能力标签
hol-guard MCP工具
🔌
MCP工具

hol-guard MCP工具

基于 Python · 让 AI 助手直接操作你的系统与工具
英文名:hol-guard
⭐ 319 Stars 🍴 3 Forks 💻 Python 📄 NOASSERTION 🏷 AI 8.2分
8.2AI 综合评分
安全扫描AI插件代码审计最佳实践MCP工具
✦ AI Skill Hub 推荐

hol-guard MCP工具 是 AI Skill Hub 本期精选MCP工具之一。综合评分 8.2 分,整体质量较高。我们强烈推荐将其纳入你的 AI 工具库,帮助提升工作效率。

📚 深度解析

hol-guard MCP工具 是一款基于 MCP(Model Context Protocol)标准协议的 AI 工具扩展。MCP 协议由 Anthropic 开发并开源,旨在建立 AI 模型与外部工具之间的标准化通信接口,目前已被 Claude Desktop、Claude Code、Cursor 等主流 AI 工具采纳。

通过安装 hol-guard MCP工具,你的 AI 助手将获得额外的工具调用能力,可以用自然语言直接操控该工具的功能,无需学习复杂的命令行语法。MCP 工具的核心价值在于"一次配置,永久增强"——配置完成后,每次与 AI 对话时都可以无缝调用这些工具。

在技术实现上,MCP 工具通过标准的 JSON-RPC 协议与 AI 客户端通信,工具的功能以"工具列表"的形式暴露给 AI 模型,AI 可以按需调用。hol-guard MCP工具 提供了结构化的工具调用接口,使 AI 模型能够精确地理解和使用每个功能点,显著降低 AI 在工具使用上的错误率。

与传统的 API 集成相比,MCP 工具的优势在于无需编写代码——用户只需在配置文件中添加几行 JSON,即可让 AI 获得全新能力。AI Skill Hub 将 hol-guard MCP工具 评为 AI 评分 8.2 分,属于同类工具中的优质选择。

📋 工具概览

专为AI插件设计的开源安全扫描工具,支持Codex、Claude、OpenAI等多平台插件检测。提供安全漏洞识别、最佳实践验证、代码规范检查等功能。适合AI插件开发者、安全审计人员和企业AI应用管理团队使用。

hol-guard MCP工具 是一款遵循 MCP(Model Context Protocol)标准协议的 AI 工具扩展。通过 MCP 协议,它可以让 Claude、Cursor 等主流 AI 客户端直接访问和操作外部工具、数据源和服务,实现 AI 能力的无缝扩展。无论是文件操作、数据库查询还是 API 调用,都可以通过自然语言在 AI 对话中直接触发,极大提升生产效率。

GitHub Stars
⭐ 319
开发语言
Python
支持平台
Windows / macOS / Linux
维护状态
轻量级项目,按需更新
开源协议
NOASSERTION
AI 综合评分
8.2 分
工具类型
MCP工具
Forks
3

📖 中文文档

以下内容由 AI Skill Hub 根据项目信息自动整理,如需查看完整原始文档请访问底部「原始来源」。

专为AI插件设计的开源安全扫描工具,支持Codex、Claude、OpenAI等多平台插件检测。提供安全漏洞识别、最佳实践验证、代码规范检查等功能。适合AI插件开发者、安全审计人员和企业AI应用管理团队使用。

hol-guard MCP工具 是一款遵循 MCP(Model Context Protocol)标准协议的 AI 工具扩展。通过 MCP 协议,它可以让 Claude、Cursor 等主流 AI 客户端直接访问和操作外部工具、数据源和服务,实现 AI 能力的无缝扩展。无论是文件操作、数据库查询还是 API 调用,都可以通过自然语言在 AI 对话中直接触发,极大提升生产效率。

📌 核心特色
  • 通过标准 MCP 协议与 Claude、Cursor 等主流 AI 客户端深度集成
  • 提供结构化工具调用接口,显著降低 AI 集成复杂度
  • 支持 Claude Desktop 和 Claude Code 无缝接入,开箱即用
  • 可与其他 MCP 工具组合叠加,构建完整 AI 工作站
  • 轻量无侵入设计,不影响现有系统架构
🎯 主要使用场景
  • 在 Claude Desktop 对话中直接调用本地工具,实现 AI 与系统的深度联动
  • 通过自然语言驱动复杂的多步骤自动化任务,代替繁琐手动操作
  • 将多个 MCP 工具组合使用,构建个人专属 AI 工作站
以下安装命令基于项目开发语言和类型自动生成,实际以官方 README 为准。
安装命令
# 方式一:通过 Claude Code CLI 一键安装
claude skill install https://github.com/hashgraph-online/hol-guard

# 方式二:手动配置 claude_desktop_config.json
{
  "mcpServers": {
    "hol-guard-mcp--": {
      "command": "npx",
      "args": ["-y", "hol-guard"]
    }
  }
}

# 配置文件位置
# macOS: ~/Library/Application Support/Claude/claude_desktop_config.json
# Windows: %APPDATA%/Claude/claude_desktop_config.json
📋 安装步骤说明
  1. 确认已安装 Node.js(v18 或以上版本)
  2. 打开 Claude Desktop 或 Claude Code 的 MCP 配置文件
  3. 按「交给 Agent 安装 → Claude Desktop」标签中的 JSON 配置填入 mcpServers 字段
  4. 保存配置文件并重启 Claude 客户端
  5. 重启后,在对话中即可使用本工具
以下用法示例由 AI Skill Hub 整理,涵盖最常见的使用场景。
常用命令 / 代码示例
# 安装后在 Claude 对话中直接使用
# 示例:
用户: 请帮我用 hol-guard MCP工具 执行以下任务...
Claude: [自动调用 hol-guard MCP工具 MCP 工具处理请求]

# 查看可用工具列表
# 在 Claude 中输入:"列出所有可用的 MCP 工具"
以下配置示例基于典型使用场景生成,具体参数请参照官方文档调整。
配置示例
// claude_desktop_config.json 配置示例
{
  "mcpServers": {
    "hol-guard_mcp__": {
      "command": "npx",
      "args": ["-y", "hol-guard"],
      "env": {
        // "API_KEY": "your-api-key-here"
      }
    }
  }
}

// 保存后重启 Claude Desktop 生效
📑 README 深度解析 真实文档 完整度 66/100 查看 GitHub 原文 →
以下内容由系统直接从 GitHub README 解析整理,保留代码块、表格与列表结构。

HOL Guard

HOL Guard Version Plugin Scanner Version HOL Guard Downloads Plugin Scanner Downloads Python 3.10+ CI Publish Container Image OpenSSF Scorecard License GitHub Stars Lint: ruff

![HOL whole dark logo](https://hol.org/brand/Logo_Whole_Dark.png)**Protect your harness locally with hol-guard.** Use plugin-scanner when you need maintainer and CI checks for plugins, skills, MCP servers, and marketplace packages.<br><br>[PyPI Package (hol-guard)](https://pypi.org/project/hol-guard/)<br>[PyPI Package (plugin-scanner)](https://pypi.org/project/plugin-scanner/)<br>[HOL Plugin Registry](https://hol.org/registry/plugins)<br>[HOL GitHub Organization](https://github.com/hashgraph-online)<br>[Report an Issue](https://github.com/hashgraph-online/hol-guard/issues)

How do I require human proof before saved approvals?

Enable the local approval gate when saved allow decisions, global trust, policy clears, or settings changes should require a human password before Guard persists them:

hol-guard settings approval-password enable \
  --new-password '<password>' \
  --confirm-password '<password>' \
  --cooldown-seconds 900
hol-guard settings approval-password status

Use cooldown only for ordinary non-global allow decisions. Guard still requires fresh proof for global allow, policy clear, settings import/reset, disabling the gate, disabling TOTP, and recovery. When TOTP is enabled, cooldown is disabled so every protected action requires both factors. To unlock or lock the current password-only approval window from a terminal:

hol-guard approvals unlock --duration 15m
hol-guard approvals lock

For Google Authenticator-compatible second-factor proof, enroll TOTP after the password gate is enabled:

hol-guard settings approval-totp enroll --current-password '<password>' --device-label '<device>'
hol-guard settings approval-totp verify --current-password '<password>' --code 123456
hol-guard settings approval-totp status

TOTP uses SHA-1, 6 digits, 30-second steps, and a Base32 otpauth://totp/HOL%20Guard:<device> provisioning URI. Guard stores the seed encrypted locally, rejects replayed steps, and never includes the seed in settings export, receipts, or public status. Disabling TOTP or the password gate requires fresh password proof plus a current TOTP code when TOTP is enabled.

Require Cisco skill scanning with a strict policy

plugin-scanner scan ./my-plugin --cisco-skill-scan on --cisco-policy strict

Require optional Cisco MCP static analysis

plugin-scanner scan ./my-plugin --cisco-mcp-scan on ```

Use the bare plugin-scanner ./my-plugin form only for compatibility with older automation. New scripts and docs should prefer explicit subcommands so scan, lint, verify, submit, and doctor have predictable help, flags, and output.

NeedCommandOutput contract
Human release summaryplugin-scanner scan ./my-pluginterminal summary first, optional JSON/Markdown/SARIF with --format
Rule-level authoring feedbackplugin-scanner lint ./my-pluginhuman findings by default, JSON with --format json
Runtime readiness detailsplugin-scanner verify ./my-pluginhuman pass/fail by default, JSON with --format json
Publishable quality artifactplugin-scanner submit ./my-plugin --attest dist/plugin-quality.jsonwrites one artifact for one plugin directory
Troubleshooting bundleplugin-scanner doctor ./my-plugin --component mcp --bundle dist/doctor.zipdiagnostic JSON and bundle artifacts

Install The Package You Need

Lean baseline install

Guard package:

pip install hol-guard

Scanner package:

pip install plugin-scanner

The lean baseline keeps Python 3.10+ support intact. It includes the shipped cisco-ai-skill-scanner integration on Python 3.10 through 3.13; on Python 3.14+ Guard installs without the LiteLLM-dependent Cisco scanner path and reports Cisco evidence as unavailable until patched LiteLLM releases support that runtime.

Guard Quickstart

pipx install hol-guard
hol-guard init

To update an existing pipx install from PyPI:

pipx upgrade hol-guard

If you installed Guard with pipx, verify the active user command before testing local flows:

command -v hol-guard
hol-guard --version

For a local wheel build, install into the pipx-managed hol-guard environment. Do not test with PYTHONPATH=src; that bypasses the same package path users run.

python3 -m build --wheel
hol-guard update --wheel dist
hol-guard --version

hol-guard update --wheel accepts either a specific .whl file or a directory and picks the newest matching hol_guard-*.whl.

To force a specific release, use Python package specifier syntax:

pipx install --force 'hol-guard==2.0.345'

Do not use hol-guard@<version>; pipx treats that as a separate app name, not a package version.

hol-guard init is the first-run guided setup. It shows a progressive plan first, then gates each side effect: approve dashboard, Guard completes it, then approve app protection, Guard completes it, then approve Cloud connect and notifications. Nothing opens or changes until you approve that checkpoint. Use hol-guard init --yes only for automation when you already trust the plan.

Manual and follow-up commands:

pipx run hol-guard bootstrap
pipx run hol-guard hermes bootstrap
pipx run hol-guard run codex --dry-run
pipx run hol-guard run codex
pipx run hol-guard approvals
pipx run hol-guard receipts
pipx run hol-guard status
pipx run hol-guard connect
pipx run hol-guard connect status
pipx run hol-guard connect repair
pipx run hol-guard sync
pipx run hol-guard supply-chain sync
pipx run hol-guard supply-chain scan
pipx run hol-guard supply-chain explain minimist@1.2.5 --ecosystem npm
pipx run hol-guard explain install-connect

What you get from Guard:

  • Detects local harness config on your machine
  • Records a baseline before you trust a tool
  • Pauses cleanly on new or changed artifacts before launch
  • Queues blocked changes in a localhost approval center when the harness cannot prompt inline
  • Stores receipts locally so you can review decisions later
  • Keeps sync optional until you actually want shared history

See docs/guard/get-started.md for the full local flow.

<details> <summary>Guard commands at a glance</summary>

- hol-guard start Shows the next step for the harnesses Guard found. - hol-guard init Runs first-run onboarding as approval checkpoints: local dashboard, harness discovery and install, optional Guard Cloud connect, and desktop notification setup. - hol-guard bootstrap Detects the best local harness, starts the approval center, and installs Guard in front of it. - hol-guard hermes bootstrap Installs the Guard-managed Hermes overlay bundle directly. - hol-guard status Shows what Guard is watching now. - hol-guard install <harness> Creates the launcher shim for that harness. - hol-guard uninstall --self Removes Guard-managed harness wiring, package shims, local Guard state, and uninstalls the current hol-guard package. - hol-guard update Updates the installed hol-guard package in the current environment. - hol-guard run <harness> --dry-run Records the current state once before you trust it. - hol-guard run <harness> Reviews changes before launch and hands blocked sessions to the approval center when needed. - hol-guard approvals Lists pending approvals or resolves them from the terminal. - hol-guard receipts Shows local approval and block history.

</details>

<details> <summary>Harness approval strategy</summary>

- claude-code Guard prefers Claude hooks first, then the local approval center when the shell cannot prompt. - copilot Guard can wrap the copilot CLI, detect ~/.copilot/config.json, ~/.copilot/mcp-config.json, workspace .vscode/mcp.json, and install Guard-managed Copilot hook wiring for documented preToolUse and postToolUse events. Guard does not treat a VS Code Copilot inline permission sheet by itself as proof of Guard interception; current proof should come from Guard hook responses, Guard receipts, or an MCP client that explicitly answers Guard elicitation. - codex Guard asks inline in the same Codex chat when the interactive CLI or Codex App can answer MCP elicitations, and falls back to the local approval center only for codex exec or any other nonresponsive session. When Guard has the right Codex thread binding, approving or blocking in the browser resumes the same Codex thread with HOL Guard-branded continuation copy. Live app-server sessions continue in place, and headless codex exec sessions resume through codex exec resume with the exact blocked command context. If the session cannot be identified, Guard says so plainly and tells you the manual next step instead of pretending it resumed. - cursor Guard respects Cursor’s native tool approval and focuses on artifact trust before launch. - opencode Guard authors package-level policy while OpenCode keeps native once, always, or reject prompts for managed MCP tools. - kimi Guard installs managed PreToolUse and UserPromptSubmit hooks in ~/.kimi-code/config.toml, blocks with exit code 2 and a JSON permissionDecision: "deny" response, and fails open on hook crash or timeout. - grok Guard installs managed Grok hook JSON under ~/.grok/hooks/ plus permission deny rules in ~/.grok/managed_config.toml, blocks with exit code 2 and a Grok-native {"decision":"deny"} response, and never reads ~/.grok/auth. - pi Guard scans ~/.pi/agent/ and project .pi/ packages, extensions, skills, prompts, and themes; installs a managed Pi extension that reviews input and tool_call events inline; and blocks with a Pi-native {"decision":"deny"} response when Guard policy says no. - zcode Guard detects ~/.zcode/cli/config.json, configured MCP servers, enabled plugins, the plugin cache, and plugin manifests; installs managed PreToolUse and UserPromptSubmit hooks in the config hooks section without touching user mcp or plugins; and blocks with exit code 2 and a permissionDecision: "deny" response. - hermes Guard installs a managed Hermes overlay bundle, routes MCP servers through Guard proxies, and prefers native-or-center delivery for blocked requests. - gemini Guard scans extensions and falls back to the local approval center for blocked changes.

</details>

Scanner Quickstart

pipx install plugin-scanner
plugin-scanner lint .
plugin-scanner verify .

```yaml

Quick Start For Contributors

git clone https://github.com/hashgraph-online/hol-guard.git
cd hol-guard
uv sync --extra dev --extra cisco --group cisco-mcp
pytest -q

Use uv sync --extra dev --python 3.10 when you need the lean baseline path without the Cisco MCP extra.

CLI Usage

```bash

Config + Baseline Example

```toml

Example Output

🔗 Plugin Scanner v2.0.0
Scanning: ./my-plugin

── Manifest Validation (31/31) ──
  ✅ plugin.json exists                           +4
  ✅ Valid JSON                                   +4
  ✅ Required fields present                      +5
  ✅ Version follows semver                       +3
  ✅ Name is kebab-case                           +2
  ✅ Recommended metadata present                 +4
  ✅ Interface metadata complete if declared      +3
  ✅ Interface links and assets valid if declared +3
  ✅ Declared paths are safe                      +3

── Security (16/16) ──
  ✅ SECURITY.md found                            +3
  ✅ LICENSE found                                +3
  ✅ No hardcoded secrets                         +7
  ✅ No dangerous MCP commands                    +0
  ✅ MCP remote transports are hardened           +0
  ✅ No approval bypass defaults                  +3

── Operational Security (0/0) ──
  ✅ Third-party GitHub Actions pinned to SHAs    +0
  ✅ No write-all GitHub Actions permissions      +0
  ✅ No privileged untrusted checkout patterns    +0
  ✅ Dependabot configured for automation surfaces +0
  ✅ Dependency manifests have lockfiles          +0

── Skill Security (15/15) ──
  ✅ Cisco skill scan completed                   +3
  ✅ No elevated Cisco skill findings             +8
  ✅ Skills analyzable                            +4

Findings: critical:0, high:0, medium:0, low:0, info:0

━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
Final Score: 100/100 (A - Excellent)
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━

Example: HOL Registry Broker Plugin

The HOL Registry Broker Codex Plugin bridges Codex plugins with the HOL Universal Registry, providing agent discovery, trust signals, and verified identity on Hedera.

Registry Broker trust badge

HOL Registry scores: Trust 80 / Review 83 / Enforce 74

🔗 Plugin Scanner v2.0.0
Scanning: ./registry-broker-codex-plugin

── Manifest Validation (31/31) ──
  ✅ plugin.json exists                           +4
  ✅ Valid JSON                                   +4
  ✅ Required fields present                      +5
  ✅ Version follows semver                       +3
  ✅ Name is kebab-case                           +2
  ✅ Recommended metadata present                 +4
  ✅ Interface metadata complete if declared      +3
  ✅ Interface links and assets valid if declared +3
  ✅ Declared paths are safe                      +3

── Security (24/24) ──
  ✅ SECURITY.md found                            +3
  ✅ LICENSE found                                +3
  ✅ No hardcoded secrets                         +7
  ✅ No dangerous MCP commands                    +3
  ✅ MCP remote transports are hardened           +3
  ✅ No approval bypass defaults                  +5

── Operational Security (20/20) ──
  ✅ Third-party GitHub Actions pinned to SHAs    +5
  ✅ No write-all GitHub Actions permissions      +5
  ✅ No privileged untrusted checkout patterns    +3
  ✅ Dependabot configured for automation surfaces +4
  ✅ Dependency manifests have lockfiles          +3

── Best Practices (15/15) ──
  ✅ README.md found                             +5
  ✅ Skills directory present                    +3
  ✅ SKILL.md frontmatter valid                  +4
  ✅ No committed .env                           +2
  ✅ .codexignore found                          +1

── Marketplace (15/15) ──
  ✅ marketplace.json valid                      +5
  ✅ Policy fields present                       +5
  ✅ Marketplace sources are safe                +5

── Skill Security (15/15) ──
  ✅ Cisco skill scan completed                  +3
  ✅ No elevated Cisco skill findings            +8
  ✅ Skills analyzable                           +4

── Code Quality (10/10) ──
  ✅ No eval or Function constructor             +5
  ✅ No shell injection patterns                 +5

Findings: critical:0, high:0, medium:0, low:0, info:0

━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
Final Score: 130/130
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━

Plugins that pass the scanner with a high score are candidates for listing in the HOL Plugin Registry.

</details>

Rule-oriented lint (with optional mechanical fixes)

plugin-scanner lint ./my-plugin --list-rules plugin-scanner lint ./my-plugin --explain README_MISSING plugin-scanner lint ./my-plugin --fix --profile strict-security

Cisco package status

Credit to Cisco AI Defense for open-sourcing the packages below.

PackageStatus in this repoNotes
cisco-ai-skill-scannershipped by defaultIncluded in the lean baseline install.
cisco-ai-mcp-scannerrepo-controlled CI/Docker onlyInstalled through the uv cisco-mcp group and Docker requirements until Cisco publishes LiteLLM-compatible metadata.
cisco-ai-a2a-scannerdeferredRequires live A2A endpoints and is not added in this pass.
cisco-aibomdeferredNo Guard runtime integration in this pass. Revisit later only for evidence or export workflows.

If you want both tools in one shell during local development:

pipx install hol-guard
pipx install plugin-scanner

Container-first environments can use the published image instead. The repo-controlled image installs a lock-derived Cisco dependency set on Python 3.13 so the container has full static Cisco coverage by default.

docker run --rm \
  -v "$PWD:/workspace" \
  ghcr.io/hashgraph-online/hol-guard:<version> \
  scan /workspace --format text

Command names by package:

hol-guard start
plugin-scanner verify .

Scan a plugin directory

plugin-scanner scan ./my-plugin

Scan only Claude package surfaces

plugin-scanner scan ./plugins-repo --ecosystem claude

Scan a multi-plugin repo from the marketplace root

plugin-scanner scan . --format json

.plugin-scanner.toml

[scanner] profile = "public-marketplace" baseline_file = "baseline.txt" ignore_paths = ["tests/", "fixtures/"]

[rules] disabled = ["README_MISSING"] severity_overrides = { CODEXIGNORE_MISSING = "low" } ```

Plugin Author Submission Flow

The action can also handle submission intake. A plugin repository can wire the scanner into CI so a passing scan opens or reuses a submission issue in awesome-codex-plugins.

It also emits automation-friendly machine outputs:

  • score, grade, grade_label, max_severity, and findings_total as GitHub Action outputs
  • a concise markdown summary in the job summary by default
  • an optional machine-readable registry payload file for downstream registry, badge, or awesome-list automation

The intended path is:

  1. Add the scanner action to plugin CI.
  2. Require min_score: 80 and a severity gate such as fail_on_severity: high.
  3. Enable submission mode with a token that has issues:write on hashgraph-online/awesome-codex-plugins.
  4. When the plugin clears the threshold, the action opens or reuses a submission issue.
  5. The issue body includes machine-readable registry payload data, so registry automation can ingest the same submission event.

Example:

permissions:
  contents: read

jobs:
  scan-plugin:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v6

      - name: Scan and submit if eligible
        id: scan
        uses: hashgraph-online/ai-plugin-scanner-action@v1
        with:
          plugin_dir: "."
          min_score: 80
          fail_on_severity: high
          submission_enabled: true
          submission_score_threshold: 80
          submission_token: ${{ secrets.AWESOME_CODEX_PLUGINS_TOKEN }}

      - name: Print submission issue
        if: steps.scan.outputs.submission_performed == 'true'
        run: echo "${{ steps.scan.outputs.submission_issue_urls }}"

submission_token is required when submission_enabled: true. This flow is idempotent. If the plugin repository was already submitted, the action reuses the existing open issue instead of opening duplicates by matching an exact hidden plugin URL marker in the existing issue body.

Registry Payload For Plugin Ecosystem Automation

If you want to feed the same scan into a registry, badge pipeline, or another plugin ecosystem automation step, request a registry payload file directly from the action:

permissions:
  contents: read

jobs:
  scan-plugin:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v6

      - name: Scan plugin
        id: scan
        uses: hashgraph-online/ai-plugin-scanner-action@v1
        with:
          plugin_dir: "."
          format: sarif
          output: ai-plugin-scanner.sarif
          registry_payload_output: ai-plugin-registry-payload.json

      - name: Show trust signals
        run: |
          echo "Score: ${{ steps.scan.outputs.score }}"
          echo "Grade: ${{ steps.scan.outputs.grade_label }}"
          echo "Max severity: ${{ steps.scan.outputs.max_severity }}"

      - name: Upload registry payload
        uses: actions/upload-artifact@v6
        with:
          name: ai-plugin-registry-payload
          path: ${{ steps.scan.outputs.registry_payload_path }}

The registry payload mirrors the submission data used by HOL ecosystem automation, so one scan can drive code scanning, review summaries, awesome-list intake, and registry trust ingestion.

Repository Workflows

  • Matrix CI for Python 3.10 through 3.13
  • Package publishing via the publish.yml workflow
  • OpenSSF Scorecard automation for repository hardening visibility

Guard: Troubleshooting

🎯 aiskill88 AI 点评 A 级 2026-05-20

专业的AI插件安全工具,填补业界空白。319星认可度稳定,框架完整支持多平台,适合企业级应用。代码质量和维护活度良好。

📚 实用指南(长尾问题)
适合谁
  • 需要让 Claude / Cursor 操作本地工具的 AI 工程师
  • 构建多智能体协作系统的 Agent 开发者
最佳实践
  • 配置 MCP 服务器时建议使用 stdio 传输 + JSON-RPC,避免暴露公网
  • 生产部署优先使用 Docker Compose 隔离依赖,并挂载 volume 持久化数据
  • Agent 任务先做 dry-run 验证工具调用链,再开启自主执行
常见错误
  • API key 直接提交到 git 仓库(请用 .env 并加入 .gitignore)
  • MCP 配置路径拼错或权限不足,重启 Claude Desktop 才生效
  • 容器内无法访问宿主机 localhost — 使用 host.docker.internal
  • Python 依赖冲突:建议用 venv / uv 隔离环境
部署方案
  • Docker:hol-guard 提供官方镜像,docker compose up 一键启动
  • CLI:直接 npm install -g / pip install,命令行调用
  • 云端托管:可放在 Vercel / Railway / Fly.io 等 PaaS 平台
相关搜索
hol-guard 中文教程hol-guard 安装报错怎么办hol-guard MCP 配置hol-guard Docker 部署hol-guard Agent 工作流hol-guard 与同类工具对比hol-guard 最佳实践hol-guard 适合谁用

⚡ 核心功能

👥 适合谁
  • 需要让 Claude / Cursor 操作本地工具的 AI 工程师
  • 构建多智能体协作系统的 Agent 开发者
⭐ 最佳实践
  • 配置 MCP 服务器时建议使用 stdio 传输 + JSON-RPC,避免暴露公网
  • 生产部署优先使用 Docker Compose 隔离依赖,并挂载 volume 持久化数据
  • Agent 任务先做 dry-run 验证工具调用链,再开启自主执行
⚠️ 常见错误
  • API key 直接提交到 git 仓库(请用 .env 并加入 .gitignore)
  • MCP 配置路径拼错或权限不足,重启 Claude Desktop 才生效
  • 容器内无法访问宿主机 localhost — 使用 host.docker.internal
  • Python 依赖冲突:建议用 venv / uv 隔离环境

👥 适合人群

Claude Desktop / Claude Code 用户AI 工具开发者需要扩展 AI 能力的专业人士自动化工程师

🎯 使用场景

  • 在 Claude Desktop 对话中直接调用本地工具,实现 AI 与系统的深度联动
  • 通过自然语言驱动复杂的多步骤自动化任务,代替繁琐手动操作
  • 将多个 MCP 工具组合使用,构建个人专属 AI 工作站

⚖️ 优点与不足

✅ 优点
  • +标准化 MCP 协议,生态互联性强
  • +与 Claude 官方生态无缝对接
  • +即插即用,配置简单快捷
⚠️ 不足
  • 依赖 Claude 客户端,非 Claude 用户无法使用
  • MCP 协议仍在持续演进,接口可能变更
  • 需要一定的配置步骤
⚠️ 使用须知

该工具使用 NOASSERTION 协议,商用场景请仔细阅读协议条款,必要时咨询法律意见。

AI Skill Hub 为第三方内容聚合平台,本页面信息基于公开数据整理,不对工具功能和质量作任何法律背书。

建议在沙箱或测试环境中充分验证后,再部署至生产环境,并做好必要的安全评估。

📄 License 说明

📄 NOASSERTION — 请查阅原始协议条款了解具体使用限制。

🔗 相关工具推荐

📚 相关教程推荐
📰 相关 AI 新闻
🍿 AI 圈相关吃瓜
🗺️ 相关解决方案
🧩 你可能还需要
基于当前 Skill 的能力图谱,自动补全的工具组合

❓ 常见问题 FAQ

支持OpenAI Codex、Anthropic Claude、OpenAI等主流平台的插件安全检测
💡 AI Skill Hub 点评

经综合评估,hol-guard MCP工具 在MCP工具赛道中表现稳健,质量优秀。如果你已有明确的使用需求,可以直接上手体验;如果还在评估阶段,建议对比同类工具后再做决策。

⬇️ 获取与下载
📚 深入学习 hol-guard MCP工具
查看分步骤安装教程和完整使用指南,快速上手这款工具
🌐 原始信息
原始名称 hol-guard
原始描述 开源MCP工具:Security and best-practices scanner for AI Plugins, covering Codex, Claude, Open。⭐319 · Python
Topics 安全扫描AI插件代码审计最佳实践MCP工具
GitHub https://github.com/hashgraph-online/hol-guard
License NOASSERTION
语言 Python
🔗 原始来源
🐙 GitHub 仓库  https://github.com/hashgraph-online/hol-guard 🌐 官方网站  https://hol.org/registry/plugins

收录时间:2026-05-16 · 更新时间:2026-05-19 · License:NOASSERTION · AI Skill Hub 不对第三方内容的准确性作法律背书。

📺 订阅 AI Skill Hub Daily Telegram 频道
每天 8 条精选 AI Skill、MCP、Agent 与自动化工具推送
加入频道 →