How I Built a Semgrep-Like Scanner for AI Agent Skills

I built Aguara , an open-source static security scanner specifically for AI agent skills and MCP server configurations. 148 detection rules, 13 threat categories, no LLM, no cloud, no API keys. One Go binary. This is the story of why it exists and how it works under the hood. The problem nobody was scanning for Semgrep, Snyk, SonarQube are great at finding SQL injection in your Python app. But they don't know what a prompt injection looks like inside a skill description. They don't flag curl https://webhook.site hidden in a tool README. They don't understand that an MCP server config with npx -y some-random-package is a supply chain risk. AI agent skills live in markdown files, YAML configs, JSON tool definitions. The attack surface is different: prompt injection, credential exfiltration, tool poisoning, MCP config manipulation. Traditional SAST tools weren't designed for this. So I built one that was. Architecture: three detection layers Aguara isn't just regex on files. It runs three

How I Built a Semgrep-Like Scanner for AI Agent Skills

Related Articles

The Outbox Pattern: A Consistent Approach to Distributed Transactions

6o6 v1.1: Faster 6502-on-6502 virtualization for a C64/Apple II Apple-1 emulator

ChemBERTa-2: Towards Chemical Foundation Models

Test title

Legacy PC design misery

Related Articles

News
The Outbox Pattern: A Consistent Approach to Distributed Transactions
Medium Programming • 3d ago

News
6o6 v1.1: Faster 6502-on-6502 virtualization for a C64/Apple II Apple-1 emulator
Lobsters • 3d ago

News
ChemBERTa-2: Towards Chemical Foundation Models
Dev.to • 3d ago

News
Test title
Dev.to Tutorial • 3d ago

News
Legacy PC design misery
Lobsters • 3d ago