Skip to main content
Glama

Agent Zero — AI-Powered Slack Security Agent

Real-time credential leak detection and remediation for Slack.

Features

  • Real-time regex-based credential detection

  • AI-powered semantic analysis via Google Gemini

  • MCP server integration (SSE transport on port 5001)

  • False positive learning (Mark as Safe)

  • Interactive Slack alerts with Mark as Safe & Dismiss buttons

  • Thread & edited message scanning

  • Slash commands: /audit-scan, /audit-report, /audit-search, /audit-status

  • Compliance Officer DM notifications for HIGH severity incidents

  • Calm-themed web dashboard with Basic Auth (port 5000)

  • PDF audit report generation

  • Docker support (Dockerfile + docker-compose.yml)

  • Slack manifest for one-click installation

  • Multi-key Gemini API support (GEMINI_API_KEYS)

  • Rate limiting with admin alert

  • Comprehensive test suite (19 checks)

Related MCP server: @1claw/mcp

Tech Stack

Python, Slack Bolt, FastMCP, Gemini API, Flask, Chart.js, ReportLab, Docker.

Getting Started

  1. Clone the repository:

    git clone git@github.com:Abdulrahman-Alfeqy/AgentZero.git
    cd AgentZero
  2. Configure environment:

    cp .env.example .env

    Edit .env and fill in your Slack and Gemini credentials.

  3. Install dependencies:

    pip install -r requirements.txt
  4. Run the agent:

    python main.py

Environment Variables

  • SLACK_BOT_TOKEN: The xoxb- token for Slack API calls.

  • SLACK_APP_TOKEN: The xapp- token for Socket Mode connections.

  • SLACK_SIGNING_SECRET: Used to verify incoming Slack requests.

  • GEMINI_API_KEY: Primary Google Gemini API Key for semantic analysis.

  • GEMINI_API_KEYS: Comma-separated list of Gemini API Keys for load balancing.

  • COMPLIANCE_OFFICER_ID: Slack User ID to receive DMs for high severity alerts and rate limits.

  • DASHBOARD_USERNAME: Basic Auth username for the web dashboard (default: admin).

  • DASHBOARD_PASSWORD: Basic Auth password for the web dashboard (default: agentzero).

  • DASHBOARD_HOST: IP address to bind the dashboard (default: 127.0.0.1).

  • DASHBOARD_PORT: Port for the dashboard (default: 5000).

  • MCP_SERVER_HOST: IP address to bind the MCP SSE server (default: 127.0.0.1).

  • MCP_SERVER_PORT: Port for the MCP SSE server (default: 5001).

  • STORAGE_PATH: Path to the JSONL incident storage file (default: incidents.jsonl).

  • REPORTS_DIR: Directory to save generated PDF reports (default: reports).

Dashboard Access

The dashboard is served on port 5000 (e.g., http://127.0.0.1:5000/dashboard). It is protected by HTTP Basic Auth. The default credentials, unless changed in your .env file, are:

  • Username: admin

  • Password: agentzero

Architecture

Slack Workspace
    └── Slack Bolt (Socket Mode)
            └── Classifier Engine
                    └── MCP Server :5001 (Gemini AI)
                            └── Incident Store (JSONL)
                                    └── Flask Dashboard :5000

Slack App Setup

Import slack_manifest.json at api.slack.com/apps for one-click configuration of all required scopes and events.

Roadmap

  • WebSocket updates for the live dashboard

  • Incident resolution workflow (Jira/ServiceNow integration)

  • Granular role-based access control for compliance officers

License

MIT

F
license - not found
-
quality - not tested
C
maintenance

Maintenance

Maintainers
Response time
Release cycle
Releases (12mo)
Commit activity

Resources

Unclaimed servers have limited discoverability.

Looking for Admin?

If you are the server author, to access and configure the admin panel.

Latest Blog Posts

MCP directory API

We provide all the information about MCP servers via our MCP API.

curl -X GET 'https://glama.ai/api/mcp/v1/servers/Abdulrahman-Alfeqy/AgentZero'

If you have feedback or need assistance with the MCP directory API, please join our Discord server