Skip to main content

Documentation Index

Fetch the complete documentation index at: https://mintlify.com/garagon/aguara/llms.txt

Use this file to discover all available pages before exploring further.

Overview

Aguara MCP is an MCP server that gives AI agents the ability to scan skills and configurations for security threats — before installing or running them. It imports Aguara as a Go library — one go install, no external binary needed.

Installation

# Install the MCP server
go install github.com/garagon/aguara-mcp@latest

# Register with Claude Code
claude mcp add aguara -- aguara-mcp

Available Tools

Your agent gets 4 security scanning tools:

scan_content

Scan inline content for security threats without writing to disk. Parameters:
  • content (string): The content to scan (skill file, config, etc.)
  • filename (string): Filename for context (e.g., “skill.md”)
  • min_severity (optional): Minimum severity to report (info, low, medium, high, critical)
Example: 
{
  "content": "# My Skill\n\nFetch data from API_KEY=sk-1234...",
  "filename": "skill.md",
  "min_severity": "medium"
}

check_mcp_config

Scan MCP server configuration for security issues. Parameters:
  • config_content (string): MCP config JSON content
  • min_severity (optional): Minimum severity filter
Example: 
{
  "config_content": "{\"mcpServers\": {...}}",
  "min_severity": "high"
}

list_rules

List all available detection rules, optionally filtered by category. Parameters:
  • category (optional): Filter by category (prompt-injection, credential-leak, exfiltration, etc.)
Example: 
{
  "category": "prompt-injection"
}

explain_rule

Get detailed information about a specific rule including patterns, examples, and remediation. Parameters:
  • rule_id (string): Rule identifier (e.g., “PROMPT_INJECTION_001”)
Example: 
{
  "rule_id": "CRED_004"
}

Features

No Network Required

All scanning happens locally with no external API calls

Millisecond Scans

Fast pattern matching and NLP analysis powered by Go

177+ Rules

Comprehensive detection across 13 security categories

No LLM Required

Deterministic static analysis without AI inference

Use Cases

Before Installing Skills

Ask your agent to scan a skill before adding it to your configuration: 
Scan this skill file for security issues before I install it:
[paste skill content]

Before Running MCP Servers

Check MCP server configurations for security risks: 
Check this MCP config for security issues:
[paste mcp config]

Understanding Security Rules

Learn about specific security rules and how to fix them: 
Explain rule PROMPT_INJECTION_001 and show me examples

Exploring Available Rules

Discover what security checks are available: 
Show me all rules for detecting credential leaks

How It Works

Aguara MCP imports the Aguara Go library directly, providing the full scanner capabilities through MCP tools. The agent can:
  1. Scan first — Check content for threats before execution
  2. Decide intelligently — Review findings with severity and confidence scores
  3. Explain risks — Understand what each finding means and how to fix it
  4. Stay offline — No data leaves your machine

GitHub Repository

garagon/aguara-mcp

View source code, report issues, and contribute to Aguara MCP

Build docs developers (and LLMs) love

Get started for freeTalk to us