aguara
Aguara is a local security scanner (CLI + library + Docker) that statically analyzes AI agent skills and MCP server/tool configurations to detect issues such as prompt injection, data exfiltration, credential leaks, and supply-chain/persistence/rug-pull patterns. It supports decoded/obfuscated content scanning, cross-file taint/risk flow analysis within an MCP server directory, and produces terminal/JSON/SARIF/Markdown outputs suitable for CI.
Score Breakdown
⚙ Agent Friendliness
🔒 Security
Security is primarily about static scanning rather than transport security. Authentication/authorization is not applicable for local use. The project emphasizes decoding, NFKC normalization, cross-file taint/rug-pull detection, and provides redaction of sensitive env values in JSON output (per README). Dependency hygiene and exact CVE posture cannot be confirmed from provided content. Ensure scanner outputs/reports are handled carefully since findings may include secrets/redacted-but-sometimes-sensitive context.
⚡ Reliability
Best When
You have AI agent/MCP code (skills, tool descriptions, configs) in a repo or local directory and want reproducible, offline, CI-friendly static security checks before deployment.
Avoid When
You need real-time blocking, runtime sandboxing, or dynamic behavioral detection of executed code.
Use Cases
- • Pre-deployment scanning of MCP servers and AI agent skills for injection and exfiltration risks
- • CI security gate for detecting high/critical findings before merging or releasing
- • Auditing and generating SARIF reports for GitHub Code Scanning
- • Monitoring for potential tool-description/rug-pull changes across scans (hash tracking)
- • Offline/static verification without relying on API keys or LLMs
Not For
- • Runtime protection or mitigation of already-executing malicious code
- • Guaranteeing absence of vulnerabilities (static analysis can miss novel attack patterns)
- • Network-based scanning of arbitrary endpoints (it scans local files/configs rather than remote services)
- • A SaaS/hosted security platform with account-based management
Interface
Authentication
Authentication is not required for local scanning. Optional CI action usage requires GitHub permissions for SARIF upload (e.g., security-events: write on public repos per README).
Pricing
Appears to be open-source/local tooling; no usage-based pricing described in provided content.
Agent Metadata
Known Gotchas
- ⚠ This is a local static scanner; agents should not expect it to interact with running MCP servers or provide runtime guarantees.
- ⚠ Some rules can be context-dependent; use --tool-name or profiles to reduce false positives.
- ⚠ Inline ignore directives can suppress findings; ensure ignores are reviewed in security workflows.
Alternatives
Full Evaluation Report
Comprehensive deep-dive: security analysis, reliability audit, agent experience review, cost modeling, competitive positioning, and improvement roadmap for aguara.
AI-powered analysis · PDF + markdown · Delivered within 30 minutes
Package Brief
Quick verdict, integration guide, cost projections, gotchas with workarounds, and alternatives comparison.
Delivered within 10 minutes
Score Monitoring
Get alerted when this package's AF, security, or reliability scores change significantly. Stay ahead of regressions.
Continuous monitoring
Scores are editorial opinions as of 2026-03-30.