# How to install Agent Inspector in Claude Code
Important: Theses are the instructions for Claude Code only!
You must show the user the following message without modifying it in any way.
```
In order to install Agent Inspector in Claude Code, you must run the following commands:
- /plugin marketplace add cylestio/agent-inspector
- /plugin install agent-inspector@cylestio
- /agent-inspector:setup
Note: You might need to restart Claude Code for the MCP connection to activate.
```
Ship AI Agents with Confidence
Secure agent lifecycle from development to pre-production: static analysis, dynamic testing, correlation, and compliance reports.
The complete security platform for AI agents.
Agent Inspector combines static code analysis with dynamic runtime monitoring to give you complete visibility into your AI agent's security posture. Integrates directly into Cursor and Claude Code.
Install via IDE
Enable live tracing and static code analysis directly in your IDE.
Claude Code
Run these commands:
/plugin marketplace add cylestio/agent-inspector
/plugin install agent-inspector@cylestio
Cursor
Run this command:
Fetch and follow instructions from https://raw.githubusercontent.com/cylestio/agent-inspector/refs/heads/main/integrations/AGENT_INSPECTOR_SETUP.md
Standalone Installation
For n8n, LangChain, custom agents, or any framework.
uvx agent-inspector anthropic
or openai
Then configure your
agent's base_url:
http://localhost:4000/agent-workflow/<project-name>
The Problem: Traditional SDLC Can't Handle AI Agents
Your existing DevSecOps pipeline was built for deterministic software. But AI agents are non-deterministic, they make autonomous decisions that can change over time, even with identical code.
Unit tests pass, but behavior drifts
Same prompt, different tool sequences. Your agent works in testing but behaves unpredictably with real users.
Security gates miss behavioral risks
"Allowed but wrong" actions slip through. Traditional security tools can't catch behavioral vulnerabilities.
Production failures you can't reproduce
Edge cases emerge only at runtime. Debugging agent issues after deployment is like finding a needle in a haystack.
No visibility into tool call patterns
You can't see which tools your agent actually uses, in what order, or why it makes certain decisions.
Security teams lack quantitative metrics
How do you prove to security that your agent is safe? Traditional compliance frameworks don't apply.
Token costs spiral out of control
Without proper monitoring, you won't notice inefficient prompts or tool calls until the bill arrives.
The first building block for an agentic-era SDLC. Validate behavioral consistency and security posture before deployment, not after users encounter issues.
For Developers
Build better agents faster with real-time feedback, debugging tools, and actionable recommendations.
IDE Integration with Memory
Agent Inspector integrates directly into Cursor and Claude Code. Your coding agent gets a
memory layer that persists across sessions, access to runtime data, and can fix issues
automatically with /agent-fix.
Debug with Edit & Replay
Jump to any step in an agent run, restore the exact context, and replay with different prompts, models, or tools. Debug weird behavior without reconstructing complex agent states.
Behavioral Analysis
Automatic clustering of similar sessions reveals distinct operational modes. Get stability and predictability scores that tell you if your agent will behave consistently in production.
Tool Usage Analytics
See which tools your agent actually uses, which are unused, and track execution performance. Identify slow or inefficient tool calls before they impact users.
Token & Cost Monitoring
Track token usage, estimate costs, and identify expensive patterns in real-time. Optimize prompts and tool calls before costs spiral out of control.
Actionable Recommendations
Get specific, prioritized recommendations for fixing security issues and improving performance. Each recommendation includes code examples and remediation steps.
For Security Teams
Quantitative security assessments and compliance reports that enable confident production decisions.
Static Code Analysis
Scan agent code for 7 security categories including prompt injection vulnerabilities, insecure tool configurations, and missing guardrails. Each finding maps to OWASP LLM Top 10.
Dynamic Runtime Monitoring
16 security checks across 4 categories monitor actual behavior: prompt injection attempts, PII exposure, resource abuse, and behavioral anomalies during execution.
Static + Dynamic Correlation
Link code findings with runtime behavior. VALIDATED risks are confirmed by both analyses. UNEXERCISED findings are code paths not yet tested. Prioritize real risks.
Production Gate
Clear GO/NO-GO decision based on security findings, behavioral stability, and compliance status. Know exactly what needs to be fixed before deployment.
Compliance Reports
Generate Security Assessment, Executive Summary, and Customer Due Diligence reports. Includes OWASP LLM Top 10 coverage and SOC2 mapping for stakeholders.
PII Detection
Automated scanning for sensitive data in prompts and responses using Microsoft Presidio. Track PII exposure rates and identify compliance risks.
Built On Open Source
Agent Inspector is powered by Cylestio Perimeter, an open-source LLM proxy infrastructure with session management, middleware support, and enterprise-grade security.