goplus-agentguard

GoPlus AgentGuard

The essential security guard for every AI agent user.

Your AI agent has full access to your terminal, files, and secrets — but zero security awareness.
A malicious skill or prompt injection can steal your keys, drain your wallet, or wipe your disk.
AgentGuard stops all of that.

Why AgentGuard?

AI coding agents can execute any command, read any file, and install any skill — with zero security review. The risks are real:

• Malicious skills can hide backdoors, steal credentials, or exfiltrate data
• Prompt injection can trick your agent into running destructive commands
• Unverified code from the internet may contain wallet drainers or keyloggers

AgentGuard is the first real-time security layer for AI agents. It automatically scans every new skill, blocks dangerous actions before they execute, runs daily security patrols, and tracks which skill initiated each action. One install, always protected.

What It Does

Layer 1 — Automatic Guard (hooks): Install once, always protected.

• Blocks rm -rf /, fork bombs, curl | bash and destructive commands
• Prevents writes to .env, .ssh/, credentials files
• Detects data exfiltration to Discord/Telegram/Slack webhooks
• Tracks which skill initiated each action — holds malicious skills accountable

Layer 2 — Deep Scan (skill): On-demand security audit with 24 detection rules.

• Auto-scans new skills on session start — malicious code blocked before it runs
• Static analysis for secrets, backdoors, obfuscation, and prompt injection
• Web3-specific: wallet draining, unlimited approvals, reentrancy, proxy exploits
• Trust registry with capability-based access control per skill

Layer 3 — Daily Patrol (OpenClaw): Automated daily security posture assessment.

• 8 comprehensive security checks run on a configurable schedule
• Detects skill tampering, secrets exposure, network risks, and suspicious file changes
• Analyzes audit logs for attack patterns and flags repeat offenders
• Validates environment configuration and trust registry health

Quick Start

npm install @goplus/agentguard

git clone https://github.com/GoPlusSecurity/agentguard.git
cd agentguard && ./setup.sh
claude plugin add /path/to/agentguard

git clone https://github.com/GoPlusSecurity/agentguard.git
cp -r agentguard/skills/agentguard ~/.claude/skills/agentguard

npm install @goplus/agentguard

import register from '@goplus/agentguard/openclaw';
export default register;

import { registerOpenClawPlugin } from '@goplus/agentguard';

export default function setup(api) {
  registerOpenClawPlugin(api, {
    level: 'balanced',      // Protection level: strict | balanced | permissive
    skipAutoScan: false,    // Set true to disable auto-scanning of plugins
  });
};

Then use /agentguard in your agent: