π Estes β Securing the AI Agent Supply Chain
Live Demo: https://www.verylowcortisol.vip/
A pre-install auditor and runtime redaction wrapper that prevents credential leaks and tool-output poisoning in AI agent ecosystems (OpenClaw, Antigravity, Claude Code, watsonx Orchestrate-style systems).
π§ The Problem
Recent research (April 2026) auditing 17,022 public AI agent skills found:
3.1% leak real API keys, OAuth tokens, or passwords 73.5% of leaks come from leftover print() / console.log() debug statements Agent frameworks automatically inject stdout into LLM context windows
π Once secrets enter the context, they can be extracted with a simple follow-up promptβno hacking required.
This creates a silent supply-chain vulnerability affecting any team using third-party agent skills. Major platforms (e.g., enterprise orchestration systems) have already flagged this as a critical risk.
π What Estes Does
- π Pre-Install Auditor
Upload a .zip or GitHub repo β get a risk score in seconds.
Static scan: Regex + entropy detection for: API keys, OAuth tokens Wallet keys, SSH keys Cloud/database credentials AST analysis (Python): Tracks sensitive data (os.environ, wallet factories) Detects flows into print(), logs, or network calls
Output:
Severity-ranked findings Line-level explanations Fix suggestions JSON export β βDownload Fixedβ β auto-patched safe version + change log
- β‘ Runtime Redaction Wrapper
FastAPI middleware that sanitizes tool output before it reaches the LLM.
Sub-40ms latency Drop-in for agent frameworks Prevents secrets from ever entering context
- π Compliance & Audit Hooks
Every redaction creates a structured log:
Rule triggered Severity Skill affected Action taken
β Ready for enterprise governance and audit pipelines
π Architecture User β Agent Framework β Third-party skill β Tool output (stdout/result) β Estes Wrapper (FastAPI) β Detection β Redaction + Logging β Clean output β LLM context π§ͺ Demo Flow Open https://estesss.vercel.app Upload a repo or demo skill Watch real-time risk scoring (<2s) Inspect flagged leaks and fixes Download patched version Test runtime redaction in-browser βοΈ Tech Stack Backend: FastAPI Frontend: Vanilla JS + Tailwind Analysis Engine: Python AST + regex + entropy heuristics Runtime: Uvicorn middleware Deployment: Vercel (serverless Python) 𧩠Key Innovation No LLM dependency β fast, deterministic, privacy-safe Combines static + runtime protection (rare in current tools) Targets a new vulnerability class unique to agent systems Works across multiple agent frameworks πΊ Roadmap TypeScript / JS AST support CLI (estes scan, estes start) Policy-as-code + allowlists Chat βShieldβ before sharing/exporting conversations Enterprise governance integrations π― Who Itβs For Developers building with AI agents Teams using third-party skills/plugins Enterprises deploying agentic AI at scale π Built For
Hook βEm Hacks 2026 β Security in an AI-First World (IBM Track)
Log in or sign up for Devpost to join the conversation.