Marketplace

sage

Security plugins for Claude Code by Gen Digital

Component Overview

Commands

Agents

Skills

Hooks

MCP Servers

LSP Servers

Output Styles

Install

npx claudepluginhub gendigitalinc/sage

README

1 Plugin

sage

167

Safety for Agents - Agent Detection & Response (ADR) for Claude Code

v0.8.0

Related Marketplaces

claude-code-workflows

33.2K

0plugins

Production-ready workflow orchestration with 75 focused plugins, 182 specialized agents, and 147 skills - optimized for granular installation and minimal token usage

antigravity-awesome-skills

33.1K

0plugins

Claude Code marketplace entries for the plugin-safe Antigravity Awesome Skills library and its compatible editorial bundles.

claude-plugins-official

16.9K

0plugins

Directory of popular Claude Code extensions including development tools, productivity plugins, and MCP integrations

Stats

Plugins1

Stars167

UpdatedApr 9, 2026

Links

View on GitHub View Marketplace JSON

Sage

Safety for Agents - a lightweight Agent Detection & Response (ADR) layer for AI agents that guards commands, files, and web requests.

Sage intercepts tool calls (Bash commands, URL fetches, file writes) via hook systems in Claude Code, Cursor / VS Code, OpenClaw, and OpenCode, and checks them against:

URL reputation - cloud-based malware, phishing, and scam detection
Local heuristics - YAML-based threat definitions for dangerous patterns
Package supply-chain checks - registry existence, file reputation, and age analysis for npm/PyPI packages
Plugin scanning - scans other installed plugins for threats at session start

Quick Start

Claude Code

Requires Node.js >= 18.

/plugin marketplace add https://github.com/gendigitalinc/sage.git
/plugin install sage@sage

Cursor

Install the official extension from the Cursor extension marketplace. Alternatively, build from source:

pnpm install && pnpm -C packages/extension run package:cursor:vsix

VS Code

Install the official extension from the VS Code extension marketplace. To use Sage’s MCP tools, start the MCP server manually via: MCP: List Server → sage → Start server.

Alternatively, build from source:

pnpm install && pnpm -C packages/extension run package:vscode:vsix

OpenClaw

# From npm (recommended)
openclaw plugins install @gendigital/sage-openclaw

# From source
pnpm install && pnpm build
cp -r packages/openclaw sage && openclaw plugins install ./sage

OpenCode

Use a local source checkout and add the plugin path in OpenCode config:

git clone https://github.com/gendigitalinc/sage
cd sage
pnpm install
pnpm --filter @gendigital/sage-opencode run build

{
  "plugin": ["/absolute/path/to/sage/packages/opencode"]
}

See Getting Started for detailed instructions.

Documentation

Document	Description
Getting Started	Installation for all platforms
How It Works	Detection layers, data flow, verdicts
Configuration	All config options and file paths
Threat Rules	YAML rule format and what gets checked
Package Protection	npm/PyPI supply-chain checks
Plugin Scanning	Session-start plugin scanning
AMSI Scanning	Windows antimalware scanning via AMSI
Architecture	Monorepo structure, packages, design decisions
MCP Server	Shared MCP server architecture + auto-install
Development	Building, testing, tooling, conventions
FAQ	Common questions
Privacy	What data is sent, what stays local

Platform guides: Claude Code · Cursor / VS Code · OpenClaw · OpenCode

Current Limitations

MCP tool call interception (mcp__*) is not yet implemented
Custom user threat definitions (~/.sage/threats/) are not yet implemented

Privacy

Sage sends URLs and package hashes to Gen Digital reputation APIs. File content, commands, and source code stay local. Both services can be disabled for fully offline operation. See Privacy for details.

Contributing

See CONTRIBUTING.md for development setup, coding conventions, and the threat rule contribution process.

License

Source code: Apache License 2.0
Threat detection rules (threats/): Detection Rule License 1.1