Aguara MCP
Scan skills and MCP servers you install or publish before trusting them in your agent stack.
Overview
Aguara MCP is a Ship-phase MCP server that security-scans AI agent skills and MCP servers before you enable them.
What is this MCP server?
- Security scanner focused on AI agent skills and MCP servers
- Distributed as mcpb release v0.2.0 with published file SHA256
- stdio transport via aguara-mcp.mcpb bundle
- GitHub-hosted scanner you invoke from the agent toolchain
- Complements manual README review with automated checks
- Version 0.2.0
- registryType mcpb
- Published fileSha256 on release artifact
What problem does it solve?
Community skills and MCP servers are opaque, and one bad install can compromise keys or runtime on your machine.
Who is it for?
Builders who install many third-party skills/MCP servers and want a dedicated security pass in the agent workflow.
Skip if: Teams that only use first-party tools with no external skills, or those needing full application penetration testing.
What do I get? / Deliverables
You get scanner-driven signal on skill and MCP risk so you can reject or harden extensions before agents use them.
- Security scan results for targeted skills and MCP servers
- Earlier detection of risky extensions before agent execution
- Repeatable audit hook in your agent tooling pipeline
Recommended MCP Servers
Journey fit
How it compares
Supply-chain scanner for skills/MCP, not a runtime WAF or generic npm audit.
Common Questions / FAQ
Who is Aguara MCP for?
Solo builders and small teams adopting community AI skills and MCP servers who need a security review step.
When should I use Aguara MCP?
Before enabling a new skill or MCP server, and when revisiting extensions after updates or incidents.
How do I add Aguara MCP to my agent?
Install the v0.2.0 mcpb from the GitHub release and register it as a stdio MCP server in your agent client.