← Back to search

Aguara — Open-Source Security Scanner for AI Agent Skills & MCP Servers

aguarascan.com

Scan AI agent skills and MCP servers for security threats before deployment. 177 detection rules across 13 categories. Free, open-source, 100% local — no API keys, no cloud.

35
Basic
Agentic Readiness Score
Raise this score to 95+
We ship the 6-file GEO uplift as a pull request against your repo. Flat fee, turnaround under 72 hours.
Fix this for $199 →
developer llms-txtai-friendlysecurityapiaihosting

Agentic Signals

📄
llms.txt ↗
Found
🤖
ai-plugin.json
Not found
📖
OpenAPI Spec
Not found
🔗
Structured API
Not found
🛡
AI Bot Access (robots.txt) ↗
Allowed
🏷
Schema.org Markup
Found
MCP Server
Not found

Embed this badge

Show off your agentic readiness — the badge auto-updates when your score changes.

Agentic Ready 35/100 

            

        

        

        
        

            
llms.txt Content

            
# Aguara

> Open-source static security scanner for AI agent skills and MCP servers. 148+ detection rules across 13 categories. Scans skill files, tool schemas, and server configurations for prompt injection, credential exfiltration, supply chain attacks, and more. 100% local, zero dependencies, SARIF output.

## Core Capabilities

- [Security Scanner](https://aguarascan.com/): Static analysis of AI agent skills and MCP server configurations — 148+ rules, 13 threat categories, 3 detection layers (pattern matching, NLP analysis, taint tracking)
- [Auto-Discovery](https://aguarascan.com/blog/how-i-built-semgrep-for-ai-agents/): Automatically discovers and scans MCP server configurations from Claude Desktop, Cursor, Windsurf, and other MCP clients
- [Aguara Watch Observatory](https://aguarascan.com/blog/the-security-flywheel/): Continuous crawling and scanning of 42,655+ skills across 7 registries — live threat intelligence for the MCP ecosystem
- [MCP Server](https://aguarascan.com/): Native MCP tool that gives AI agents direct access to scan, lookup, and threat intelligence capabilities
- [CI/CD Integration](https://aguarascan.com/): SARIF output for GitHub Code Scanning, GitLab SAST, and CI pipeline integration

## Installation

```
go install github.com/aguarascan/aguara@latest
```

## Blog Posts

- [CVEs in Anthropic's Own MCP Servers: When Reference Implementations Teach the Ecosystem to Be Insecure](https://aguarascan.com/blog/anthropic-mcp-server-cves/)
- [Mapping the Agentic AI Attack Surface: How Aguara Detects the Threats Researchers Identified](https://aguarascan.com/blog/agentic-ai-attack-surface-detection-mapping/)
- [Aguara v0.4.0, MCP v0.3.0 & Watch Expansion — Coordinated Release](https://aguarascan.com/blog/v0-4-0-coordinated-release/)
- [Securing Your OpenClaw Setup: 7 Checks + Automated Scanning](https://aguarascan.com/blog/securing-openclaw-setup/)
- [Kali Linux + Claude Desktop: When Offensive Security Meets MCP](https://aguarascan.com/blog/