{"id":"garagon-aguara","name":"aguara","homepage":"https://aguarascan.com","repo_url":"https://github.com/garagon/aguara","category":"security","subcategories":[],"tags":["security-scanner","ai-agents","mcp","static-analysis","prompt-injection","data-exfiltration","sast","devsecops"],"what_it_does":"Aguara is a local security scanner (CLI + library + Docker) that statically analyzes AI agent skills and MCP server/tool configurations to detect issues such as prompt injection, data exfiltration, credential leaks, and supply-chain/persistence/rug-pull patterns. It supports decoded/obfuscated content scanning, cross-file taint/risk flow analysis within an MCP server directory, and produces terminal/JSON/SARIF/Markdown outputs suitable for CI.","use_cases":["Pre-deployment scanning of MCP servers and AI agent skills for injection and exfiltration risks","CI security gate for detecting high/critical findings before merging or releasing","Auditing and generating SARIF reports for GitHub Code Scanning","Monitoring for potential tool-description/rug-pull changes across scans (hash tracking)","Offline/static verification without relying on API keys or LLMs"],"not_for":["Runtime protection or mitigation of already-executing malicious code","Guaranteeing absence of vulnerabilities (static analysis can miss novel attack patterns)","Network-based scanning of arbitrary endpoints (it scans local files/configs rather than remote services)","A SaaS/hosted security platform with account-based management"],"best_when":"You have AI agent/MCP code (skills, tool descriptions, configs) in a repo or local directory and want reproducible, offline, CI-friendly static security checks before deployment.","avoid_when":"You need real-time blocking, runtime sandboxing, or dynamic behavioral detection of executed code.","alternatives":["Semgrep/CodeQL-style static analysis (general-purpose security rules)","Custom internal security scanners for prompt injection/tooling exfil patterns","SAST tools for general code vulnerabilities (not MCP/agent-specific)","Third-party MCP/agent security services (hosted) if you require managed scanning"],"af_score":62.8,"security_score":87.2,"reliability_score":37.5,"package_type":"mcp_server","discovery_source":["github"],"priority":"high","status":"evaluated","version_evaluated":null,"last_evaluated":"2026-03-30T15:19:14.330779+00:00","interface":{"has_rest_api":false,"has_graphql":false,"has_grpc":false,"has_mcp_server":false,"mcp_server_url":null,"has_sdk":true,"sdk_languages":["Go"],"openapi_spec_url":null,"webhooks":false},"auth":{"methods":["None (local/offline CLI scanning)"],"oauth":false,"scopes":false,"notes":"Authentication is not required for local scanning. Optional CI action usage requires GitHub permissions for SARIF upload (e.g., security-events: write on public repos per README)."},"pricing":{"model":null,"free_tier_exists":false,"free_tier_limits":null,"paid_tiers":[],"requires_credit_card":false,"estimated_workload_costs":null,"notes":"Appears to be open-source/local tooling; no usage-based pricing described in provided content."},"requirements":{"requires_signup":false,"requires_credit_card":false,"domain_verification":false,"data_residency":[],"compliance":[],"min_contract":null},"agent_readiness":{"af_score":62.8,"security_score":87.2,"reliability_score":37.5,"mcp_server_quality":0.0,"documentation_accuracy":85.0,"error_message_quality":0.0,"error_message_notes":null,"auth_complexity":100.0,"rate_limit_clarity":0.0,"tls_enforcement":100.0,"auth_strength":100.0,"scope_granularity":100.0,"dependency_hygiene":55.0,"secret_handling":70.0,"security_notes":"Security is primarily about static scanning rather than transport security. Authentication/authorization is not applicable for local use. The project emphasizes decoding, NFKC normalization, cross-file taint/rug-pull detection, and provides redaction of sensitive env values in JSON output (per README). Dependency hygiene and exact CVE posture cannot be confirmed from provided content. Ensure scanner outputs/reports are handled carefully since findings may include secrets/redacted-but-sometimes-sensitive context.","uptime_documented":0.0,"version_stability":60.0,"breaking_changes_history":40.0,"error_recovery":50.0,"idempotency_support":"true","idempotency_notes":"Scanning is described as deterministic for the same input. For monitoring/rug-pull detection it uses tracked hashes across runs; repeated scans of unchanged inputs should yield stable results, assuming rule versions/profile are consistent.","pagination_style":"none","retry_guidance_documented":false,"known_agent_gotchas":["This is a local static scanner; agents should not expect it to interact with running MCP servers or provide runtime guarantees.","Some rules can be context-dependent; use --tool-name or profiles to reduce false positives.","Inline ignore directives can suppress findings; ensure ignores are reviewed in security workflows."]}}