Safety Report

AgentGuard

Name: AgentGuard
Rating: 3 (2 reviews)
Author: manas-io-ai

Monitors agent file access, API calls, and communications to detect suspicious behavior, log events, and generate actionable security reports.

2,411Downloads

13Installs

2Stars

1Versions

API Integration4,971 File Management2,100 Security & Compliance1,716 Monitoring & Logging1,579

Security Analysis

medium confidence

Suspicious0.08 risk

AgentGuard's code and instructions mostly match a local monitoring tool, but there are provenance gaps and a clear mismatch between the SKILL.md claim of 'no external data transmission' and code/config options that can send alerts to external channels (webhooks/Telegram/Discord) if enabled — the user should review config and provenance before installing.

Feb 11, 20268 files3 concerns

Purpose & Capabilitynote

The files and SKILL.md implement a file/API/communication monitor, anomaly detector, logger, alerter and reporter — these capabilities align with the implied purpose (security monitoring). However the skill has no public homepage/source and the skill metadata provides no description or provenance, which reduces trustworthiness.

Instruction Scopeconcern

SKILL.md instructs continuous, broad monitoring of file reads/writes and all external communications (including scanning for credentials). It asserts 'No external data transmission' but the code/config expose channels (telegram, discord, webhook, email) that can dispatch alerts externally when configured. The monitoring covers sensitive paths (e.g. ~/.ssh, .aws, .netrc) which is coherent for a monitor but is high-sensitivity data; the skill's instructions allow wide discretion to collect and log this data.

Install Mechanismok

There is no install spec (instruction-only install), so nothing is downloaded or executed automatically by an installer. Code is included in the package, which will create ~/.agentguard and write logs at runtime. No external install URLs or unexpected installers were present.

Credentialsnote

The skill declares no required environment variables (and none are necessary to run locally). However alert dispatching supports external channels and expects configuration (webhook_url, chat IDs, etc.) which if supplied would enable data to leave the host. The SKILL.md does not require any credentials but the effective behavior can be changed by the user-supplied config — this mismatch should be considered.

Persistence & Privilegeok

The skill does not request force-inclusion (always: false) and does not modify other skills. It writes to a local directory (~/.agentguard) for logs, baselines, alerts and reports which is expected for monitoring software. Running as a separate process (recommended in SKILL.md) is appropriate to limit risk.

Guidance

What to consider before installing AgentGuard: - Provenance: the skill has no homepage/source URL in the metadata. Prefer skills with a public repository, release notes or verified publisher. Ask for the upstream repo or a signed release before trusting it. - External channels: SKILL.md claims "No external data transmission" but the code supports Telegram/Discord/webhook/email alerts. If you enable those channels (or add webhook URLs/chat IDs) sensitive information from logs/alerts can be sent off-host. Only enable external channels you fully control and inspect the alert contents first. - Scope of monitoring: AgentGuard watches broad paths (including ~/.ssh, .aws, .netrc, .env). That is expected for a security monitor but means the tool will see highly sensitive secrets. Only grant it access to directories you intend to monitor, and exclude secret stores if you do not want them monitored. - Run isolation: Follow the SKILL.md suggestion — run AgentGuard in a separate process/container with limited privileges (read-only where possible). That reduces the risk that a compromised agent can disable or tamper with monitoring. - Configuration review: Before enabling automated dispatching, review ~/.agentguard/config.yaml and ensure 'channels' and webhook URLs are set to trusted endpoints. Enable log encryption and retention as needed. - Code review / provenance check: If you cannot verify the upstream repository or author, inspect the included scripts (monitor, logger, detector, alerter, reporter) for unexpected network calls or obfuscated code. The visible code prints and simulates sends rather than performing direct network POSTs, but the presence of dispatch functions means network sending can be enabled by configuration or by future changes. - What would change this assessment: a public, verifiable source repository, signed releases, or a maintainer statement that alerts are only local unless explicit external channels are configured would increase confidence. Conversely, finding hardcoded remote endpoints, obscured network calls, or automatic remote installation would increase severity to malicious.

Latest Release

v1.0.0

Initial release of AgentGuard – security monitoring skill. - Monitors file access and API calls for suspicious activity, including credential access and exfiltration patterns. - Logs agent communications (HTTP requests, emails, message platforms) with audit trails. - Detects behavioral anomalies using ML-lite pattern analysis. - Generates security reports with alerts, activity summaries, and recommendations. - Features configurable alert channels, data retention, sensitivity levels, and privacy-focused data handling. - Integrates with Clawdbot and can share/block operations with other skills.

Popular Skills

self-improving-agent

@pskoett · 1,456 stars

Gog

@steipete · 672 stars

Tavily Web Search

@arun-8687 · 620 stars

Find Skills

@JimLiuxinghai · 529 stars

Proactive Agent

@halthelobster · 426 stars

Summarize

@summarize · 415 stars

Published by @manas-io-ai on ClawHub