Capability
20 artifacts provide this capability.
Want a personalized recommendation?
Find the best match →via “risk score aggregation and policy-based decision making”
Open-source LLM input/output security scanner toolkit.
Unique: Provides configurable risk score aggregation with policy-based decision rules, enabling organizations to define nuanced security policies that weight different threats differently. Supports multiple aggregation strategies (weighted sum, maximum, AND/OR logic) for flexible policy expression.
vs others: More flexible than binary scanners because it enables nuanced decisions based on risk scores; more maintainable than hardcoded logic because policies are declarative and configurable.
via “security vulnerability scanning with dependency risk assessment”
AI code review agent for pull requests.
Unique: Combines dependency vulnerability scanning (CVE-based) with LLM-based logic error detection to identify both known vulnerabilities and novel security patterns (e.g., insecure deserialization, weak cryptography usage). Integrates with VCS webhooks for automated scanning without manual trigger.
vs others: More comprehensive than dependency-only scanners (Dependabot, Snyk) because it also detects logic-based vulnerabilities (SQL injection, XSS) through code analysis. Faster than manual security review and more accessible than hiring dedicated security engineers.
via “security and quality issue categorization and severity ranking”
Advanced linter to detect & fix coding issues locally in JS/TS, Python, Java, C#, C/C++, Go, PHP. Use with SonarQube (Server, Cloud) for optimal team performance.
Unique: Combines security and quality issue detection in a single analysis engine with unified severity ranking, rather than requiring separate security scanners (e.g., SAST tools) and linters. Severity is configurable via SonarQube Server/Cloud, enabling team-specific risk models.
vs others: More comprehensive than language-specific linters (ESLint, Pylint) because it includes security-focused rules in addition to quality rules, and more actionable than generic SAST tools because severity is integrated into the development workflow.
via “vulnerability database and risk scoring with proprietary intelligence”
Developer security — AI-powered SAST, dependency scanning, container/IaC security, IDE integration.
Unique: Applies proprietary risk scoring algorithms that factor in exploitability, prevalence, and ecosystem context (beyond CVSS severity) to prioritize vulnerabilities; continuously updates database with newly disclosed vulnerabilities and provides ecosystem-wide trend analysis and benchmarking
vs others: More sophisticated than NVD or OSV because it includes proprietary risk scoring and exploitability assessment; more comprehensive than individual package manager advisories (npm, pip, Maven) because it aggregates data across ecosystems and provides consistent prioritization
via “ai-powered vulnerability prioritization and risk scoring”
AI-powered application security with auto-remediation.
Unique: Combines CVSS scoring with exploit availability data, organizational threat modeling, and patch adoption history in a machine-learning model to produce context-aware risk scores that account for real-world exploitation likelihood rather than theoretical vulnerability severity
vs others: More actionable than static CVSS scoring because it incorporates exploit availability and organizational context, but less accurate than manual security review for organization-specific threat models due to reliance on historical training data
via “vulnerability severity scoring and risk prioritization engine”
AI agent security scanner. Detect vulnerabilities in agent configurations, MCP servers, and tool permissions. Available as CLI, GitHub Action, ECC plugin, and GitHub App integration. 🛡️
Unique: Implements a composite scoring engine that combines findings from multiple analysis modules (static rules, deep scan, taint analysis, injection testing, sandbox) into a unified risk score; prioritizes remediation based on exploitability and impact rather than just rule severity
vs others: More sophisticated than simple rule-based severity assignment because it considers attack complexity, required privileges, and blast radius; aggregates multiple analysis techniques into a unified risk metric
via “risk scoring and consequence severity classification”
MCP server for AI agents to evaluate consequences before destructive actions. Analyzes Terraform plans, shell commands, and MCP tool calls.
Unique: Implements quantitative risk scoring for infrastructure and command consequences as part of MCP server, enabling agents to make risk-aware decisions. Uses multi-factor scoring model considering impact scope, reversibility, and resource criticality.
vs others: Provides automated risk scoring integrated into agent workflows, whereas manual risk assessment is subjective and time-consuming; recourse-cli enables consistent, quantitative risk evaluation.
via “risk scoring for detected pii”
PII (Personally Identifiable Information) detection API for AI agents. Scan any text for sensitive data: email addresses, phone numbers, SSNs, credit card numbers, IP addresses, physical addresses, and names. Risk scoring and redaction-ready output. Tools: compliance_detect_pii. Use this BEFORE lo
Unique: Features a customizable risk scoring algorithm that adapts to different compliance requirements and organizational policies, unlike static scoring systems.
vs others: Offers a more nuanced risk assessment compared to basic PII detection tools that lack contextual scoring.
via “risk classification and severity scoring for tool capabilities”
SINT MCP Security Scanner — analyze MCP server tool definitions for risk
Unique: Integrates SINT (Security Intent) framework for MCP-specific risk patterns; likely includes rules for common dangerous MCP tool patterns (e.g., arbitrary code execution, credential exposure via tool parameters)
vs others: Purpose-built risk taxonomy for MCP tools vs. generic API security scoring that doesn't understand agent-specific threat models
via “threat risk scoring and prioritization”
via “data-risk-scoring”
via “threat intelligence integration and risk scoring”
via “alert severity and priority ranking”
via “predictive-threat-scoring”
via “intelligent-vulnerability-prioritization”
via “vulnerability severity and risk assessment”
via “firmware threat modeling and risk scoring”
via “security posture scoring and benchmarking”
via “contextual risk scoring with asset criticality”
Building an AI tool with “Security Risk Scoring And Prioritization”?
Submit your artifact →curl unfragile.ai/agents.md | sh© 2026 Unfragile. The platform for software for agents.