# Page snapshot

```yaml
- generic [active] [ref=e1]:
  - link "Skip to content" [ref=e2] [cursor=pointer]:
    - /url: "#main-content"
  - navigation "Main navigation" [ref=e3]:
    - generic [ref=e5]:
      - link "PANGUARD AI" [ref=e6] [cursor=pointer]:
        - /url: /
        - generic [ref=e7]: PANGUARD
        - img [ref=e8]
        - generic [ref=e14]: AI
      - generic [ref=e15]:
        - button "Product" [ref=e17] [cursor=pointer]:
          - text: Product
          - img [ref=e18]
        - link "How it Works" [ref=e20] [cursor=pointer]:
          - /url: /how-it-works
        - link "Threat Cloud" [ref=e21] [cursor=pointer]:
          - /url: /threat-cloud
        - link "ATR" [ref=e22] [cursor=pointer]:
          - /url: /atr
        - link "Docs" [ref=e23] [cursor=pointer]:
          - /url: https://docs.panguard.ai
        - link "About" [ref=e24] [cursor=pointer]:
          - /url: /about
        - link "Blog" [ref=e25] [cursor=pointer]:
          - /url: /blog
        - link "Community" [ref=e26] [cursor=pointer]:
          - /url: https://github.com/Agent-Threat-Rule/agent-threat-rules
      - generic [ref=e27]:
        - generic [ref=e28]:
          - button "EN" [ref=e29] [cursor=pointer]
          - button "中文" [ref=e30] [cursor=pointer]
        - link "GitHub" [ref=e31] [cursor=pointer]:
          - /url: https://github.com/panguard-ai/panguard-ai
          - img [ref=e32]
          - text: GitHub
        - link "Install" [ref=e34] [cursor=pointer]:
          - /url: https://docs.panguard.ai/quickstart
  - main [ref=e35]:
    - paragraph [ref=e36]: Panguard AI provides the first Skills Audit for AI agents. It audits every skill before it runs, catches known threats with community ATR (Agent Threat Rules), catches unknown threats with AI analysis, and shares new rules to protect everyone. MIT licensed. Open source.
    - generic [ref=e38]:
      - img [ref=e40]
      - generic [ref=e46]:
        - heading "AI agents have full system access. Every app gets reviewed before you install it. AI skills should too." [level=1] [ref=e47]:
          - text: AI agents have full system access.
          - text: Every app gets reviewed before you install it.
          - text: AI skills should too.
        - paragraph [ref=e48]: AI agents can read your files, run commands, and access your credentials. But unlike mobile apps, there's no review process before a skill runs on your machine.
        - paragraph [ref=e49]: ATR -- the first open review standard for AI skills. Like App Store review, but for agents.
      - generic [ref=e50]:
        - paragraph [ref=e51]: Check any MCP skill before you install
        - generic [ref=e52]:
          - generic [ref=e53]:
            - img [ref=e54]
            - textbox "github.com/modelcontextprotocol/servers" [ref=e59]
          - button "Scan" [disabled] [ref=e60]:
            - img [ref=e61]
            - text: Scan
        - paragraph [ref=e66]: Scans run server-side. No code is stored. Only content hash is cached.
        - paragraph [ref=e67]: "Paste any GitHub skill URL. You'll see: risk score, what it accesses, and whether it's safe to install. Findings are shared with the community to generate protection rules for everyone."
      - generic [ref=e69]:
        - generic [ref=e72]: 2,386 skills scanned
        - generic [ref=e75]: 1,167 threats found
        - generic [ref=e78]: 61 ATR rules generated
    - generic [ref=e80]:
      - generic [ref=e81]:
        - paragraph [ref=e82]: REAL DATA
        - heading "We scanned 2,386 MCP Skills" [level=2] [ref=e83]
        - paragraph [ref=e84]: From 4,648 registry entries across 3 sources. Here's what we found.
      - generic [ref=e85]:
        - generic [ref=e86]:
          - paragraph [ref=e87]: 51.1%
          - paragraph [ref=e88]: SAFE
          - paragraph [ref=e89]: 1,219 skills
        - generic [ref=e90]:
          - paragraph [ref=e91]: 16.8%
          - paragraph [ref=e92]: CRITICAL
          - paragraph [ref=e93]: 402 skills
        - generic [ref=e94]:
          - paragraph [ref=e95]: 10.1%
          - paragraph [ref=e96]: HIGH
          - paragraph [ref=e97]: 240 skills
        - generic [ref=e98]:
          - paragraph [ref=e99]: 12.5%
          - paragraph [ref=e100]: MEDIUM
          - paragraph [ref=e101]: 299 skills
      - generic [ref=e102]:
        - heading "What CRITICAL means in practice" [level=3] [ref=e103]
        - generic [ref=e104]:
          - generic [ref=e105]:
            - generic [ref=e106]: CRITICAL
            - paragraph [ref=e107]: Read ~/.ssh/id_rsa and exfiltrate private keys
          - generic [ref=e108]:
            - generic [ref=e109]: CRITICAL
            - paragraph [ref=e110]: Send API keys to external servers
          - generic [ref=e111]:
            - generic [ref=e112]: CRITICAL
            - paragraph [ref=e113]: Inject malicious instructions into prompts
          - generic [ref=e114]:
            - generic [ref=e115]: HIGH
            - paragraph [ref=e116]: Silently modify git commits
        - paragraph [ref=e117]: This is why every skill needs an audit before it runs.
    - generic [ref=e119]:
      - generic [ref=e121]:
        - paragraph [ref=e122]: THE GAP
        - heading "Traditional security can't see AI agent threats" [level=2] [ref=e123]
        - paragraph [ref=e124]: CrowdStrike protects your OS. Snyk protects your code. Lakera filters prompts. Nobody protects your AI agent.
      - generic [ref=e126]:
        - generic [ref=e127]:
          - paragraph [ref=e128]: "Traditional security sees:"
          - list [ref=e129]:
            - listitem [ref=e130]:
              - img [ref=e131]
              - text: Process execution, file access, network calls
            - listitem [ref=e133]:
              - img [ref=e134]
              - text: Malware signatures, ransomware patterns
            - listitem [ref=e136]:
              - img [ref=e137]
              - text: Known CVEs in installed packages
        - generic [ref=e139]:
          - paragraph [ref=e140]: "But completely misses:"
          - list [ref=e141]:
            - listitem [ref=e142]:
              - img [ref=e143]
              - text: Prompt injection in agent conversations
            - listitem [ref=e146]:
              - img [ref=e147]
              - text: Malicious MCP skill definitions
            - listitem [ref=e150]:
              - img [ref=e151]
              - text: Credential theft via agent tool calls
            - listitem [ref=e154]:
              - img [ref=e155]
              - text: Supply chain attacks via skill packages
      - generic [ref=e158]:
        - table [ref=e160]:
          - rowgroup [ref=e161]:
            - row "Capability PanGuard CrowdStrike Snyk Lakera" [ref=e162]:
              - columnheader "Capability" [ref=e163]
              - columnheader "PanGuard" [ref=e164]
              - columnheader "CrowdStrike" [ref=e165]
              - columnheader "Snyk" [ref=e166]
              - columnheader "Lakera" [ref=e167]
          - rowgroup [ref=e168]:
            - row "AI agent threat detection partial" [ref=e169]:
              - cell "AI agent threat detection" [ref=e170]
              - cell [ref=e171]:
                - img [ref=e172]
              - cell [ref=e174]:
                - img [ref=e175]
              - cell [ref=e178]:
                - img [ref=e179]
              - cell "partial" [ref=e182]
            - row "MCP skill pre-install audit" [ref=e183]:
              - cell "MCP skill pre-install audit" [ref=e184]
              - cell [ref=e185]:
                - img [ref=e186]
              - cell [ref=e188]:
                - img [ref=e189]
              - cell [ref=e192]:
                - img [ref=e193]
              - cell [ref=e196]:
                - img [ref=e197]
            - row "Prompt injection detection 21 ATR rules" [ref=e200]:
              - cell "Prompt injection detection" [ref=e201]
              - cell "21 ATR rules" [ref=e202]
              - cell [ref=e203]:
                - img [ref=e204]
              - cell [ref=e207]:
                - img [ref=e208]
              - cell [ref=e211]:
                - img [ref=e212]
            - row "Runtime agent monitoring 24/7 daemon Endpoints only" [ref=e214]:
              - cell "Runtime agent monitoring" [ref=e215]
              - cell "24/7 daemon" [ref=e216]
              - cell "Endpoints only" [ref=e217]
              - cell [ref=e218]:
                - img [ref=e219]
              - cell [ref=e222]:
                - img [ref=e223]
            - row "Cost $0 (MIT) $25-60/ep/mo Free tier+ Paid" [ref=e226]:
              - cell "Cost" [ref=e227]
              - cell "$0 (MIT)" [ref=e228]
              - cell "$25-60/ep/mo" [ref=e229]
              - cell "Free tier+" [ref=e230]
              - cell "Paid" [ref=e231]
        - paragraph [ref=e232]: PanGuard fills the gap with 61 detection rules. Open source. Free forever.
    - generic [ref=e234]:
      - generic [ref=e235]:
        - paragraph [ref=e236]: OPEN STANDARD
        - heading "The AI era needs a new audit standard" [level=2] [ref=e237]
        - paragraph [ref=e238]: ATR (Agent Threat Rules) is purpose-built for AI agent threats. The first open detection standard for AI agent security.
      - generic [ref=e239]:
        - generic [ref=e240]:
          - paragraph [ref=e241]: "61"
          - paragraph [ref=e242]: Detection Rules
        - generic [ref=e243]:
          - paragraph [ref=e244]: "9"
          - paragraph [ref=e245]: Threat Categories
        - generic [ref=e246]:
          - paragraph [ref=e247]: 474+
          - paragraph [ref=e248]: Detection Patterns
      - generic [ref=e249]:
        - generic [ref=e250]:
          - generic [ref=e251]: Prompt Injection
          - generic [ref=e252]: "21"
        - generic [ref=e253]:
          - generic [ref=e254]: Tool Poisoning
          - generic [ref=e255]: "6"
        - generic [ref=e256]:
          - generic [ref=e257]: Data Exfiltration
          - generic [ref=e258]: "7"
        - generic [ref=e259]:
          - generic [ref=e260]: Credential Theft
          - generic [ref=e261]: "5"
        - generic [ref=e262]:
          - generic [ref=e263]: Excessive Autonomy
          - generic [ref=e264]: "4"
        - generic [ref=e265]:
          - generic [ref=e266]: Context Manipulation
          - generic [ref=e267]: "3"
        - generic [ref=e268]:
          - generic [ref=e269]: Model Security
          - generic [ref=e270]: "2"
        - generic [ref=e271]:
          - generic [ref=e272]: Multi-Agent Threats
          - generic [ref=e273]: "2"
        - generic [ref=e274]:
          - generic [ref=e275]: Agent Manipulation
          - generic [ref=e276]: "2"
      - generic [ref=e277]:
        - paragraph [ref=e278]: Open source. Community-driven. Growing daily.
        - link "View ATR on GitHub" [ref=e279] [cursor=pointer]:
          - /url: https://github.com/Agent-Threat-Rule/agent-threat-rules
          - text: View ATR on GitHub
          - img [ref=e280]
    - generic [ref=e285]:
      - generic [ref=e286]:
        - paragraph [ref=e287]: THREE LAYERS OF DEFENSE
        - heading "Pre-deployment audit. Runtime protection. Community intelligence." [level=2] [ref=e288]
        - paragraph [ref=e289]: Each layer feeds the next. Together, they form a closed-loop defense that gets stronger with every user.
      - generic [ref=e290]:
        - generic [ref=e291]:
          - generic [ref=e292]:
            - generic [ref=e293]:
              - img [ref=e295]
              - generic [ref=e298]:
                - paragraph [ref=e299]: PRE-DEPLOYMENT
                - heading "Skill Auditor" [level=3] [ref=e300]
            - paragraph [ref=e301]: Static analysis engine that scans MCP skills and AI agent tools before they run. Detects prompt injection, credential theft, data exfiltration, and 6 more threat categories using ATR pattern matching.
            - generic [ref=e302]:
              - generic [ref=e303]:
                - img [ref=e304]
                - generic [ref=e308]: 61 ATR rules with 474 detection patterns across 9 categories
              - generic [ref=e309]:
                - img [ref=e310]
                - generic [ref=e313]: "Secret detection: AWS keys, GitHub tokens, private keys, API secrets"
              - generic [ref=e314]:
                - img [ref=e315]
                - generic [ref=e317]: YAML manifest validation + permission scope analysis
            - generic [ref=e318]:
              - generic [ref=e319]:
                - paragraph [ref=e320]: "61"
                - paragraph [ref=e321]: ATR Rules
              - generic [ref=e322]:
                - paragraph [ref=e323]: "8"
                - paragraph [ref=e324]: Audit Checks
              - generic [ref=e325]:
                - paragraph [ref=e326]: <3s
                - paragraph [ref=e327]: Scan Time
          - link "Learn about Skill Auditor" [ref=e328] [cursor=pointer]:
            - /url: /product/skill-auditor
            - text: Learn about Skill Auditor
            - img [ref=e329]
        - generic [ref=e331]:
          - generic [ref=e332]:
            - generic [ref=e333]:
              - img [ref=e335]
              - generic [ref=e337]:
                - paragraph [ref=e338]: RUNTIME
                - heading "Guard" [level=3] [ref=e339]
            - paragraph [ref=e340]: Once installed, you never have to think about AI security again. Guard watches everything your agents do -- every file they touch, every network call they make, every dependency they install. If something looks wrong, it's blocked before any damage happens.
            - generic [ref=e341]:
              - generic [ref=e342]:
                - img [ref=e343]
                - generic [ref=e348]: Watches your secrets (.env, SSH keys, API tokens) -- alerts instantly if anything tries to read them
              - generic [ref=e349]:
                - img [ref=e350]
                - generic [ref=e354]: Monitors dependencies and git repos -- catches supply chain attacks and unauthorized code changes
              - generic [ref=e355]:
                - img [ref=e356]
                - generic [ref=e358]: Tracks every process your AI agents spawn -- suspicious commands are blocked automatically
            - generic [ref=e359]:
              - generic [ref=e360]:
                - paragraph [ref=e361]: "61"
                - paragraph [ref=e362]: Detection Rules
              - generic [ref=e363]:
                - paragraph [ref=e364]: "3"
                - paragraph [ref=e365]: Detection Layers
              - generic [ref=e366]:
                - paragraph [ref=e367]: "11"
                - paragraph [ref=e368]: Response Actions
          - link "Learn about Guard" [ref=e369] [cursor=pointer]:
            - /url: /product/guard
            - text: Learn about Guard
            - img [ref=e370]
        - generic [ref=e372]:
          - generic [ref=e373]:
            - generic [ref=e374]:
              - img [ref=e376]
              - generic [ref=e378]:
                - paragraph [ref=e379]: COMMUNITY
                - heading "Threat Cloud" [level=3] [ref=e380]
            - paragraph [ref=e381]: Anonymous threat intelligence network. When one user detects a threat, the finding is proposed as an ATR rule, reviewed by community + LLM consensus, then distributed to all users. Collective immunity.
            - generic [ref=e382]:
              - generic [ref=e383]:
                - img [ref=e384]
                - generic [ref=e389]: Anonymous uploads — no personal data, file contents, or source code sent
              - generic [ref=e390]:
                - img [ref=e391]
                - generic [ref=e394]: LLM-assisted review + 3-report consensus for rule promotion
              - generic [ref=e395]:
                - img [ref=e396]
                - generic [ref=e401]: Hourly sync pushes new rules to all connected Guard instances
            - generic [ref=e402]:
              - generic [ref=e403]:
                - paragraph [ref=e404]: "225"
                - paragraph [ref=e405]: Auto-Generated Rules
              - generic [ref=e406]:
                - paragraph [ref=e407]: 1h
                - paragraph [ref=e408]: Sync Interval
              - generic [ref=e409]:
                - paragraph [ref=e410]: MIT
                - paragraph [ref=e411]: License
          - link "Learn about Threat Cloud" [ref=e412] [cursor=pointer]:
            - /url: /threat-cloud
            - text: Learn about Threat Cloud
            - img [ref=e413]
    - generic [ref=e417]:
      - heading "The more people install, the safer everyone gets." [level=2] [ref=e419]
      - generic [ref=e420]:
        - generic [ref=e422]:
          - img [ref=e424]
          - generic [ref=e426]: Install
          - generic [ref=e427]: ›
        - generic [ref=e429]:
          - img [ref=e431]
          - generic [ref=e434]: Review
          - generic [ref=e435]: ›
        - generic [ref=e437]:
          - img [ref=e439]
          - generic [ref=e442]: Catch
          - generic [ref=e443]: ›
        - generic [ref=e445]:
          - img [ref=e447]
          - generic [ref=e450]: Generate
          - generic [ref=e451]: ›
        - generic [ref=e453]:
          - img [ref=e455]
          - generic [ref=e458]: Share
          - generic [ref=e459]: ›
        - generic [ref=e461]:
          - img [ref=e463]
          - generic [ref=e466]: Stronger
      - generic [ref=e468]:
        - paragraph [ref=e469]: Blocked threats are auto-converted into new detection rules.
        - paragraph [ref=e470]: Rules are anonymously shared to Threat Cloud for all users.
        - paragraph [ref=e471]: The more people install, the faster threats are caught. Collective immunity.
    - generic [ref=e473]:
      - generic [ref=e474]:
        - paragraph [ref=e475]: 24/7 PROTECTION
        - heading "Done scanning? One command, always protected." [level=2] [ref=e476]
        - paragraph [ref=e477]: Guard monitors your AI agents in real-time. 61 detection rules. Auto-blocks known threats. Your agent becomes a defender for the entire network.
      - generic [ref=e479]:
        - generic [ref=e480]: $
        - code [ref=e481]: npx panguard setup
        - button "Copy install command" [ref=e482] [cursor=pointer]:
          - img [ref=e483]
      - generic [ref=e486]:
        - generic [ref=e487]: Claude Code
        - generic [ref=e488]: Claude Desktop
        - generic [ref=e489]: Cursor
        - generic [ref=e490]: OpenClaw
        - generic [ref=e491]: Codex
        - generic [ref=e492]: WorkBuddy
        - generic [ref=e493]: NemoClaw
        - generic [ref=e494]: ArkClaw
      - generic [ref=e495]:
        - link "Install Guide" [ref=e496] [cursor=pointer]:
          - /url: https://docs.panguard.ai/quickstart
          - text: Install Guide
          - img [ref=e497]
        - link "Star on GitHub" [ref=e499] [cursor=pointer]:
          - /url: https://github.com/panguard-ai/panguard-ai
          - img [ref=e500]
          - text: Star on GitHub
    - generic [ref=e503]:
      - heading "Start with a scan. Stay for the protection." [level=2] [ref=e505]
      - paragraph [ref=e507]: 100% free. 100% open source. MIT licensed.
      - generic [ref=e509]:
        - button "Scan a Skill Now" [ref=e510] [cursor=pointer]:
          - img [ref=e511]
          - text: Scan a Skill Now
        - generic [ref=e513]:
          - img [ref=e514]
          - code [ref=e516]: curl -fsSL https://get.panguard.ai | bash
        - link "Star on GitHub" [ref=e517] [cursor=pointer]:
          - /url: https://github.com/panguard-ai/panguard-ai
          - img [ref=e518]
          - text: Star on GitHub
      - paragraph [ref=e521]: Every scan makes the community safer. Join the collective defense network.
  - contentinfo [ref=e522]:
    - generic [ref=e523]:
      - generic [ref=e524]:
        - generic [ref=e525]:
          - link "PANGUARD AI" [ref=e526] [cursor=pointer]:
            - /url: /
            - generic [ref=e527]: PANGUARD
            - img [ref=e528]
            - generic [ref=e534]: AI
          - paragraph [ref=e535]: Your AI Security Guard. One command to install. AI protects everything.
          - generic [ref=e536]:
            - link "GitHub" [ref=e537] [cursor=pointer]:
              - /url: https://github.com/panguard-ai/panguard-ai
              - img [ref=e538]
            - link "Twitter" [ref=e541] [cursor=pointer]:
              - /url: https://x.com/panguard_ai
              - img [ref=e542]
            - link "LinkedIn" [ref=e544] [cursor=pointer]:
              - /url: https://linkedin.com/company/panguard-ai
              - img [ref=e545]
        - generic [ref=e549]:
          - paragraph [ref=e550]: Product
          - list [ref=e551]:
            - listitem [ref=e552]:
              - link "Skill Auditor" [ref=e553] [cursor=pointer]:
                - /url: /product/skill-auditor
            - listitem [ref=e554]:
              - link "Guard" [ref=e555] [cursor=pointer]:
                - /url: /product/guard
            - listitem [ref=e556]:
              - link "Scan" [ref=e557] [cursor=pointer]:
                - /url: /product/scan
            - listitem [ref=e558]:
              - link "MCP Server" [ref=e559] [cursor=pointer]:
                - /url: /product/mcp
            - listitem [ref=e560]:
              - link "Threat Cloud" [ref=e561] [cursor=pointer]:
                - /url: /threat-cloud
            - listitem [ref=e562]:
              - link "ATR Standard" [ref=e563] [cursor=pointer]:
                - /url: https://github.com/Agent-Threat-Rule/agent-threat-rules
            - listitem [ref=e564]:
              - link "ATR" [ref=e565] [cursor=pointer]:
                - /url: /atr
        - generic [ref=e566]:
          - paragraph [ref=e567]: Company
          - list [ref=e568]:
            - listitem [ref=e569]:
              - link "About" [ref=e570] [cursor=pointer]:
                - /url: /about
            - listitem [ref=e571]:
              - link "Blog" [ref=e572] [cursor=pointer]:
                - /url: /blog
            - listitem [ref=e573]:
              - link "Contact" [ref=e574] [cursor=pointer]:
                - /url: /contact
        - generic [ref=e575]:
          - paragraph [ref=e576]: Resources
          - list [ref=e577]:
            - listitem [ref=e578]:
              - link "Documentation" [ref=e579] [cursor=pointer]:
                - /url: /docs
            - listitem [ref=e580]:
              - link "CLI Reference" [ref=e581] [cursor=pointer]:
                - /url: /docs/cli
            - listitem [ref=e582]:
              - link "GitHub" [ref=e583] [cursor=pointer]:
                - /url: https://github.com/panguard-ai/panguard-ai
            - listitem [ref=e584]:
              - link "Contribute" [ref=e585] [cursor=pointer]:
                - /url: https://github.com/Agent-Threat-Rule/agent-threat-rules
            - listitem [ref=e586]:
              - link "Open Source" [ref=e587] [cursor=pointer]:
                - /url: /open-source
            - listitem [ref=e588]:
              - link "Compliance" [ref=e589] [cursor=pointer]:
                - /url: /compliance
            - listitem [ref=e590]:
              - link "Security" [ref=e591] [cursor=pointer]:
                - /url: /security
        - generic [ref=e592]:
          - paragraph [ref=e593]: Legal
          - list [ref=e594]:
            - listitem [ref=e595]:
              - link "Privacy Policy" [ref=e596] [cursor=pointer]:
                - /url: /legal/privacy
            - listitem [ref=e597]:
              - link "Terms of Service" [ref=e598] [cursor=pointer]:
                - /url: /legal/terms
            - listitem [ref=e599]:
              - link "Cookie Policy" [ref=e600] [cursor=pointer]:
                - /url: /legal/cookies
            - listitem [ref=e601]:
              - link "Trust Center" [ref=e602] [cursor=pointer]:
                - /url: /trust
      - paragraph [ref=e604]: © 2026 Panguard AI, Inc. All rights reserved.
  - button "Open Next.js Dev Tools" [ref=e610] [cursor=pointer]:
    - img [ref=e611]
  - alert [ref=e614]
  - dialog "Cookie consent" [ref=e615]:
    - generic [ref=e616]:
      - paragraph [ref=e617]:
        - text: We use cookies to improve your experience and analyze site usage. You can accept all cookies or choose essential-only.
        - link "Cookie Policy" [ref=e618] [cursor=pointer]:
          - /url: /legal/cookies
      - generic [ref=e619]:
        - button "Accept All" [ref=e620] [cursor=pointer]
        - button "Essential Only" [ref=e621] [cursor=pointer]
```