Red team tool security evaluation

Agent Security Audit Checklist

A gated interactive checklist designed to guide red team leads through an agent security audit of penetration testing and offensive security tools. Covers agent architecture, communication channels, credential management, and operational security considerations.

Red teams deploying agents on target endpoints face a variety of security risks that can impact team effectiveness and client safety. This interactive checklist helps platform engineering and security leads systematically review agent security controls across common risk vectors.

The tool focuses on elements critical for agent security posture, including host-based protections, communication encryption, credential handling, and operational hygiene. Completing this checklist supports risk mitigation before field deployment.

Inputs

Agent installation method

How is the agent installed on target systems? Choose the primary installation vector.

Agent communication channel

Select the primary communication method the agent uses to interact with command-and-control servers.

Credential storage method

How does the agent store credentials for authentication to targets or servers?

Agent persistence mechanism

What method does the agent use to maintain persistence on target devices?

Has the agent's code been audited for vulnerabilities?

Yes, formally audited within last 12 monthsYes, audited but outdated (>12 months)No formal audit performed

Consider internal or third-party security code reviews and penetration tests.

Are controls in place to monitor or limit data exfiltration by agents?

Yes, comprehensive controls enforcedPartial controls in placeNo specific controls applied

Includes data volume limits, anomaly detection, or whitelisting protocols.

Does the agent support secure and complete uninstallation?

Yes, documented uninstall procedureNo uninstall option or incomplete removalUnknown

Check if the agent can be removed without leaving residual privileged artifacts.

Result

Agent Security Risk Score

agent_installation_method == 'manual' ? 2 : 0 + communication_channel == 'unencrypted' ? 5 : 0 + credential_storage_method == 'plaintext' ? 7 : 0 + agent_persistence_mechanism == 'memory_only' ? 1 : 0 + agent_code_audited == 'no' ? 5 : 0 + data_exfiltration_controls == 'no' ? 5 : 0 + agent_uninstall_capability == 'no' ? 3 : 0

—

Agent Security Assessment

Your agent's security posture indicates controlled risk, with adequate encryption and credential safeguards.

Best practice

Vendors should provide agents with encrypted communications (e.g., TLS 1.3), ephemeral credential handling, audited codebases, and documented uninstall procedures to minimize operational risk.

Subsequent sections unlock after submit