Skillget

panguard-ai

mcp
Security Audit
Pass
Health Pass
  • License — License: MIT
  • Description — Repository has a description
  • Active repo — Last push 0 days ago
  • Community trust — 34 GitHub stars
Code Pass
  • Code scan — Scanned 12 files during light audit, no dangerous patterns found
Permissions Pass
  • Permissions — No dangerous permissions requested
Purpose
This open-source security platform audits and monitors AI agent skills (MCPs) before installation. It provides real-time threat detection, continuous 24/7 monitoring, and shares community threat intelligence to protect against malicious AI packages.

Security Assessment
The tool itself poses a low security risk. The automated code scan analyzed 12 TypeScript files and found no dangerous patterns, hardcoded secrets, or requests for excessive permissions. As a security monitoring utility, it inherently requires broad read access to scan your installed AI tools and configurations. It also relies on network requests to fetch threat intelligence updates and to communicate with its real-time dashboard. While the standard npm installation is safe, developers should exercise standard caution if opting to use the alternative `curl | bash` installation method, as it involves executing a remote script directly. Overall risk: Low.

Quality Assessment
The project is in very active development, with its most recent code push occurring today. It uses the permissive MIT license and has a solid baseline of community trust with 34 GitHub stars. The repository is well-documented, offering a bilingual README (English and Chinese), clear installation instructions, and transparent references to security standards like OWASP.

Verdict
Safe to use — an actively maintained and transparent security tool that provides valuable protection for developers managing AI agent skills.
SUMMARY

Open-source security platform for AI agents -- audits skills before install, monitors 24/7, shares threat intelligence across all users. | AI Agent 開源安全平台 -- 安裝前審計 skill、24/7 即時監控、社群共享威脅情報。

README.md
Panguard AI

Every app gets reviewed before you install it. AI skills should too.

每個 App 上架都要審核。AI Skill 不該例外。


GitHub Stars
npm version
MIT License
ATR
OWASP
Made in Taiwan

Quick Start | Online Scanner | ATR Standard | Ecosystem Report

AI agents have full system access -- read files, execute commands, access credentials -- with zero review process. We scanned 36,394 MCP skills. Of 9,676 with source code, 1 in 7 triggered CRITICAL or HIGH severity rules. Credential harvesting. Prompt injection. Data exfiltration. Live numbers.

AI Agent 擁有完整系統權限,卻沒有任何審核。我們掃描了 36,394 個 MCP skills,每 7 個就有 1 個觸發 CRITICAL 或 HIGH security rules。即時數據見 panguard.ai

Quick Start

npm install -g @panguard-ai/panguard && pga up

One command. Auto-detects your AI platforms, scans all installed skills, starts 24/7 monitoring with real-time dashboard.

一行搞定。自動偵測 platform、掃描所有 skills、啟動 24/7 monitoring + real-time dashboard。

16 platforms: Claude Code, Claude Desktop, Cursor, OpenClaw, Codex, WorkBuddy, NemoClaw, ArkClaw, Windsurf, QClaw, Cline, VS Code Copilot, Zed, Gemini CLI, Continue, Roo Code

Method Command
npm (recommended) npm install -g @panguard-ai/panguard && pga up
curl (no Node required) curl -fsSL https://get.panguard.ai | bash
Homebrew (macOS) brew install panguard-ai/tap/panguard && pga up

Or scan online at panguard.ai -- paste a GitHub URL, get a report in 3 seconds.

Screenshots

Dashboard — Security Score, Skills, Protection Status

More screenshots

Welcome — First-run initialization

Rules — 71 ATR detection rules, community contribution

Settings — 3-layer detection (ATR, Fingerprint, Cloud AI)

How It Works

  You install PanGuard
       |
       v
  pga up → scans all skills against 71 ATR rules (< 60 seconds)
       |
       v
  Guard starts → watches for new skill installs in real time
       |
       v
  New skill installed → auto-scanned instantly
       |
       v
  Threat found → anonymized hash uploaded to Threat Cloud
       |
       v
  3+ independent confirmations + LLM review → new ATR rule
       |
       v
  Rule pushed to ALL users within 1 hour
       |
       v
  Next time: blocked in < 50ms → everyone is safer

One person encounters a threat. It becomes a rule. It protects everyone. That's the flywheel.

Three-Layer Detection

Layer Engine Latency Cost
1 71 ATR regex rules < 50ms $0
2 Local AI (Ollama) ~ 2s $0
3 Cloud AI (Claude / OpenAI) ~ 5s ~$0.008

Internet down? Rules + local AI keep running. Cloud down? Same. Everything degrades gracefully.

Ecosystem Scan (2026-03-27)

We scanned the entire ClawHub MCP skill registry. Full report.

Count
Skills crawled 36,394
With parseable source code 9,676
CRITICAL (credential theft, reverse shells, prompt injection) 182
HIGH (data exfiltration, unauthorized network access) 1,124
MEDIUM (over-permissioned, suspicious dependencies) 1,016
Triple threat (shell + network + filesystem) 249

Raw data: ecosystem-report.csv (open source)

Research paper: The Collapse of Trust: Security Architecture for the Age of Autonomous AI Agents (Zenodo, DOI: 10.5281/zenodo.19178002)

Standards Alignment

ATR is not a competing standard. It is the detection layer that makes standards enforceable.

Layer What it does Project
Standards Define threat categories SAFE-MCP (OpenSSF, $12.5M)
Taxonomy Enumerate attack surfaces OWASP Agentic Top 10
Detection Match threats in real time ATR -- 71 rules
Enforcement Scan, monitor, block, report PanGuard (this project)
  • OWASP Agentic Top 10: 10/10 categories covered (mapping)
  • SAFE-MCP techniques: 91.8% covered (mapping)

For Enterprise

PanGuard is free and open source for individual developers. For organizations running AI agents at scale:

Policy Engine -- Define what your agents can and cannot do. Enforce across teams.

# panguard-policy.yaml
rules:
  - block_severity: CRITICAL
  - allow_network: ['internal.corp.com', 'api.openai.com']
  - deny_filesystem: ['/etc/shadow', '~/.ssh/*', '~/.aws/*']
  - require_scan_before_install: true

Compliance Reporting -- Map every scan to SOC 2, ISO 27001, or Taiwan Cyber Security Act (TCSA) controls. Generate audit-ready PDF reports.

Air-gapped Deployment -- Run entirely on-premise. No data leaves your network. ATR rules update via signed bundles.

Dashboard -- Real-time threat visibility across all agents, all teams, one pane of glass.

Enterprise inquiry: [email protected]

Architecture

panguard-ai/
  packages/
    panguard/                CLI: 28 commands, 16 platform auto-detect
    panguard-guard/          24/7 monitoring + real-time dashboard + Threat Cloud sync
    panguard-skill-auditor/  6-check security gate for every skill
    panguard-mcp/            MCP server: 11+ tools for AI assistants
    atr/                     Agent Threat Rules: 71 rules, 10 categories
    threat-cloud/            Community threat intel server + LLM review
    scan-core/               Shared scan engine: regex + context signals
    core/                    AI adapters, validation, logging
    website/                 Next.js marketing site + online scanner
Language TypeScript 5.7 (strict mode)
Runtime Node.js 20+
Monorepo pnpm workspaces
AI Ollama (local) + Claude / OpenAI (cloud)
Website Next.js 15 + Vercel

Contributing

License

MIT -- 100% free. 100% open source. No telemetry by default. No vendor lock-in.

If AI agents can act on your behalf, someone should check what they're about to do.


Star on GitHub

Panguard AI -- Taipei, Taiwan

Website ·
Online Scanner ·
ATR Standard ·
Ecosystem Report ·
Documentation

Reviews (0)

No results found