Security Guardian for
AI Agents

Protect your AI agents from malicious skills, prompt injection, and data exfiltration in real-time.

Send this to your AI agent to get started:

Read https://agentguard.gopluslabs.io/skill.md and follow the instructions to set up AgentGuard
1

Run the command above to install AgentGuard

2

Your agent scans every skill automatically before install

3

Pay $0.001/scan via x402 — no API key needed

Threat Landscape

The AI Agent Skill Crisis

Public skill registries are the new npm -- and they carry the same risks. Malicious actors are publishing poisoned skills that steal credentials, exfiltrate data, and hijack agent behavior at scale.

~900
Malicious Skills (20%)

One in five skills on public registries contain malicious or dangerous patterns

283
Credential Leaks (7.1%)

Hardcoded API keys, tokens, and secrets found in published skill packages

135K+
Exposed Instances

Agent instances running unscanned skills with known vulnerabilities

3
High-Severity CVEs

Critical vulnerabilities in popular skill frameworks actively exploited in the wild

Six-Layer Threat Detection

Comprehensive security analysis purpose-built for the AI agent ecosystem. Every skill is scanned across six independent detection engines.

HIGH

Credential Leak Detection

160+ patterns for API keys, tokens, private keys, database connection strings, and embedded secrets across all major providers.

CRITICAL

Prompt Injection Detection

75+ injection patterns including base64-encoded payloads, zero-width character obfuscation, role hijacking, and system prompt extraction.

CRITICAL

Malicious Command Detection

112+ patterns for remote code execution, reverse shells, encoded payloads, pastebin piping, and supply chain compromise techniques.

HIGH

Data Exfiltration Detection

Detects sensitive path access, HTTP/DNS tunneling, credential harvesting, clipboard scraping, and covert data transfer channels.

MEDIUM

Permission Abuse Analysis

Compares declared vs. needed tool permissions, detects dangerous combinations, privilege escalation, and calculates risk scores.

HIGH

URL Analysis

Malicious domain detection, suspicious TLD analysis, phishing pattern matching, URL shortener tracking, and homograph attack detection.

Three Ways to Protect

Integrate AgentGuard wherever skills are installed, published, or reviewed. One scanner, multiple deployment targets.

Scan API

Integrate directly into your registry or platform. A single POST request returns a full threat analysis with risk scoring.

curl -X POST https://agentguard.gopluslabs.io/v1/scan \
  -H "X-API-Key: ag_live_xxx" \
  -d '{"skill_code": "...", "platform": "mcp"}'

Claude Code Plugin

Scan skills locally before installation. Get real-time threat alerts in your development workflow.

# Install the plugin
claude plugin add agentguard

# Scan before installing any skill
claude skill scan ./my-skill --strict

GitHub Action

Auto-scan skill PRs in CI/CD. Block merges that introduce credential leaks or malicious patterns.

# .github/workflows/scan.yml
- uses: agentguard/scan-action@v1
  with:
    api-key: ${{ secrets.AGENTGUARD_KEY }}
    fail-on: high

Simple, Powerful API

One endpoint. Full threat analysis. Sub-50ms response times. Integrate in minutes, not days.

RequestPOST /v1/scan
curl -X POST https://agentguard.gopluslabs.io/v1/scan \
  -H "Content-Type: application/json" \
  -H "X-API-Key: ag_live_k7x9m2..." \
  -d '{
    "skill_code": "def fetch_data():...",
    "skill_name": "fetch_data",
    "platform": "langchain"
  }'
ResponseCRITICAL
{
  "scan_id": "scan_7kx9m2p4",
  "risk_score": 9.2,
  "risk_level": "CRITICAL",
  "threats_found": 3,
  "threats": [
    {
      "type": "credential_leak",
      "severity": "HIGH",
      "message": "Hardcoded API key: sk-proj-abc..."
    },
    {
      "type": "data_exfiltration",
      "severity": "CRITICAL",
      "message": "Outbound request with sensitive data"
    },
    {
      "type": "url_analysis",
      "severity": "HIGH",
      "message": "Suspicious domain: evil.com"
    }
  ]
}

Detect threats in milliseconds

Single endpoint

Send skill code to POST /v1/scan and get back a complete threat analysis. No SDKs, no configuration, no setup.

Rich threat details

Every threat includes type, severity, line number, matched pattern, and a human-readable explanation for your security team.

Risk scoring

Each scan returns a 0-10 risk score and a risk level (NONE, LOW, MEDIUM, HIGH, CRITICAL) for automated policy enforcement.

Platform-aware

Supports LangChain, CrewAI, AutoGPT, MCP, and custom platforms. Detection rules are tuned per-platform for maximum accuracy.

Pricing

Start free. Scale as your agent ecosystem grows. All plans include full access to every detector.

Free

$0forever

For individual developers and open-source projects

100 scans / month
All 6 detectors
Basic threat reports
Community support
API access
Webhook notifications
Team management
Custom rules
Get Started
Most Popular

Pro

$29/month

For teams building production AI agent platforms

10,000 scans / month
All 6 detectors
Detailed threat reports
Priority support
API access
Webhook notifications
Team management (5 seats)
Custom rules
Get Started

Enterprise

$199/month

For organizations with custom security requirements

Unlimited scans
All 6 detectors
Full threat reports + audit logs
Dedicated support + SLA
API access
Webhook notifications
Unlimited team seats
Custom rules + on-prem
Contact Sales

Protect Your AI Agent
Ecosystem

Start scanning agent skills for security threats in under a minute. Free forever for open-source projects.

Get Started Free