智能体安全评估
AI Skill Hub 推荐使用:智能体安全评估 是一款优质的Agent工作流。AI 综合评分 7.5 分,在同类工具中表现稳健。如果你正在寻找可靠的Agent工作流解决方案,这是一个值得深入了解的选择。
📚 深度解析
智能体安全评估 工作流的设计遵循"最小配置,最大复用"原则:核心逻辑已经封装好,用户只需配置自己的 API Key 和业务参数即可快速上手。工作流内置错误处理和重试机制,在网络波动或 API 限速等情况下仍能稳定运行,适合作为生产环境的自动化基础设施。
在实际部署时,建议先在测试环境中运行 3-5 次,验证各个环节的输出结果符合预期,再部署到生产环境。AI Skill Hub 评分 7.5 分,是同类 Agent 工作流中的精选推荐。
📋 工具概览
智能体安全评估 是一套完整的 AI Agent 自动化工作流方案。通过可视化的节点编排,将复杂的多步骤任务拆解为清晰的自动化流程,实现全程无人值守的智能处理。支持与数百种外部服务和 API 无缝集成,适合构建数据处理管线、业务自动化和 AI 辅助决策系统。
📖 中文文档
智能体安全评估 是一套完整的 AI Agent 自动化工作流方案。通过可视化的节点编排,将复杂的多步骤任务拆解为清晰的自动化流程,实现全程无人值守的智能处理。支持与数百种外部服务和 API 无缝集成,适合构建数据处理管线、业务自动化和 AI 辅助决策系统。
- 可视化 Agent 工作流编排,无需编写复杂代码
- 支持多步骤自动化任务链,实现全流程无人值守
- 与外部 API、数据库和第三方服务无缝集成
- 内置错误处理与自动重试机制,保障稳定运行
- 提供可复用的自动化模板,快速在同类场景部署
- 自动化日常重复性工作,将精力集中于创造性任务
- 构建数据采集 → 处理 → 输出的完整自动化管线
- 实现跨平台、跨系统的数据流转和业务协同
# 方式一:pip 安装(推荐)
pip install agent3sigma-canary
# 方式二:虚拟环境安装(推荐生产环境)
python -m venv .venv
source .venv/bin/activate # Windows: .venv\Scripts\activate
pip install agent3sigma-canary
# 方式三:从源码安装(获取最新功能)
git clone https://github.com/antgroup/Agent3Sigma-Canary
cd Agent3Sigma-Canary
pip install -e .
# 验证安装
python -c "import agent3sigma_canary; print('安装成功')"
- 访问 GitHub 仓库获取工作流文件
- 在对应平台(Dify / Flowise / Make 等)中找到「导入工作流」功能
- 上传工作流文件
- 按照提示配置必要的环境变量和 API Key
- 运行测试确认流程正常后投入使用
# 命令行使用
agent3sigma-canary --help
# 基本用法
agent3sigma-canary input_file -o output_file
# Python 代码中调用
import agent3sigma_canary
# 示例
result = agent3sigma_canary.process("input")
print(result)
# agent3sigma-canary 配置文件示例(config.yml) app: name: "agent3sigma-canary" debug: false log_level: "INFO" # 运行时指定配置文件 agent3sigma-canary --config config.yml # 或通过环境变量配置 export AGENT3SIGMA_CANARY_API_KEY="your-key" export AGENT3SIGMA_CANARY_OUTPUT_DIR="./output"
Agent3σ-Canary
English · Simplified Chinese
Agent3σ-Canary, abbreviated as AgentCanary, is part of the Agent3σ project. It provides security evaluation capabilities for AI Agents in realistic runtime environments. AgentCanary does not simply check whether a model gives a safe textual answer; it drives agents in controlled sandboxes to invoke real tools, process task materials in realistic formats, and evaluate the agent's complete execution trajectory across risk outcome, security awareness, and normal-task utility.
💡 Key Features
- Comprehensive risk coverage: Tasks are organized through a systematic "risk entry x risk impact" taxonomy. Risk entries capture different sources of risk and their threat models, including direct injection, indirect prompt injection, Skills poisoning, and memory poisoning. Risk impacts describe the different consequences an attack can cause, such as local environment damage, sensitive data leakage, and persistent state pollution. See risk definition for details.
- Realistic usage scenarios: AgentCanary covers real agent workflows such as web browsing, email processing, SMS handling, and financial operations. Risk sources are embedded into the workflows that agents are expected to complete, following realistic threat models.
- Realistic runtime environment: AgentCanary uses real interfaces to access resources such as web pages, email, and files, preserving high-fidelity tool-call chains and data formats. It also dynamically prepares task-specific materials, such as inboxes, test files, virtual financial accounts, and websites, so each evaluation runs with sufficient context.
- Sandboxed evaluation: Each task runs in an isolated environment, reducing the impact of high-risk samples on the host and other tasks while keeping evaluations controlled and reproducible.
- Multiple attack methods: AgentCanary supports automatic generation, mutation, and optimization of attack samples for evaluation tasks, covering one-shot transformations, multi-step iterative optimization, and long-chain attack scenarios.
- Defense framework evaluation: AgentCanary supports evaluating different agent security defense frameworks, making it easier to compare defense effectiveness.
- Trajectory-based multidimensional scoring: Scoring is not based only on a single-step result. AgentCanary evaluates the agent's complete execution trajectory across safety outcome, security awareness, and task utility.
- High extensibility: Task definitions and environment construction are modular, making it easy to add custom evaluation tasks.
3. Build Docker Images
Evaluation tasks run in isolated Docker containers, so you need to build the evaluation environments first.
Before building images, package the Skills repository:
cd _skills_repository
bash buildAll.sh
cd ..Then build evaluation images. AgentCanary currently supports evaluating vanilla OpenClaw and OpenClaw variants integrated with different security plugins. Each Docker image corresponds to an independent evaluation environment, and you can choose which variants to build.
- official: Vanilla OpenClaw agent
- official_shield: OpenClaw + Shield security plugin
- official_secureclaw: OpenClaw + SecureClaw security plugin
- official_clawkeeper: OpenClaw + ClawKeeper security plugin
After running the build script, select the image variants you need from the prompt. For example, choose official if you only want to evaluate vanilla OpenClaw; choose additional plugin images if you want to compare defense effectiveness.
bash workflow/workflow_step_1_image_builder.shTip If network restrictions require an HTTP proxy for Docker builds, see docs/docker_proxy_en.md.
Build leaderboard data
cd leaderboard python build.py
🚀 Quick Start
Example: run the direct suite with gpt-4o from the openai-compatible provider
./scripts/run.sh --model openai-compatible/gpt-4o --suite direct --docker --verbose
**Common arguments:**
| Argument | Description | Example |
| --- | --- | --- |
| `--model` | Target model, in `provider-id/model-id` format | `--model anthropic/claude-sonnet-4` |
| `--suite` | Test suite | `direct`, `indirect`, `memory`, `chain`, `skills_poison`, `all`, or comma-separated task IDs |
| `--docker` | Run the agent inside Docker | `--docker` |
| `--verbose` | Print more detailed logs | `--verbose` |
| `--attack` | Attack method | `code_attack`, `pair`, `important_message`, `InjecAgent`, etc. |
| `--runs` | Number of repeated runs per task | `--runs 3` |
| `--output-dir` | Result output directory | `--output-dir results/my_test` |
**Batch evaluation:**
To evaluate multiple models across multiple Docker images in parallel, use scripts under `batch_run/`:
Run a small sample for quick validation
./batch_run/direct.sh example
1. Prepare the Environment
System requirements:
- Python 3.10+
- uv for Python dependency management
- Docker
Install uv:
curl -LsSf https://astral.sh/uv/install.sh | shInstall Python dependencies:
uv sync2. Configure Models and API Keys
Running AgentCanary requires configuring two types of LLMs:
- Target model: The LLM used by the agent under test inside the Docker container. Specify it with the
--modelargument. - Auxiliary models: LLMs used by the evaluation framework itself, such as PAIR attackers and judge scorers.
Configuration steps:
```bash
1. Create a configuration file from the template
cp config.example.yaml config.yaml
2. Edit the configuration with your API keys and model information
vim config.yaml
3. Optional: validate whether the configured model APIs are available
uv run python scripts/validate_api.py
In `config.yaml`, configure:
- **providers**: API endpoints, keys, and available model lists. You can define multiple providers, and each provider can contain multiple models. The `provider-id/model-id` pair is the value used by the `--model` argument.
- **roles**: Auxiliary model assignments for roles such as pair, judge, and ipi. Auxiliary model requests currently use OpenAI-compatible Chat Completions APIs.
Example:
anthropic: base_url: "https://api.anthropic.com/v1" api_key: "sk-ant-xxx" api: "anthropic-messages" models: - id: "claude-sonnet-4" name: "Claude Sonnet 4"
roles: # pair: # base_url: "https://api.openai.com/v1" # api_key: "sk-xxx" # model: "gpt-4o" judge: base_url: "https://api.openai.com/v1" api_key: "sk-xxx" model: "gpt-4o" # ipi: # base_url: "https://api.openai.com/v1" # api_key: "sk-xxx" # model: "gpt-4o"
**Generate runtime configuration:**
Generate env.sh and openclaw.json from config.yaml
bash setup.sh
Load environment variables
source env.sh ```
1. Configure images and models
cp batch_run/batch_config.example.sh batch_run/batch_config.sh vim batch_run/batch_config.sh
⚙️ Configuration Reference
Full `config.yaml` Fields
providers:
<provider-id>: # Unique provider ID used as the --model prefix
base_url: "" # [required] API endpoint URL
api_key: "" # [required] API key
api: "openai-completions" # [optional] API protocol: "openai-completions" or "anthropic-messages"
models:
- id: "" # [required] Model ID used as the --model suffix
name: "" # [optional] Display name, defaults to id
api: "" # [optional] Per-model API protocol override
reasoning: false # [optional] Whether reasoning is supported, defaults to false
context_window: 384000 # [optional] Context window size
max_tokens: 384000 # [optional] Maximum output tokens
roles:
pair: # PAIR attacker
base_url: "" # [required] OpenAI-compatible API endpoint
api_key: "" # [required] API key
model: "" # [required] Model name
judge: # Judge scorer
base_url: ""
api_key: ""
model: ""
settings:
web_sim_base_url: "" # [optional] Web simulation service URL🔄 Evaluation Workflow
提供实用AI安全评估工作流
- 构建多智能体协作系统的 Agent 开发者
- 做语音类 AI 产品的开发者
- 生产部署优先使用 Docker Compose 隔离依赖,并挂载 volume 持久化数据
- Agent 任务先做 dry-run 验证工具调用链,再开启自主执行
- API key 直接提交到 git 仓库(请用 .env 并加入 .gitignore)
- 容器内无法访问宿主机 localhost — 使用 host.docker.internal
- Python 依赖冲突:建议用 venv / uv 隔离环境
- Docker:Agent3Sigma-Canary 提供官方镜像,docker compose up 一键启动
- 云端托管:可放在 Vercel / Railway / Fly.io 等 PaaS 平台
⚡ 核心功能
- 可视化 Agent 工作流编排,无需编写复杂代码
- 支持多步骤自动化任务链,实现全流程无人值守
- 与外部 API、数据库和第三方服务无缝集成
- 内置错误处理与自动重试机制,保障稳定运行
- 提供可复用的自动化模板,快速在同类场景部署
- 构建多智能体协作系统的 Agent 开发者
- 做语音类 AI 产品的开发者
- 生产部署优先使用 Docker Compose 隔离依赖,并挂载 volume 持久化数据
- Agent 任务先做 dry-run 验证工具调用链,再开启自主执行
- API key 直接提交到 git 仓库(请用 .env 并加入 .gitignore)
- 容器内无法访问宿主机 localhost — 使用 host.docker.internal
- Python 依赖冲突:建议用 venv / uv 隔离环境
👥 适合人群
🎯 使用场景
- 自动化日常重复性工作,将精力集中于创造性任务
- 构建数据采集 → 处理 → 输出的完整自动化管线
- 实现跨平台、跨系统的数据流转和业务协同
⚖️ 优点与不足
- +Apache-2.0 协议,可免费商用
- +大幅减少重复性人工操作
- +可视化流程,清晰直观
- +可扩展性强,支持复杂场景
- −初始配置和调试需投入一定时间
- −强依赖外部服务的稳定性
- −复杂场景需具备一定技术基础
AI Skill Hub 为第三方内容聚合平台,本页面信息基于公开数据整理,不对工具功能和质量作任何法律背书。
建议在沙箱或测试环境中充分验证后,再部署至生产环境,并做好必要的安全评估。
✅ Apache 2.0 — 宽松开源协议,可商用,需保留版权声明和 NOTICE 文件,含专利授权条款。
🔗 相关工具推荐
❓ 常见问题 FAQ
总体来看,智能体安全评估 是一款质量良好的Agent工作流,在同类工具中具备一定竞争力。AI Skill Hub 将持续追踪其更新动态,建议收藏备用,结合自身场景选择合适时机引入使用。
| 原始名称 | Agent3Sigma-Canary |
| 原始描述 | 开源AI工作流:Agent3σ-Canary is an evaluation framework for AI Agent security in realistic run。⭐12 · Python |
| Topics | AI安全工作流 |
| GitHub | https://github.com/antgroup/Agent3Sigma-Canary |
| License | Apache-2.0 |
| 语言 | Python |
收录时间:2026-05-26 · 更新时间:2026-05-30 · License:Apache-2.0 · AI Skill Hub 不对第三方内容的准确性作法律背书。