AgentIndex icon
AgentIndex
ToolsCategoriesTrendingNewCompare
Submit Tool
Home/
RAG / Knowledge Base/
aguara
aguara logo

aguara

Active·★ 81·Apache-2.0·Updated 2026-05-29
★ Trending★ Code Assistant★ Security & Safety

Security scanner for AI agent skills & MCP servers. 173 detection rules. 13 categories. 5 registries monitored daily. OpenClaw detection included. No API keys, no cloud, no LLM. One binary. Detection engine behind Oktsec.

Aguara is a security scanner designed for AI agent skills and MCP servers, capable of detecting prompt injection, data exfiltration, and supply-chain attacks before deployment. It performs static analysis with a 4-layer engine and 173 detection rules without requiring API keys, cloud access, or LLMs.

#AI Security#Static Analysis#Prompt Injection#Data Exfiltration#Supply Chain Security#SAST#Go#Developer Tools
$ Install
$ curl -fsSL https://raw.githubusercontent.com/garagon/aguara/main/install.sh | bash
↗ Visit site★ GitHub
01

Features

01173 detection rules across 13 categories, including prompt injection, data exfiltration, and supply-chain attacks.
024-layer analysis engine combining pattern matching, NLP-based markdown analysis, taint tracking, and rug-pull detection.
03Confidence scoring for findings (0.0-1.0) and actionable remediation guidance.
04CI-ready with JSON, SARIF, and Markdown output formats, plus GitHub Action support.
05Supports scanning configurations from 17 MCP clients, including Claude Desktop, Cursor, and VS Code.
02

Compatibility

Go
Runtime
Verified via docs
Docker
Container Platform
Verified via docs
Homebrew
Package Manager
Verified via docs
macOS
Operating System
Verified via docs
Linux
Operating System
Verified via docs
Windows
Operating System
Verified via docs
03

Quick start

1
$ curl -fsSL https://raw.githubusercontent.com/garagon/aguara/main/install.sh | bash
04

Use cases

↳Pre-deployment security scanning of AI agent skills and MCP server configurations.
↳Continuous integration (CI) pipelines for automated security checks on code changes.
↳Auditing and discovery of existing MCP client configurations and potential threats on a machine.
↳Custom rule creation in YAML for project-specific security requirements.
↳Embedding the scanner as a Go library within other tools, like Aguara MCP.
05

Alternatives

mindsdb logo
mindsdb★ 39.2k
Federated Query Engine for AI - The only MCP Server you'll ever need
vs →
Brave Search MCP logo
Brave Search MCP★ 86.5k
Allow your AI Agent to search the real-time internet using Brave Search API. Essential for getting up-to-date information.
vs →
Context7 logo
Context7★ 56.4k
MCP Server that provides up-to-date code documentation for LLMs and AI code editors.
vs →
GitHub MCP Server logo
GitHub MCP Server★ 30.3k
GitHub's official MCP Server. Allows AI agents to interact directly with your GitHub repositories (read files, search code, issues).
vs →
CopilotKit logo
CopilotKit★ 31.8k
React UI + elegant infrastructure for AI Copilots, AI chatbots, and in-app AI agents. The Agentic Frontend.
vs →
genai-toolbox logo
genai-toolbox★ 15.4k
MCP Toolbox for Databases is an open source MCP server for databases.
vs →
Figma-Context-MCP logo
Figma-Context-MCP★ 14.9k
MCP server to provide Figma layout information to AI coding agents like Cursor
vs →
E2B logo
E2B★ 12.4k
Open-source, secure environment with real-world tools for enterprise-grade agents.
vs →
See all alternatives →

Related searches

aguara AlternativesBest RAG / Knowledge Base Tools 2026Open Source RAG / Knowledge Baseaguara Tutorialaguara Vs CompetitorsAI SecurityStatic AnalysisPrompt Injection

Comments

Log in to leave a comment
  • K
    Kai ClarkMay 19, 2026

    Essential for teams deploying MCP servers in production with sensitive data access

  • Parker Rivera
    Parker RiveraMay 18, 2026

    The automated scanning fits well into a CI pipeline for continuous security checks

  • K
    Kai DavisMay 4, 2026

    173 detection rules across 13 categories gives real security coverage for MCP deployments

  • Emerson Chen
    Emerson ChenMar 7, 2026

    Found several prompt injection vulnerabilities in our agent stack that we had missed

On this page
01Features02Compatibility03Quick start04Use cases05Alternatives
Stats
GitHub Stars★ 81
Last commit1d ago
StatusActive
LicenseApache-2.0
CategoryRAG / Knowledge Base
Trend (30d)
+3.2↑ 0.7%
Links
Documentation↗Discussion↗Issues↗Releases↗

Deploy on DigitalOcean — Get $200 Free Credit

Ad
© 2026 AgentIndex.app|Built by a 10-year iOS Developer.
QYSGitHubBuy me a coffee ☕

Browse by Category

Code AssistantWorkflow AutomationRAG / Knowledge BaseMulti-AgentBrowser AutomationLLM InfraDev ToolingObservability

Not affiliated with Anthropic, OpenAI or Microsoft.