Skip to main content

Aguara Security Scanner

Detect prompt injection, data exfiltration, and supply-chain attacks in AI agent skills and MCP servers before they reach production. 177 rules. 4-layer analysis. No API keys, no cloud, no LLM.

Why Aguara?

AI agents and MCP servers run code on your behalf. A single malicious skill file can exfiltrate credentials, inject prompts, or install backdoors. Aguara catches these threats before deployment with static analysis that requires no API keys, no cloud, and no LLM.

177 Detection Rules

Across 13 categories: prompt injection, data exfiltration, credential leaks, supply-chain attacks, MCP-specific threats, and more

4-Layer Analysis Engine

Pattern matching, NLP-based markdown analysis, taint tracking, and rug-pull detection work together to catch threats

CI-Ready Integration

JSON, SARIF, and Markdown output. GitHub Action with Code Scanning. Exit codes for pipeline control

Fully Offline

Deterministic scans with no API keys, no cloud calls, no LLM. Same input, same output, every time

Quick Start

1

Install Aguara

curl -fsSL https://raw.githubusercontent.com/garagon/aguara/main/install.sh | bash
2

Scan Your Skills

Auto-discover and scan all MCP configs on your machine, or scan a specific directory:
# Auto-discover and scan all MCP clients
aguara scan --auto

# Scan a skills directory
aguara scan .claude/skills/

# Only high and critical findings
aguara scan . --severity high
3

Review Findings

Get actionable security findings with confidence scores, remediation guidance, and context:
# Verbose mode (show descriptions, confidence scores, remediation)
aguara scan . --verbose

# CI mode (exit 1 on high+, no color)
aguara scan .claude/skills/ --ci

Key Features

MCP Discovery

Auto-detect configs across 17 clients including Claude Desktop, Cursor, VS Code, Windsurf, and more

Confidence Scoring

Every finding carries a 0.0-1.0 confidence level for prioritizing triage and filtering noise

Custom Rules

Write custom detection rules in YAML without code

Go Library API

Embed Aguara in your own tools with the public Go API

Rug-Pull Detection

Track file hashes across scans to catch tool descriptions that change after review

Multiple Outputs

Terminal, JSON, SARIF, and Markdown formats for different workflows

Get Started

Installation

Install Aguara using curl, Homebrew, Docker, or from source

Quick Start

Get scanning in under 2 minutes with our quickstart guide

CLI Usage

Learn all CLI commands and flags for scanning and discovery

CI/CD Integration

Integrate Aguara into your CI/CD pipeline with GitHub Actions, GitLab CI, or Docker

Detection Categories

Detects instruction overrides, role switching, delimiter injection, jailbreaks, fake system prompts, and event injection patterns
Catches webhook exfil, DNS tunneling, sensitive file reads, environment variable leaks, and credential transmission
Identifies API keys (OpenAI, AWS, GCP, Stripe, Anthropic, GitHub), private keys, database strings, and HMAC secrets
Finds download-and-execute patterns, reverse shells, sandbox escape attempts, symlink attacks, and privilege escalation
Detects tool injection, name shadowing, canonicalization bypass, capability escalation, and server manifest tampering
Identifies shell=True, eval, subprocess, child_process, PowerShell, and terminal multiplexer command injection

View All 177 Rules

Browse the complete rule catalog with IDs, severity levels, and examples

Ecosystem

Aguara MCP

MCP server that gives AI agents the ability to scan skills before installing them

Aguara Watch

Continuously scans 28,000+ AI agent skills across 5 registries to track the threat landscape

Build docs developers (and LLMs) love

Get started for freeTalk to us