SkillsMay 13, 2026·3 min read

Aguara — Security Scanner for MCP & Skills

Offline scanner for agent skills and MCP servers. Detect prompt injection and exfiltration; outputs JSON/SARIF and supports CI thresholds.

Agent ready

Ready-to-run agent install

This asset can be installed after the agent chooses its runtime, checks the plan, and runs the matching command.

Native · 98/100Policy: allow
Agent surface
Any MCP/CLI agent
Kind
Skill
Install
Single
Trust
Trust: Established
Entrypoint
Asset
Direct install command
npx -y tokrepo@latest install 46af3104-2fa4-5668-aa27-19c4afa63a03 --target codex

Run after dry-run confirms the install plan.

Intro

Aguara is an offline security scanner that inspects agent skills and MCP servers before you run them, helping catch prompt injection and credential exfiltration patterns early.

Best for: Teams deploying MCP servers, skill marketplaces, and CI policy gates for tool safety

Works with: macOS/Linux; Go install or Homebrew; can run in Docker for hermetic scans

Setup time: 5–15 minutes

Key facts (verified)

  • README highlights 189 detection rules across 14 categories and an aggregate 0–100 risk score.
  • Supports JSON and SARIF outputs plus CLI thresholds like --severity / --fail-on (README).
  • GitHub: 76 stars · 15 forks; pushed 2026-05-13 (GitHub API verified).

Main

Use Aguara as a preflight step for any “tooling you didn’t author”:

  1. Scan new MCP servers before adding them to .mcp.json or deploying to shared environments.
  2. Scan skill repos before publishing to a registry, and fail CI on high-severity findings.
  3. Keep a baseline JSON report per version so reviews can diff risk changes over time.

README excerpt (verbatim)

Aguara

Security scanner for AI agent skills and MCP servers.
Detect prompt injection, data exfiltration, and supply-chain attacks before they reach production.

CI Go Report Card Go Reference GitHub Release License GitHub Stars Docker Homebrew

InstallationQuick StartHow It WorksUsageRulesIncident ResponseAguara MCPAguara WatchContributing

https://github.com/user-attachments/assets/851333be-048f-48fa-aaf3-f8cc1d4aa594

Why Aguara?

AI agents and MCP servers run code on your behalf. A single malicious skill file can exfiltrate credentials, inject prompts, or install backdoors. Aguara catches these threats before deployment with static analysis that requires no API keys, no cloud, and no LLM.

  • 189 detection rules across 14 categories — prompt injection, data exfiltration, credential leaks, supply-chain attacks, MCP-specific threats, command execution, SSRF, unicode attacks, and more.

FAQ

Q: Does Aguara require an LLM or API keys? A: README states the analysis is offline and deterministic, so it does not require API keys or a cloud service.

Q: How do I use it in CI? A: Run aguara scan and fail on a chosen threshold (e.g., --severity high) while exporting JSON/SARIF artifacts.

Q: What should I scan? A: Scan skill markdown/YAML/JSON plus MCP server directories so Aguara can detect cross-file risky flows.

🙏

Source & Thanks

Source: https://github.com/garagon/aguara > License: Apache-2.0 > GitHub stars: 76 · forks: 15

Discussion

Sign in to join the discussion.
No comments yet. Be the first to share your thoughts.

Related Assets