About Us
The security layer for AI agents
We build open-source security tools for AI agent stacks. Research-backed. Community-driven. Always updating.
Our Philosophy
Why agent security matters
AI agent security is an open problem. We're solving it in the open. OpenClaw skills, MCP servers, and agent plugins run with access to your credentials, file system, and network, yet most developers install them without a second look.
We found that 7.1% of skills on a major marketplace were actively stealing credentials or exfiltrating data. Tool poisoning, prompt injection, and credential harvesting are real threats, and nobody was scanning for them.
Firmis exists to close that gap. We scan your entire agent stack, flag threats in plain English, and give you actionable fix instructions. Education first, not fear first.
Our Values
What we believe
Open Source
Apache-2.0 scanner, ELv2 engine. Inspect every rule, run offline, contribute back.
Research-First
Every detection rule is backed by data. We analyzed thousands of AI agent skills to build the threat model. Data over opinions. Always.
Developer-Friendly
CLI-native, zero friction. One command, plain English results, no account required.
Community-Driven
Every scan contributes signal. New threats found by the community become detection rules within hours. Everyone who scans makes everyone safer.
Our Team
Who we are
Founded by engineers who saw the agentic security gap firsthand. As AI agents proliferated across development workflows, nobody was auditing what these tools could actually access.
We built Firmis to give every developer the same visibility into their agent stack that enterprise security teams have. For free, with one command, in plain English.
How we build
Every feature ships with a hypothesis and a way to measure it. We run experiments, not roadmaps. If the data says we were wrong, we change course.
We scanned thousands of agent skills before writing our first detection rule. Every claim we make is traceable to data. We publish our methodology so others can verify.
The scanner is Apache-2.0. Every scan contributes anonymous signal to the shared threat feed. New threats become detection rules within hours, not weeks.
We explain threats in plain English, not fear-driven marketing. Every finding tells you what happened, why it matters, and exactly how to fix it.
Get Started
Scan your agent stack
One command checks any AI agent platform for malicious tools, exposed credentials, and data theft. Free. 30 seconds. Plain English results.