HackerTrans
TopNewTrendsCommentsPastAskShowJobs

garagon

no profile record

Submissions

[untitled]

1 points·by garagon·4 maanden geleden·0 comments

[untitled]

1 points·by garagon·4 maanden geleden·0 comments

[untitled]

1 points·by garagon·4 maanden geleden·0 comments

[untitled]

1 points·by garagon·4 maanden geleden·0 comments

OWASP Agentic Top Mapped to Aguara Detection Rules

aguarascan.com
1 points·by garagon·5 maanden geleden·0 comments

From Skill.md to Shell: A Security Audit Guide for AI Agent Skills

aguarascan.com
1 points·by garagon·5 maanden geleden·0 comments

Show HN: Aguara – Security scanner for AI agent skills and MCP servers

github.com
1 points·by garagon·5 maanden geleden·2 comments

comments

garagon
·4 maanden geleden·discuss
Aguara is a static security scanner built specifically for AI agent skills and MCP server configs. 173 rules across 13 categories: prompt injection, credential leaks, data exfiltration, supply chain, SSRF, and more.

No LLM, no cloud, no API keys. One Go binary, scans in milliseconds.

Four analysis layers: 1. Pattern matching (regex + base64/hex decoding) 2. NLP markdown analysis (AST walker, keyword classification) 3. Taint tracking (source-to-sink flow analysis) 4. Rug-pull detection (hash tracking across scans)

Every rule includes remediation guidance - when it finds a problem, it tells you how to fix it.

We also run Aguara Watch (watch.aguarascan.com), scanning 45,000+ skills across 7 public registries daily. The data shapes the rules.

Install: brew install garagon/tap/aguara Docker: docker run ghcr.io/garagon/aguara scan /scan GitHub Action: uses: garagon/aguara@v1

https://github.com/garagon/aguara