HackerTrans
トップ新着トレンドコメント過去質問紹介求人

garagon

no profile record

投稿

[untitled]

1 ポイント·投稿者 garagon·4 か月前·0 コメント

[untitled]

1 ポイント·投稿者 garagon·4 か月前·0 コメント

[untitled]

1 ポイント·投稿者 garagon·4 か月前·0 コメント

[untitled]

1 ポイント·投稿者 garagon·4 か月前·0 コメント

OWASP Agentic Top Mapped to Aguara Detection Rules

aguarascan.com
1 ポイント·投稿者 garagon·4 か月前·0 コメント

From Skill.md to Shell: A Security Audit Guide for AI Agent Skills

aguarascan.com
1 ポイント·投稿者 garagon·5 か月前·0 コメント

Show HN: Aguara – Security scanner for AI agent skills and MCP servers

github.com
1 ポイント·投稿者 garagon·5 か月前·2 コメント

コメント

garagon
·4 か月前·議論
Aguara is a static security scanner built specifically for AI agent skills and MCP server configs. 173 rules across 13 categories: prompt injection, credential leaks, data exfiltration, supply chain, SSRF, and more.

No LLM, no cloud, no API keys. One Go binary, scans in milliseconds.

Four analysis layers: 1. Pattern matching (regex + base64/hex decoding) 2. NLP markdown analysis (AST walker, keyword classification) 3. Taint tracking (source-to-sink flow analysis) 4. Rug-pull detection (hash tracking across scans)

Every rule includes remediation guidance - when it finds a problem, it tells you how to fix it.

We also run Aguara Watch (watch.aguarascan.com), scanning 45,000+ skills across 7 public registries daily. The data shapes the rules.

Install: brew install garagon/tap/aguara Docker: docker run ghcr.io/garagon/aguara scan /scan GitHub Action: uses: garagon/aguara@v1

https://github.com/garagon/aguara