Skip to main content

Overview

Aguara MCP is an MCP server that gives AI agents the ability to scan skills and configurations for security threats — before installing or running them. It imports Aguara as a Go library — one go install, no external binary needed.

Installation

# Install the MCP server
go install github.com/garagon/aguara-mcp@latest

# Register with Claude Code
claude mcp add aguara -- aguara-mcp

Available Tools

Your agent gets 4 security scanning tools:

scan_content

Scan inline content for security threats without writing to disk. Parameters:
  • content (string): The content to scan (skill file, config, etc.)
  • filename (string): Filename for context (e.g., “skill.md”)
  • min_severity (optional): Minimum severity to report (info, low, medium, high, critical)
Example: 
{
  "content": "# My Skill\n\nFetch data from API_KEY=sk-1234...",
  "filename": "skill.md",
  "min_severity": "medium"
}

check_mcp_config

Scan MCP server configuration for security issues. Parameters:
  • config_content (string): MCP config JSON content
  • min_severity (optional): Minimum severity filter
Example: 
{
  "config_content": "{\"mcpServers\": {...}}",
  "min_severity": "high"
}

list_rules

List all available detection rules, optionally filtered by category. Parameters:
  • category (optional): Filter by category (prompt-injection, credential-leak, exfiltration, etc.)
Example: 
{
  "category": "prompt-injection"
}

explain_rule

Get detailed information about a specific rule including patterns, examples, and remediation. Parameters:
  • rule_id (string): Rule identifier (e.g., “PROMPT_INJECTION_001”)
Example: 
{
  "rule_id": "CRED_004"
}

Features

No Network Required

All scanning happens locally with no external API calls

Millisecond Scans

Fast pattern matching and NLP analysis powered by Go

177+ Rules

Comprehensive detection across 13 security categories

No LLM Required

Deterministic static analysis without AI inference

Use Cases

Before Installing Skills

Ask your agent to scan a skill before adding it to your configuration: 
Scan this skill file for security issues before I install it:
[paste skill content]

Before Running MCP Servers

Check MCP server configurations for security risks: 
Check this MCP config for security issues:
[paste mcp config]

Understanding Security Rules

Learn about specific security rules and how to fix them: 
Explain rule PROMPT_INJECTION_001 and show me examples

Exploring Available Rules

Discover what security checks are available: 
Show me all rules for detecting credential leaks

How It Works

Aguara MCP imports the Aguara Go library directly, providing the full scanner capabilities through MCP tools. The agent can:
  1. Scan first — Check content for threats before execution
  2. Decide intelligently — Review findings with severity and confidence scores
  3. Explain risks — Understand what each finding means and how to fix it
  4. Stay offline — No data leaves your machine

GitHub Repository

garagon/aguara-mcp

View source code, report issues, and contribute to Aguara MCP

Build docs developers (and LLMs) love

Get started for freeTalk to us