garagon/aguara

Security scanner for AI agents and software supply chains. Detects prompt injection, MCP risks, tool poisoning, unsafe GitHub Actions, secret exfiltration, and compromised packages across npm, pnpm, PyPI, Go, Rust, PHP, Ruby, Java, and .NET. Local-first, no SaaS or LLM calls. (81 stars, 15 forks, Go, fresh release, 6 AI signals, 5 developer signals). Latest release: v0.22.2.