Secret, CVE and dependency-vulnerability scanning for AI agents (free, OSV.dev).
Config is the same across clients — only the file and path differ.
{
"mcpServers": {
"io-github-shuaicongxiaomai-agentguard": {
"command": "<see-readme>",
"args": []
}
}
}Are you the author?
Add this badge to your README to show your security score and help users find safe servers.
Secret, CVE and dependency-vulnerability scanning for AI agents (free, OSV.dev).
No automated test available for this server. Check the GitHub README for setup instructions.
Five weighted categories — click any category to see the underlying evidence.
No known CVEs.
No package registry to scan.
This server is missing a description. Tools and install config are also missing.If you've used it, help the community.
Add informationBe the first to review
Have you used this server?
Share your experience — it helps other developers decide.
Sign in to write a review.
Others in ai-ml / security
Persistent memory using a knowledge graph
An autonomous agent that conducts deep research on any data using any LLM providers
Privacy-first. MCP is the protocol for tool access. We're the virtualization layer for context.
Dynamic problem-solving through sequential thought chains
MCP Security Weekly
Get CVE alerts and security updates for io.github.shuaicongxiaomai/agentguard and similar servers.
Start a conversation
Ask a question, share a tip, or report an issue.
Sign in to join the discussion.
A free, open-source, single-binary MCP server that gives any AI agent (Claude Desktop, Cursor, Claude Code, …) security checks in the loop:
| Tool | What it does | Data source |
|---|---|---|
scan_secrets | Flags hard-coded secrets (API keys, tokens, private keys) in text/code/diffs before the agent commits, logs, or sends them. Runs locally; values are masked. | local (regex + entropy) |
check_cve | Whether a specific package version has known CVEs, with severity + fixed version. | OSV.dev (free) |
scan_dependencies | Scans a go.mod / package.json / requirements.txt and reports every vulnerable pinned dependency. | OSV.dev (free) |
No API key, no account, no telemetry. Everything runs locally except CVE lookups, which hit the free public OSV.dev API.
Pick whichever fits your setup. All three give the same stdio MCP server.
docker run -i --rm ghcr.io/shuaicongxiaomai/agentguard:latest demo
MCP client config (mcpServers block in Claude Desktop / Cursor / Claude Code):
{
"mcpServers": {
"agentguard": {
"command": "docker",
"args": ["run", "-i", "--rm", "ghcr.io/shuaicongxiaomai/agentguard:latest"]
}
}
}
go install github.com/shuaicongxiaomai/agentguard@latest
{ "mcpServers": { "agentguard": { "command": "agentguard" } } }
Download the archive for your OS/arch from the Releases
page, extract it, and point the config command at the absolute path to the binary.
go build -o agentguard . # append .exe on Windows
1. demo — see it work, zero config:
agentguard demo
Runs all three tools on sample inputs and prints the results.
2. stdio (default) — local use; the MCP client launches the binary. No port; the client manages its lifecycle. Use any of the configs above, then ask your agent: "scan this for secrets", "is lodash 4.17.20 vulnerable?", "check my package.json for vulnerable deps."
3. serve — Streamable HTTP service on a port (for a hosted/remote server):
agentguard serve :8080 # or set PORT=8080
# health: GET http://host:8080/healthz
# MCP URL: POST http://host:8080/mcp (clients connect to this URL)
Use stdio for local use; use serve when you want a hosted server users connect to by URL
without installing anything.
scan_secrets runs locally and never returns raw secret values — only masked previews.scan_dependencies caps at 200 deps per call and queries OSV concurrently.check_cve / scan_dependencies need network access to OSV.dev; scan_secrets is fully offline.MIT.