AgentShield mostly matches its security-audit purpose, but its privacy and trust-verification disclosures do not consistently match the code.
Install only if you are comfortable with a remote AgentShield registry receiving your agent name, platform, public key, challenge signatures, and summarized test results. Run manual mode or inspect the code before using --auto or --yes, avoid relying on --dry-run as fully offline, do not use the peer-verification result as cryptographic proof until signature verification is implemented, and avoid exposing handshake session keys in shared terminals or logs.