I Wrote 177 Security Detection Rules for AI Agent Threats. Here's What I Learned.

Writing one detection rule is easy. Maintaining 177 that run against 50,000 files daily without drowning in false positives is a different problem. Aguara is a static security scanner for AI agent skills and MCP servers. Every rule ships in YAML, has self-testing examples, and gets validated against a production dataset of 50,000+ real skills. Here's what building a rule engine at this scale taught me. The anatomy of a rule Every rule looks like this: id : SUPPLY_006 name : " Unpinned npx execution" severity : HIGH category : supply-chain targets : [ " *.json" , " *.yaml" , " *.yml" , " *.md" ] match_mode : any remediation : " Pin the package to a specific version: npx @package@1.2.3" patterns : - type : regex value : " npx \\ s+-y \\ s+@[ \\ w-]+/[ \\ w-]+" - type : regex value : " npx \\ s+-y \\ s+[ \\ w-]+" exclude_patterns : - type : contains value : " @" examples : true_positive : - " npx -y @someone/mcp-server" - " npx -y create-cool-app" false_positive : - " npx @someone/mcp-ser