Scan AI Agent Skills
for Threats — In Seconds

AgentGuard detects prompt injection, credential leaks, malicious commands, and data exfiltration before they reach your agent.

View Live Report
$curl -fsSL https://agentguard.gopluslabs.io/install.sh | bash

Installs skill + hooks automatically — recommended · View on GitHub

AgentGuard Scanner
deploy-helper/SKILL.md
Initializing...0%
BLOCKED3 threats detected
28
Safety Score
CRITICALcurl-pipe-bashLine 42
HIGHenv-var-exfiltrationLine 8
MEDIUMexcessive-permissionsLine 3
Scanned in 127ms6 detectorsCWE-78, CWE-200
10,000+
Skills Scanned
500+
Threats Blocked
6
Security Detectors
<50ms
Avg Scan Time
Threat Landscape

AI Agent Skills Are the New Attack Surface

Public skill registries are the new npm — and they carry the same risks. 36% of community skills contain security flaws.

~900
Malicious Skills (20%)

One in five skills on public registries contain malicious or dangerous patterns

283
Credential Leaks (7.1%)

Hardcoded API keys, tokens, and secrets found in published skill packages

135K+
Exposed Instances

Agent instances running unscanned skills with known vulnerabilities

3
High-Severity CVEs

Critical vulnerabilities in popular skill frameworks actively exploited in the wild

6 Security Detectors. One Scan.

Every scan runs all detectors in parallel. No configuration needed.

HIGH

Credential Leak Detection

160+ patterns for API keys, tokens, private keys, database connection strings, and embedded secrets across all major providers.

CRITICAL

Prompt Injection Detection

75+ injection patterns including base64-encoded payloads, zero-width character obfuscation, role hijacking, and system prompt extraction.

CRITICAL

Malicious Command Detection

112+ patterns for remote code execution, reverse shells, encoded payloads, pastebin piping, and supply chain compromise techniques.

HIGH

Data Exfiltration Detection

Detects sensitive path access, HTTP/DNS tunneling, credential harvesting, clipboard scraping, and covert data transfer channels.

MEDIUM

Permission Abuse Analysis

Compares declared vs. needed tool permissions, detects dangerous combinations, privilege escalation, and calculates risk scores.

HIGH

URL Analysis

Malicious domain detection, suspicious TLD analysis, phishing pattern matching, URL shortener tracking, and homograph attack detection.

Three Steps to Secure Your Agents

Step 1

Scan

Paste a skill URL or content. Get results in under 1 second.

Step 2

Review

See every threat with severity, evidence, line numbers, and remediation advice.

Step 3

Protect

Set up auto-scanning hooks. Every skill gets checked before install.

Simple Pricing. Start Free.

Personal plan includes a 7-day free trial. Cancel anytime.

Free

$0forever

Try it out

100 scans / month
All 6 detectors
Basic threat reports
Community support
API access (1 key)
AI Deep Analysis
Webhook notifications
Custom rules
Recommended

Personal

$15/month

7-day free trial

Your personal AI security guard

500 scans / month
All 6 detectors
Detailed threat reports
AI Deep Analysis
API access (2 keys)
Batch scanning
Priority support
Custom rules

Starter

$99/month

For teams getting started

10,000 scans / month
All 6 detectors
Full threat reports
AI Deep Analysis
API access (10 keys)
Webhook notifications
Team management (5 seats)
Priority support

Pro

$499/month

For platforms at scale

100,000 scans / month
All 6 detectors
Full reports + audit logs
AI Deep Analysis
API access (50 keys)
Webhook notifications
Unlimited team seats
Custom rules

Enterprise

Custom

Custom security requirements

Unlimited scans
All 6 detectors
Full reports + audit logs
AI Deep Analysis
Unlimited API keys
Webhook notifications
Unlimited team seats
Custom rules + on-prem + SLA

Your Agents Deserve a
Security Guard

Join developers who trust AgentGuard to protect their AI agents from malicious skills.

Read the Docs