aguara MCP工具 是 AI Skill Hub 本期精选MCP工具之一。综合评分 8.0 分,整体质量较高。我们强烈推荐将其纳入你的 AI 工具库,帮助提升工作效率。
专为AI代理和MCP服务器设计的开源安全扫描工具。通过静态分析检测技能配置漏洞、数据泄露风险和安全隐患,帮助开发者和安全团队加强AI系统防护。适合关注AI安全的开发者、DevSecOps工程师和企业安全团队使用。
aguara MCP工具 是一款遵循 MCP(Model Context Protocol)标准协议的 AI 工具扩展。通过 MCP 协议,它可以让 Claude、Cursor 等主流 AI 客户端直接访问和操作外部工具、数据源和服务,实现 AI 能力的无缝扩展。无论是文件操作、数据库查询还是 API 调用,都可以通过自然语言在 AI 对话中直接触发,极大提升生产效率。
专为AI代理和MCP服务器设计的开源安全扫描工具。通过静态分析检测技能配置漏洞、数据泄露风险和安全隐患,帮助开发者和安全团队加强AI系统防护。适合关注AI安全的开发者、DevSecOps工程师和企业安全团队使用。
aguara MCP工具 是一款遵循 MCP(Model Context Protocol)标准协议的 AI 工具扩展。通过 MCP 协议,它可以让 Claude、Cursor 等主流 AI 客户端直接访问和操作外部工具、数据源和服务,实现 AI 能力的无缝扩展。无论是文件操作、数据库查询还是 API 调用,都可以通过自然语言在 AI 对话中直接触发,极大提升生产效率。
# 方式一:通过 Claude Code CLI 一键安装
claude skill install https://github.com/garagon/aguara
# 方式二:手动配置 claude_desktop_config.json
{
"mcpServers": {
"aguara-mcp--": {
"command": "npx",
"args": ["-y", "aguara"]
}
}
}
# 配置文件位置
# macOS: ~/Library/Application Support/Claude/claude_desktop_config.json
# Windows: %APPDATA%/Claude/claude_desktop_config.json
# 安装后在 Claude 对话中直接使用 # 示例: 用户: 请帮我用 aguara MCP工具 执行以下任务... Claude: [自动调用 aguara MCP工具 MCP 工具处理请求] # 查看可用工具列表 # 在 Claude 中输入:"列出所有可用的 MCP 工具"
// claude_desktop_config.json 配置示例
{
"mcpServers": {
"aguara_mcp__": {
"command": "npx",
"args": ["-y", "aguara"],
"env": {
// "API_KEY": "your-api-key-here"
}
}
}
}
// 保存后重启 Claude Desktop 生效
<p align="center"> <h1 align="center">Aguara</h1> <p align="center"> Open source security engine for AI agent and supply-chain trust. <br /> Aguara checks the things modern projects and agents are about to trust: packages, lockfiles, install scripts, MCP configs, CI workflows, and agent tools. It runs locally, deterministically, and before execution. </p> </p>
<p align="center"> <a href="https://github.com/garagon/aguara/actions/workflows/ci.yml"><img src="https://github.com/garagon/aguara/actions/workflows/ci.yml/badge.svg" alt="CI"></a> <a href="https://codecov.io/gh/garagon/aguara"><img src="https://codecov.io/gh/garagon/aguara/branch/main/graph/badge.svg" alt="Coverage"></a> <a href="https://goreportcard.com/report/github.com/garagon/aguara"><img src="https://goreportcard.com/badge/github.com/garagon/aguara" alt="Go Report Card"></a> <a href="https://pkg.go.dev/github.com/garagon/aguara"><img src="https://pkg.go.dev/badge/github.com/garagon/aguara.svg" alt="Go Reference"></a> <a href="https://github.com/garagon/aguara/releases"><img src="https://img.shields.io/github/v/release/garagon/aguara" alt="GitHub Release"></a> <a href="LICENSE"><img src="https://img.shields.io/github/license/garagon/aguara" alt="License"></a> <a href="https://github.com/garagon/aguara/stargazers"><img src="https://img.shields.io/github/stars/garagon/aguara?style=flat" alt="GitHub Stars"></a> <a href="https://github.com/garagon/aguara/blob/main/Dockerfile"><img src="https://img.shields.io/badge/docker-ghcr.io%2Fgaragon%2Faguara-blue?logo=docker" alt="Docker"></a> <a href="#installation"><img src="https://img.shields.io/badge/homebrew-garagon%2Ftap-orange" alt="Homebrew"></a> </p>
<p align="center"> <a href="#why-aguara">Why Aguara</a> • <a href="#what-aguara-checks">What it checks</a> • <a href="#quick-start">Quick Start</a> • <a href="#before-install-before-delegation-before-ci">Before install / delegation / CI</a> • <a href="#threat-intel">Threat intel</a> • <a href="#behavioral-detection">Behavioral detection</a> • <a href="#adopting-aguara-in-ci">CI adoption</a> • <a href="#installation">Install</a> </p>
https://github.com/user-attachments/assets/851333be-048f-48fa-aaf3-f8cc1d4aa594
No SaaS account. No telemetry. No LLM calls. Signed releases. Signed threat intel.
Aguara is organized around the moments where trust is granted.
aguara check . answers: does this project depend on a package version already known to be malicious? It reads resolved lockfiles where it has parsers, so a freshly cloned project can be checked before any install runs:
git clone <repo>
cd <repo>
aguara check . # reads pnpm-lock.yaml / go.sum / Cargo.lock / ... directly
It also matches installed package trees (node_modules, the pnpm .pnpm store, Python site-packages) so existing projects and CI workspaces can be audited after the fact.
docker run --rm -v "$PWD:/repo:ro" ghcr.io/garagon/aguara:0.27.0 check /repo
Multi-arch (linux/amd64 + linux/arm64), runs as non-root UID 10001, base images digest-pinned, and signed at the digest with Cosign plus SPDX SBOM and SLSA provenance attestations. Pin a specific release tag for reproducibility.
curl -fsSL https://raw.githubusercontent.com/garagon/aguara/main/install.sh \
| VERSION=v0.27.0 sh
install.sh downloads checksums.txt and verifies the archive's SHA256 against it, aborting if neither sha256sum nor shasum is available. This catches a tampered archive at the registry layer but does not verify the Cosign signature on checksums.txt itself; for full keyless-signature verification on the curl-pipe path, follow the Cosign step in Verifying signed releases. Default install location is ~/.local/bin; override with INSTALL_DIR for CI or containers.
```bash
aguara scan --auto
A cloned repo can ship a .claude/settings.json that Claude Code loads when you open it. After the one-time workspace-trust prompt, its hooks and credential helpers run automatically (a SessionStart hook fires on session open), it can inject environment variables into every subprocess, and it can pre-disable the tool-approval prompt - all from a checked-in file. The agent-policy analyzer reads that file and flags what is dangerous to inherit from someone else's repo:
| Finding | Severity | What it catches |
|---|---|---|
| Hook downloads and executes remote code | CRITICAL | a hook command piping a network fetch into a shell (curl \| sh), run automatically on session open |
| Code-execution environment variable | HIGH | env setting NODE_OPTIONS --require, LD_PRELOAD, BASH_ENV, and similar |
| Permissions default to bypass | HIGH | defaultMode: "bypassPermissions" shipped in the repo |
| MCP servers auto-approved | MEDIUM | enableAllProjectMcpServers: true |
| Dangerous command pre-approved | MEDIUM | allow rules like Bash(*) or Bash(curl *) |
| Secret read pre-approved | MEDIUM | allow rules over .env, ~/.ssh, ~/.aws, private keys |
| Repo-shipped credential helper | MEDIUM | apiKeyHelper / awsAuthRefresh pointing at a repo-relative script |
| Auto-approving default mode | LOW | defaultMode: "acceptEdits" / "auto" shipped in the repo |
The analyzer judges the dangerous shape of a value, never the mere presence of hooks or permissions (both normal). A benign config with narrow allow rules and local hooks stays quiet.
Create .aguara.yml in your project root:
severity: medium
fail_on: high
ignore:
- "vendor/**"
- "node_modules/**"
rule_overrides:
CRED_004: { severity: low }
EXTDL_004: { disabled: true }
TC-005: { apply_to_tools: ["Bash"] } # only enforce on Bash
MCPCFG_004: { exempt_tools: ["WebFetch"] } # enforce on all except WebFetch
Suppress individual findings inline with # aguara-ignore RULE_ID (also -next-line, HTML/// comment variants).
aguara check .
aguara audit . --ci
| Output / Integration | How |
|---|---|
| Terminal | --format terminal (default): color, severity dashboard, top-files chart |
| JSON | --format json: machine processing, API integration |
| SARIF | --format sarif: GitHub Code Scanning, IDE / SAST dashboards |
| Markdown | --format markdown: GitHub Actions job summaries, PR comments |
| Go library | import "github.com/garagon/aguara" — Scan, ScanContent, Discover, ListRules, ExplainRule |
| MCP server | [Aguara MCP](https://github.com/garagon/mcp-aguara): lets an agent call Aguara before it installs or trusts a tool |
A short Go example:
import "github.com/garagon/aguara"
result, err := aguara.Scan(ctx, "./skills/")
result, err = aguara.ScanContent(ctx, content, "skill.md") // no disk I/O, NFKC-normalized
detail, err := aguara.ExplainRule("PROMPT_INJECTION_001")
GitHub Code Scanning, GitLab SAST, and plain Docker-in-CI examples are below.
```yaml
針對AI系統安全的专业工具,填补MCP服务器安全检测空白。代码质量好,社区活跃度有待提升。Go语言性能优秀,值得AI安全践行者采用。
AI Skill Hub 为第三方内容聚合平台,本页面信息基于公开数据整理,不对工具功能和质量作任何法律背书。
建议在沙箱或测试环境中充分验证后,再部署至生产环境,并做好必要的安全评估。
✅ Apache 2.0 — 宽松开源协议,可商用,需保留版权声明和 NOTICE 文件,含专利授权条款。
经综合评估,aguara MCP工具 在MCP工具赛道中表现稳健,质量优秀。如果你已有明确的使用需求,可以直接上手体验;如果还在评估阶段,建议对比同类工具后再做决策。
| 原始名称 | aguara |
| 原始描述 | 开源MCP工具:Security scanner for AI agent skills and MCP servers. Static analysis, incident 。⭐77 · Go |
| Topics | 安全扫描MCP服务器AI代理静态分析数据泄露检测DevSecOps |
| GitHub | https://github.com/garagon/aguara |
| License | Apache-2.0 |
| 语言 | Go |
收录时间:2026-05-18 · 更新时间:2026-05-19 · License:Apache-2.0 · AI Skill Hub 不对第三方内容的准确性作法律背书。
选择 Agent 类型,复制安装指令后粘贴到对应客户端