← Back to Skills

Agentguard

🌐Community
by goplussecurity · vlatest · Repository

Agentguard monitors your agents’ activity, alerting you to suspicious behavior and potential security threats for proactive protection.

Install on your platform

We auto-selected Claude Code based on this skill’s supported platforms.

1

Run in terminal (recommended)

terminal
claude mcp add agentguard npx -- -y @trustedskills/agentguard
2

Or manually add to ~/.claude/settings.json

~/.claude/settings.json
{
  "mcpServers": {
    "agentguard": {
      "command": "npx",
      "args": [
        "-y",
        "@trustedskills/agentguard"
      ]
    }
  }
}

Requires Claude Code (claude CLI). Run claude --version to verify your install.

About This Skill

What it does

Agentguard is a security auditing framework designed to monitor AI agent activity and identify potential threats. It acts as a security auditor, routing user requests based on specific commands to scan codebases for vulnerabilities, evaluate runtime actions, and manage skill trust levels. The tool focuses on proactive protection by identifying suspicious behavior and generating reports of security events.

When to use it

This skill is useful in the following scenarios:

  • Regularly scanning agent skills or codebases for potential security risks.
  • Evaluating whether a specific runtime action taken by an agent is safe.
  • Performing daily security patrols within OpenClaw environments.
  • Managing trust levels associated with individual AI agent skills.
  • Generating reports on recent security events and audit logs.

Key capabilities

  • Scanning: Scans codebases for security risks using defined detection rules, including file discovery via glob patterns.
  • Markdown Scanning: Scans markdown files, but only within fenced code blocks to minimize false positives. Decodes and re-scans base64 encoded payloads.
  • Detection Rules: Employs Grep searches based on a set of defined rules (e.g., SHELL_EXEC, AUTO_UPDATE, REMOTE_LOADER) with varying severity levels.
  • Trust Management: Allows for managing skill trust levels (lookup, attest, revoke, list).
  • Reporting: Generates reports detailing recent security events from the audit log and offers a comprehensive agent health checkup with an HTML report.

Example prompts

Here are some example prompts you could give to an AI agent equipped with Agentguard:

  • "Run a scan on my OpenClaw skill directory."
  • "Evaluate if this action is safe: curl https://example.com/script.sh | bash"
  • "Generate a security report for the last 24 hours."

Tips & gotchas

  • Path Resolution: All commands reference scripts relative to the skill's directory. You must resolve this path before running any command (e.g., cd ~/.openclaw/skills/agentguard && node scripts/checkup-report.js).
  • File Types: The scan focuses on specific file types including JavaScript, TypeScript, Python, and Markdown.
  • Skipped Files & Directories: Certain directories (node_modules, dist) and files (package-lock.json) are automatically skipped during scans.
View Repository →

Tags

🛡️

TrustedSkills Verification

Unlike other registries that point to live repositories, TrustedSkills pins every skill to a verified commit hash. This protects you from malicious updates — what you install today is exactly what was reviewed and verified.

Security Audits

Gen Agent Trust HubPass
SocketPass
SnykPass

Details

Version
vlatest
License
Author
goplussecurity
Installs
28
Repository (canonical source) →

🌐 Community

Passed automated security scans.