Agentguard

Security checks across malware telemetry and agentic risk

Overview

AgentGuard is purpose-aligned as a security proxy, but it asks users to trust a privileged, long-running daemon and broad command/file/network mediation that cannot be fully reviewed from the provided artifacts.

Install only if you intentionally want AgentGuard to mediate agent command, file, and network operations. Verify the native agentguard binary and checksum/provenance, confirm tools.deny is actually configured before relying on bypass prevention, keep daemonHost on 127.0.0.1 unless you fully trust the remote endpoint, and review how to stop the daemon and remove /usr/local/bin/agentguard.

SkillSpector

By NVIDIA

Vulnerability Patterns

MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Description-Behavior Mismatch

Medium

Confidence: 89% confidence
Finding: The installer does more than install a binary: it immediately starts a long-running daemon. That changes system state and begins background execution without an explicit consent step, which is risky because users may not expect a setup script to launch persistent services during installation.

Missing User Warnings

Medium

Confidence: 92% confidence
Finding: The script writes to /usr/local/bin and then starts a daemon, both actions that typically require elevated privileges and have persistent effects. Performing these operations without prior warning or confirmation increases the risk of surprising users, bypassing informed consent, and causing unintended privileged changes on the host.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal