCP servers.
Supply Chain

Audit Third-Party Repos

Assess a dependency before adopting it. Scanning is read-only and works straight from a URL: trustabl scan https://github.com/org/their-agent-repo
Offline

Air-Gapped Environments

Pre-fetch rule packs with trustabl rules pull where you have connectivity. Then scan offline with --no-rules-update - no network access needed.
Rule Index

Detection Rules for Every Major Agent SDK

Every rule ships with a threat model, risk score, and confidence rating. The live rule index is always the complete, up-to-date source of truth.
ID Scope Policy Severity Risk
Showing a sample of the Claude SDK checks Full index →
Trustabl = Trustworthy + Reliable

Read the Docs. Secure Your Agents.

Read-only. Deterministic. Open source. Dive into the full documentation to get started.
Read the Docs →
View on GitHub