{"id":"garagon-aguara","name":"aguara","af_score":62.8,"security_score":87.2,"reliability_score":37.5,"what_it_does":"Aguara is a local security scanner (CLI + library + Docker) that statically analyzes AI agent skills and MCP server/tool configurations to detect issues such as prompt injection, data exfiltration, credential leaks, and supply-chain/persistence/rug-pull patterns. It supports decoded/obfuscated content scanning, cross-file taint/risk flow analysis within an MCP server directory, and produces terminal/JSON/SARIF/Markdown outputs suitable for CI.","best_when":"You have AI agent/MCP code (skills, tool descriptions, configs) in a repo or local directory and want reproducible, offline, CI-friendly static security checks before deployment.","avoid_when":"You need real-time blocking, runtime sandboxing, or dynamic behavioral detection of executed code.","last_evaluated":"2026-03-30T15:19:14.330779+00:00","has_mcp":false,"has_api":false,"auth_methods":["None (local/offline CLI scanning)"],"has_free_tier":false,"known_gotchas":["This is a local static scanner; agents should not expect it to interact with running MCP servers or provide runtime guarantees.","Some rules can be context-dependent; use --tool-name or profiles to reduce false positives.","Inline ignore directives can suppress findings; ensure ignores are reviewed in security workflows."],"error_quality":0.0}