AI Agent Securityfor AI Developers
AgentGuard helps teams identify risky behaviors, scan agent-related code, tools, and components,and provide security protection before high-risk actions are executed across Claude Code, Codex, Cursor, MCP servers, and other AI development environments.
curl -fsSL https://agentguard.gopluslabs.io/install.sh | bashWhy AI Agent Security Matters
AI agents no longer just generate answers. They install Skills, connect to MCP servers, call tools, and execute real actions. As agents gain execution capabilities, security risks move beyond content generation and into runtime behavior.

AI Agents Can Execute Real Actions
AI agents can access files, execute commands, call APIs, and automate workflows. When agents can act, mistakes become consequences.

Skills, Plugins & MCP Servers Introduce Supply-Chain Risk
Third-party Skills, Plugins, and MCP servers may introduce new code, permissions, dependencies, and external resources. As agent ecosystems grow, supply-chain risk grows with them. AgentGuard helps teams perform local scans on agent-related code and components and identify potential risks with threat intelligence.

Prompt Injection Can Influence Tool Behavior
Malicious prompts can influence agent decisions and change how tools are used. The risk becomes real when prompts begin to affect execution.

Static Scanning Is Not Enough
Prompts, tools, permissions, and runtime environments continue to change. AgentGuard helps evaluate observable high-risk actions before execution, and can block them or require user confirmation based on policy.
AI Agents Need a
Guardrail Before
Every Risky Action
Agents can run shell commands, read secrets, call tools, and deploy changes faster than teams can review them. Static scanning helps, but runtime control is where policy becomes enforcement.

Shell commands, MCP tools, and browser actions can create production impact in seconds.

Agents frequently touch .env files, cloud credentials, private keys, and deployment tokens.

Teams need to know which agent attempted what, from which session, and why it was allowed.

Skills, plugins, and MCP servers still need scanning before they enter the runtime.
Three Layers of Protection for AI Agents
Runtime protection, deep security analysis, and continuous monitoring.

Runtime Guard
Stop risky actions before they run.
- Shell Commands
- File Access
- Tool Actions
- Network Requests
- Secret Access
- Sensitive Writes
- Webhook Exfiltration

Deep Scan
Scan agent-related code and components.
- Skills
- Plugins
- MCP Server Code
- Packages
- Agent Runtime Code
- 6 Detection Categories
- 24 Security Rules

OpenClaw Environment Patrol
Detect security drift automatically.
- Skill Integrity
- Secrets Exposure
- Network Exposure
- Cron & Scheduled Tasks
- File System Changes
- Audit Log Analysis
- Environment & Configuration
- Trust Registry Health

Security Coverage
Coverage across runtime behavior, code components, and environment drift.
- Prompt Injection
- Credential Exposure
- Dangerous Commands
- Data Exfiltration
- Permission Abuse
- Supply Chain Risk
- MCP Tool Risks
- Secrets Leakage
6 Security Detectors. One Scan.
Every scan runs all detectors in parallel. No configuration needed.
160+ patterns for API keys, tokens, private keys, database connection strings, and embedded secrets across all major providers.
75+ injection patterns including base64-encoded payloads, zero-width character obfuscation, role hijacking, and system prompt extraction.
112+ patterns for remote code execution, reverse shells, encoded payloads, pastebin piping, and supply chain compromise techniques.
Detects sensitive path access, HTTP/DNS tunneling, credential harvesting, clipboard scraping, and covert data transfer channels.
Compares declared vs. needed tool permissions, detects dangerous combinations, privilege escalation, and calculates risk scores.
Malicious domain detection, suspicious TLD analysis, phishing pattern matching, URL shortener tracking, and homograph attack detection.
Three Steps to
Secure Your Agents
Install the OSS guard and connect it to AgentGuard Cloud with an API key.
Evaluate risky actions against custom policy before shell, file, deploy, or tool execution.
Review approvals and session timelines while keeping supply-chain scans in the same workflow.
Real threats. Pushed to your agents.
AgentGuard publishes signed advisories for malicious skills, plugins, MCP servers, supply-chain packages, phishing URLs, and prompt-injection payloads. Subscribers receive them in real time and their guards self-check automatically.
Industry Security News
Track the latest industry updates across AI agents, Web3 security, and infrastructure ecosystems.
Full-Coverage Protection. Start Free.
Protect live agent actions, approvals, audit trails, and supply-chain scans from one control plane. Personal plan includes a 7-day free trial.
Local-first protection for individual agents
- 100 protected actions / month
- Runtime policy + supply-chain detectors
- Basic audit timeline
- Community support
- AI deep analysis
- Webhook and approval notifications
- Custom runtime rules
Runtime guardrails for personal agent work
- 500 protected actions / month
- Runtime policy + supply-chain detectors
- Detailed action and scan reports
- AI deep analysis
- Batch supply-chain scanning
- Priority support
- Custom runtime rules
Team protection for shared agent workflows
- 10,000 protected actions / month
- Runtime policy + supply-chain detectors
- Full runtime and supply-chain reports
- AI deep analysis
- Webhook and approval notifications
- Team management (5 seats)
- Priority support
Advanced governance for production agents
- 100,000 protected actions / month
- Runtime policy + supply-chain detectors
- Full reports + redacted audit logs
- AI deep analysis
- Webhook and approval notifications
- Unlimited team seats
- Custom runtime rules
Custom controls for regulated agent operations
- Unlimited protected actions
- Runtime policy + supply-chain detectors
- Full reports + redacted audit logs
- AI deep analysis
- Webhook and approval notifications
- Unlimited team seats
- Custom rules + private deployment + SLA
FAQ
1. What is AgentGuard?+−
AgentGuard is a security platform for AI agents. It combines runtime protection, code scanning, and continuous monitoring to help teams identify risks and protect high-risk actions before execution.
2. How is AgentGuard different from a prompt filter?+−
Prompt filters mainly focus on input or output text. AgentGuard focuses on execution risk: what an agent is about to run, access, or trigger.
3. What can AgentGuard detect?+−
AgentGuard provides two layers of security analysis. Runtime Guard focuses on observable high-risk actions during execution. Deep Scan uses 6 detection categories and 24 security rules to perform static risk analysis on agent-related code and components.
4. What is Daily Patrol?+−
Daily Patrol continuously checks agent environments for security drift. Today, fully automated Daily Patrol workflows are mainly designed for OpenClaw environments.
5. Does AgentGuard upload my code, prompts, secrets, or file contents?+−
In local mode, AgentGuard does not upload full code, prompts, secrets, or file contents. When cloud services are enabled, AgentGuard may upload sanitized action previews and metadata to support review, approval, and audit workflows.
6. Does AgentGuard support MCP?+−
AgentGuard supports MCP server scanning and MCP-related integrations. However, it should not be described as fully monitoring or blocking all third-party MCP runtime calls today.
7. Which agent platforms does AgentGuard support?+−
AgentGuard supports runtime hooks for Claude Code, OpenClaw, and Hermes. For Codex, Gemini, Cursor, and Copilot, support mainly depends on Skill or command-level integrations and may vary by environment.

Your Agents Deserve a Runtime Control Plane
Connect local OSS guards to Cloud policy, approvals, audit timelines, and supply-chain scanning.