Agent Capability Scanner · 120+ Rules · SARIF 2.1.0

Stop AI agents
from going rogue before
they hit production.

Scan the capabilities, boundaries, and trust chains of your AI agents โ€” before they ship. Agentforce. ServiceNow. MuleSoft. MCP.

Scan Your Agents Free Read the Docs
๐Ÿ›ก 120+ Security Rules
๐Ÿ“‹ SARIF 2.1.0 Compliant
โœ… Zero Org Connection Required
$ npm install -g squirex
play_circle 3-Step Workflow

How it works

Point. Scan. Fix. Across every agentic platform.

Scan Agents Locally

Point SquireX at your ServiceNow Update Sets or Salesforce agent directory. It parses every agent, tool, and script โ€” then builds a semantic dependency graph of capabilities.

squirex โ€” servicenow-scan
$ squirex scan --platform servicenow ./update-sets/
Parsing Update Set XML...
Extracted 6 sn_aia_agent records [OK]
Extracted 14 sn_aia_tool definitions [OK]
Extracted 3 sn_aia_skill_kit records [OK]
Building Semantic Dependency Graph... [OK]
Analyzing GlideScript AST patterns...
Scan complete in 0.8s (23 metadata files, 6 agents, 14 tools)

Map the Blast Radius

SquireX evaluates deterministic capability rules โ€” not an LLM โ€” to detect ACL bypasses, Role Masking failures, prompt poisoning, and capability leaks.

Vulnerability Detected
[CRITICAL] SNOW-28.1 โ€” GlideRecord in ACL Script
>> File: update-sets/acl_incident_read.xml
>> Line: 12
>> Reason: GlideRecord in ACL creates recursive bypass โ€” the access
>> control check itself bypasses access control.
>> Fix: Replace GlideRecord with gs.hasRole() or GlideRecordSecure.
[CRITICAL] SNOW-20.2 โ€” Role Masking Not Configured
>> Agent: IT_Support_Agent (Dynamic User identity)
>> Fix: Enable Role Masking. Restrict to ["itil", "catalog"].

Seamless Remediation

SquireX integrates with GitHub Advanced Security and Copilot Autofix to block risky PRs and suggest secure boundaries automatically.

merge github.com/PullRequests/42
auto_awesome Copilot Autofix โ€” SNOW-28.1 Remediation 
update-sets/acl_incident_read.xml โ€” ACL Script


- var gr = new GlideRecord('sys_user_has_role');


- gr.addQuery('user', gs.getUserID());


- gr.query();


- answer = gr.next();


+ answer = gs.hasRole('admin'); // Fixed. Uses ACL-safe built-in API.
radar Core Engine

Your agents reason.
Your scanner should too.

SquireX builds a semantic graph of every agent in your codebase โ€” mapping tools to scripts, prompts to data access, and capabilities to trust boundaries. It evaluates that graph against deterministic rules written for agentic reasoning, not static code paths.

verified_user
Capability Containment Validate that agents can't escalate beyond their Role Masking boundaries. Detect GlideRecord calls in ACL scripts, missing confirmation gates, and admin privilege leaks.
policy
Trust Chain Analysis Map the full dependency chain from agent โ†’ skill โ†’ tool โ†’ script โ†’ data. Detect orphaned M2M references, domain separation drift, and cross-scope violations.

One engine. Every agentic platform.

Same rule engine. Same SARIF output. Same CI/CD integration.

support_agent

ServiceNow Now Assist

GlideRecord ACL bypasses, Role Masking failures, domain separation drift, latent memory poisoning, and MID Server trust violations.

cloud

Salesforce Agentforce

Capability leaks, prompt poisoning, topic boundary violations, and missing user confirmations in agent configurations.

hub

MuleSoft Agent Fabric

PII routing violations, unauthenticated downstream LLM calls, and Flex Gateway privilege escalation chains.

extension

MCP Servers

Tool ID spoofing, shadow servers, over-scoped OAuth tokens, and missing PKCE enforcement.

Agent Capability Rules

ServiceNow & Agentforce Examples

Deterministic rules for agent reasoning. Click any rule to see the finding and the fix.

[ CRITICAL ] SNOW-28.1

GlideRecord in ACL Script

Recursive access control bypass โ€” the ACL check itself bypasses access control.

[ CRITICAL ] SNOW-20.2

Role Masking Not Configured

Dynamic User identity without Role Masking = unrestricted instance access.

[ CRITICAL ] AGENTFORCE

Mandatory User Confirmation

Agent attempts high-privilege data modification without manual ACK.

// ACL Script โ€” incident table (ServiceNow)
// โŒ GlideRecord in ACL = recursive bypass
var gr = new GlideRecord('sys_user_has_role');
gr.addQuery('user', gs.getUserID());
gr.addQuery('role.name', 'admin');
gr.query();
answer = gr.next();

>> [CRITICAL] Rule 'SNOW-28.1 โ€” ACL Script Correctness' violated.
Reason: GlideRecord in ACL creates a recursive bypass โ€” the access
control check itself bypasses access control.
Recommendation: Replace with gs.hasRole('admin').

What early users are saying

From the people who put agents in production every day.

We were deploying Now Assist agents without any security review on the GlideScript. SquireX flagged three GlideRecord calls in our ACL scripts that would have given the AI agent full table access. Fixed in an hour.

RJ
Rajesh J.
ServiceNow Platform Admin · Enterprise

Finally something that treats AI agent security as a first-class concern, not an afterthought bolted on at the end. Dropped it into our GitHub Actions in under an hour.

MT
Marcus T.
Platform Engineering Lead

Our ServiceNow instance is domain-separated across 40 subsidiaries. SquireX caught a missing sys_domain constraint in a Now Assist tool script that would have leaked cross-tenant incident data. That's a compliance nightmare avoided.

LM
Lisa M.
IT Security Lead · Global Enterprise
hub Integrations

Works where you work

One scanner. Multiple surfaces. From your terminal to your CI/CD to your AI coding agent.

cloud_done
ServiceNow Now Assist
AI Agent Security · New

Parses Update Sets and sn_aia_* records to enforce ACL integrity, GlideRecordSecure usage, domain separation, and MID Server authentication for Now Assist AI agents.

check ACL Script Correctness (SNOW-28)
check Domain Separation Drift (SNOW-29)
check MID Server Trust (SNOW-31)
smart_toy
MCP Server
AI-Native

Give Claude, Gemini, and Copilot direct access to every security rule. The first agent capability scanner to ship as an MCP server.

$ npx -y @squirex.dev/mcp-server
merge
GitHub Advanced Security
CI/CD Enforcement

Inline PR annotations, automated merge blocking, and SARIF output that pipes directly into GitHub's code scanning dashboard.

check Inline PR annotations on agent files
check Merge blocking on critical violations
check SARIF 2.1.0 native ingest
shield_with_heart
Supply Chain Shield
ToxicSkill Detection ยท New

Scans your agent skill documentation (README.md, SKILL.md, AGENTS.md) and IDE MCP configs for adversarial instructions invisible to human reviewers but visible to LLMs.

check HTML comment injection (TS-01)
check Base64-encoded payloads (TS-02)
check Zero-width Unicode injection (TS-03)
science
Testing Center Bridge
Static โ†’ Dynamic

Convert every scan violation into a native DX test spec automatically. One command bridges code-time analysis and live Testing Center validation.

check SARIF violations โ†’ DX YAML specs
check Schema validated before push
check Pushed via sf agent test run
View Full Integration Docs โ†’

Common questions

From teams using Salesforce Code Analyzer, ServiceNow ATF, or traditional SAST tools.

Those tools analyze code correctness โ€” variable patterns, API usage, test coverage. SquireX analyzes agent capabilities โ€” what can an agent do, what data can it access, and where are the trust boundaries broken? A GlideRecord in an ACL script is syntactically valid, passes ATF, and passes every linter. But it's a recursive access control bypass that gives an AI agent full table access. SquireX catches it because it understands the agentic context, not just the code.

Yes. SquireX v4 natively parses exported Update Set XML, sn_aia_agent and sn_aia_tool records, and GlideScript patterns. It ships with 29 SNOW-* rules covering tool configuration, script safety, Flow Designer, Virtual Agent, PII leakage, ACL integrity, domain separation, scope hygiene, MID Server trust, and more.

No โ€” it complements it. Keep running Salesforce Code Analyzer for your Apex code, or ServiceNow ATF for your GlideScript. Run SquireX specifically for your AI agents โ€” Agentforce, ServiceNow Now Assist, or MCP servers. SARIF 2.1.0 output means findings from all tools can be consolidated in GitHub Advanced Security or any compliant SIEM with zero extra configuration.

No org connection required. SquireX scans your local metadata files directly โ€” Salesforce .agent definitions, ServiceNow Update Set XML, GlideScript files, and MCP server configs. It's fully offline-capable.

No. The scanner runs locally on your machine or inside your CI/CD pipeline. Your metadata โ€” whether Salesforce agent files, ServiceNow Update Sets, or MCP server configs โ€” never leaves your environment. The GitHub App integration only reads file paths and violation locations โ€” it never transmits code content.

Up and running in 30 seconds

Free to use. No account needed for local scans.

terminal

Installation & Execution

# Install the CLI globally
npm install -g squirex
# Scan ServiceNow agents
squirex scan --platform servicenow ./update-sets/
# Connect your AI coding agent
npx -y @squirex.dev/mcp-server
Simple, transparent pricing

Protect your AI agents
from the first commit

Free for every developer. Pay only when you need to secure private repositories.

Community
$0
Free forever

Everything you need for public projects and local development.

  • done Unlimited local squirex scan
  • done Unlimited public repo scanning via GitHub App
  • done Inline PR annotations & SARIF output
  • done All security rules included
Install Free โ†’
Most Popular
Pro
$49/mo
per private repo ยท or $490/year

Up to 3 private repositories. Includes full CI/CD, MCP, and Testing Center integration.

  • done Everything in Community
  • done Private repo scanning (up to 3 repos)
  • done CI/CD enforcement & Check Run blocking
  • done SQUIREX_LICENSE_KEY for GitHub Actions
  • done MCP Server integration for AI agents
  • done Agentforce Testing Center Bridge
  • done Email support
Activate Pro ยท $49/month โ†’
Enterprise
$299/mo
per GitHub org ยท unlimited private repos

Unlimited private repos under one GitHub Organization. Built for orgs with 4+ agent projects across Salesforce, ServiceNow, or MCP.

  • done Everything in Pro
  • done Unlimited private repos under your org
  • done Org-level license โ€” no key config needed
  • done MCP Server & Testing Center Bridge
  • done Priority Slack support channel
  • done Dedicated SLAs & priority support
Activate Enterprise โ†’
lock Cancel anytime
shield_locked Stripe-secured payments
code Your code is never stored