New MCP servers and AI agent tools ship every week. Cursor rules, Claude skills, agent instructions — the ecosystem is moving faster than anyone can manually review.
Even if you check things before installing, updates can introduce new behavior. And with tools being forked, modified, and reshared — you want something watching continuously.
That's why I built AgentGuard — a macOS menu bar app that runs security scanners in the background and flags anything suspicious.
The risk
MCP servers register tools that your AI assistant calls. Those tools can read files, run commands, make HTTP requests. A malicious or compromised tool can:
- Exfiltrate your SSH keys or credentials to an external endpoint
- Inject prompts that override your instructions
- Chain tool calls to escalate access
Same with agent skills and rules (.cursorrules, Claude skills, agent instructions). They're mostly markdown files — but they control what the AI does on your machine.
The scanners
Cisco AI Defense maintains two open-source security scanners:
| Scanner | What it scans |
|---|---|
| mcp-scanner | MCP server configs — Claude Desktop, Cursor, VS Code, Windsurf, Zed |
| skill-scanner | Agent skill packages — Cursor rules, Claude skills, and other agent instruction files |
YARA rules + static analysis. Everything runs locally, nothing leaves your machine.
They work great — but they're CLI tools. You have to remember to run them manually after every install or update.
AgentGuard
AgentGuard puts both scanners behind a menu bar icon. It scans on a schedule, shows findings in a popover, and lets you act on them.
Click a finding to see full details — what was detected, which rule flagged it, and the option to mute it:
What you get:
- Shield icon in menu bar — green when clear, red + count when there are findings
- MCP Servers and AI Agent Skills as separate sections
- Click to expand finding details — threat name, category, rule ID
- Mute with confirmation — dismiss known false positives, unmute anytime
- Settings — scan interval, custom skill directories, launch at login
Install:
brew tap naufalafif/tap
brew install --cask agent-guard
The app handles everything — installs the scanners, scans your configs, runs in the background. No manual setup.
What it scans:
MCP configs are picked up automatically — claude_desktop_config.json, .cursor/mcp.json, VS Code settings.json, Windsurf, Zed.
Skill directories default to common locations — ~/.cursor/skills, ~/.cursor/rules, ~/.claude/skills, ~/.agents/skills, and more. Add your own from Settings.
Open source
AgentGuard is a native Swift app — open source under MIT.
GitHub: github.com/naufalafif/agent-guard
If you use MCP servers or AI coding tools, give it a scan. You might find something you didn't expect.
Top comments (1)
This is exactly the kind of tooling the AI agent ecosystem needs. Security auditing for MCP servers and agent skills is going to become mandatory as agents get more capable.
We're seeing this firsthand building AnveVoice — our voice AI takes real DOM actions on websites (clicking buttons, filling forms, navigating pages) via 46 MCP tools over JSON-RPC 2.0. When your agent can actually manipulate a website's DOM, the attack surface is real. Prompt injection, tool chaining exploits, credential exfiltration — all the risks you mentioned.
Our approach: MIT-0 licensed embed code so customers can audit every line, sandboxed tool execution, and strict scope limits per agent. But having a dedicated scanner like AgentGuard running in the background adds another critical layer.
Going to try this on our setup. Appreciate the open-source approach.