Main
Use Aguara as a preflight step for any “tooling you didn’t author”:
- Scan new MCP servers before adding them to
.mcp.jsonor deploying to shared environments. - Scan skill repos before publishing to a registry, and fail CI on high-severity findings.
- Keep a baseline JSON report per version so reviews can diff risk changes over time.
README excerpt (verbatim)
Aguara
Security scanner for AI agent skills and MCP servers.
Detect prompt injection, data exfiltration, and supply-chain attacks before they reach production.
Installation • Quick Start • How It Works • Usage • Rules • Incident Response • Aguara MCP • Aguara Watch • Contributing
https://github.com/user-attachments/assets/851333be-048f-48fa-aaf3-f8cc1d4aa594
Why Aguara?
AI agents and MCP servers run code on your behalf. A single malicious skill file can exfiltrate credentials, inject prompts, or install backdoors. Aguara catches these threats before deployment with static analysis that requires no API keys, no cloud, and no LLM.
- 189 detection rules across 14 categories — prompt injection, data exfiltration, credential leaks, supply-chain attacks, MCP-specific threats, command execution, SSRF, unicode attacks, and more.
FAQ
Q: Does Aguara require an LLM or API keys? A: README states the analysis is offline and deterministic, so it does not require API keys or a cloud service.
Q: How do I use it in CI?
A: Run aguara scan and fail on a chosen threshold (e.g., --severity high) while exporting JSON/SARIF artifacts.
Q: What should I scan? A: Scan skill markdown/YAML/JSON plus MCP server directories so Aguara can detect cross-file risky flows.