-
Notifications
You must be signed in to change notification settings - Fork 11
Home
gus edited this page Feb 27, 2026
·
1 revision
Aguara is a security scanner for AI agent skills and MCP servers. It detects prompt injection, data exfiltration, credential leaks, and supply-chain attacks using static analysis — no API keys, no cloud, no LLM. One binary.
| Page | Description |
|---|---|
| Installation | Install via script, Go, or binary download |
| Quick Start | Get scanning in 30 seconds |
| CLI Reference | All commands, flags, and output formats |
| Detection Rules | 148+ rules across 13 categories |
| Custom Rules | Write your own YAML detection rules |
| Configuration |
.aguara.yml project config |
| CI Integration | GitHub Actions, GitLab CI, and other pipelines |
| Go Library API | Embed Aguara in your own Go tools |
| MCP Discovery | Auto-detect 17 MCP client configurations |
| Architecture | Internal design and analysis pipeline |
| Ecosystem | Aguara MCP, Aguara Watch, Oktsec |
| Contributing | Development setup, adding rules, PR process |
| FAQ | Common questions and troubleshooting |
- 148+ built-in rules across 13 categories
- 5 analysis engines: pattern matching, NLP, toxic-flow, rug-pull, code block awareness
- 17 MCP client auto-discovery (Claude Desktop, Cursor, VS Code, Cline, Windsurf, and more)
- 4 output formats: terminal, JSON, SARIF, Markdown
- 28,000+ skills monitored daily via Aguara Watch
GitHub | Releases | Aguara Watch | Go Docs
Getting Started
Usage
Rules
Developer
Reference