Skip to content
OBLAIDISH NEWS
AgentX scan exposes hidden execSync and eval in TypeScript AI agents
TX_419296Engineering

AgentX scan exposes hidden execSync and eval in TypeScript AI agents

AgentX's npx-run scanner reveals popular open-source TypeScript AI agents use high-risk tools like execSync and eval under innocuous names, and offers a language-agnostic gateway for protection [DevTo].

sources[DevTo]

AgentX released a one-command scanner (npx @agentx-core/scan .) that inspects tool definitions in TypeScript AI agents built on the Vercel AI SDK, ranking each by destructive potential [DevTo]. The scanner parses the source of each tool, not its name, and produces a table of risk levels. In a test run, it listed five tools, flagging two as high risk: a grep tool that calls execSync and a calculator that runs eval on model-supplied input [DevTo]. A fetchUrl tool was marked medium because it allows arbitrary outbound requests, creating an SSRF surface. The report showed that 40% of the examined tools could perform destructive actions, yet none of the projects included any guard or gateway dependency.

The scanner's findings highlight the risk of hidden code-execution vectors. A model-chosen string passed to execSync or eval gives the LLM unrestricted OS or JavaScript access, bypassing any sandbox that assumes tools are read-only [DevTo]. Additionally, SSRF via fetch tools exposes internal networks, allowing a compromised model to probe private services. Tools named grep, query, or calculator suggest harmless intent, but the scanner's evidence shows the opposite, forcing teams to verify implementation rather than rely on semantics.

AgentX also ships a gateway component that can sit in front of any agent runtime, intercepting calls to high-risk tools regardless of language. Because the gateway is language-agnostic, teams can protect Python, Go, or Rust agents without adding SDKs, closing the gap that currently leaves most open-source agents unguarded [DevTo].

operator_channel
[ comments_offline · provider_not_configured ]
transmission_log

Subscribe to the broadcast.

Daily digest of the day's most important tech news. No fluff. Engineering signal only.

// delivered via substack · double-opt-in confirmation