aguara
by garagon·★ 77·Score 49
Security scanner for AI agent skills and MCP servers that detects prompt injection, data exfiltration, and supply-chain attacks before deployment.
Overview
Aguara is a comprehensive security scanner specifically designed for AI agent skills and MCP servers. It performs static analysis without requiring API keys, cloud services, or LLM access. The tool includes 193 detection rules across 13 categories, 7 different scan analyzers working together, and 8 decoders for encoded evasion techniques. It offers cross-file toxic flow analysis, aggregate risk scoring, context-aware scanning, and is highly extensible with custom YAML rules. Aguara supports multiple output formats including JSON, SARIF, and Markdown, making it suitable for both development workflows and CI/CD pipelines.
Try asking AI
After installing, here are 3 things you can ask your AI assistant:
When to choose this
Choose Aguara when you need to secure your AI applications by scanning MCP servers and agent skills for vulnerabilities before deployment.
When NOT to choose this
Don't choose Aguara if you're looking for an MCP server itself rather than a security tool for scanning MCP servers.
Comparable tools
Installation
Install Aguara with the following methods:
# Quick install
curl -fsSL https://raw.githubusercontent.com/garagon/aguara/main/install.sh | sh
# Homebrew
brew install garagon/tap/aguara
# Docker
# Scan current directory
docker run --rm -v "$(pwd)":/scan ghcr.io/garagon/aguara scan /scan
# From source
go install github.com/garagon/aguara/cmd/aguara@latestTo use Aguara MCP server (referenced in the README but not fully specified):
Note: MCP server configuration appears to be through Aguara's scanning capabilities rather than exposing MCP tools/resources itself.
On Hacker News
Recent discussion from the developer community.
- Story by garagon · 2026-02-20
Compare aguara with
Last updated · Auto-generated from public README + GitHub signals.