Guard
Home
Skip to main content
hol-guard protect
CodexClaude CodeOpenCode
_
Live agent threat detected

AI agents are running code on your machine. Who said stop?

When Claude Code reads your secrets or Cursor installs a rogue package, Guard steps in before the tool call completes.

Free account · Welcome email with setup guide · No credit card required

Works with
Codex
Claude Code
OpenCode
Local-first · No account required · Apache 2.0

The problem Guard solves

AI agents are fast.
Blind spots are faster.

The same capabilities that make AI coding agents useful make them dangerous without a control layer between them and your system.

Without Guard

Does your agent know what it just installed?

npm packages from AI-generated install commands run immediately with no receipt, no intercept, no record.

Who approved that MCP server registration?

Remote MCP endpoints extend what your harness can call. Without Guard, they register silently.

Is your .env still yours?

Tool calls like Read(.env) happen in a single round-trip. By the time you see it in logs, it already ran.

With Guard

Every install is wrapped

hol-guard protect wraps npm, pip, and cargo installs. You see what ran, what it found, and the decision it made — every single time.

MCP registration paused

Remote endpoint registrations stop before execution. Guard shows you what the harness is trying to add and waits for your approval.

Secret-bearing file reads intercepted

Pre-tool hooks fire before .env, .npmrc, and key files are opened. You approve or deny before the round-trip completes.

Get protected in 60 seconds

Free forever · No account required · Works offline

Our promise

Security you can verify, not just trust

Local-first, always

Your code, prompts, configs, and receipts stay on your machine unless you explicitly opt in to cloud sync. Guard never reads file contents server-side.

Privacy model

Exportable receipts

Every block, review, and approval is captured in a local decision receipt you can inspect, export, and sync across devices via Guard Cloud.

How receipts work

No lock-in

Open policy format, exportable receipts, Apache-licensed CLI. If Guard disappears tomorrow your data and your decisions remain yours.

Open source

Why developers trust it

Built without blind trust by default.

Guard builds trust by being auditable, local-first, and fully open.

Open source core

The full Guard runtime is published under MIT. Read every line before you run it.

Local-first by design

Scans, approvals, and decisions stay on your machine until you explicitly opt in to cloud sync.

Built for teams

Shared policy packs and investigation routing mean your whole team reviews once, not individually.

View source on GitHub
For maintainers and plugin publishers

For maintainers

The scanner
for agent
ecosystems.

Validate extensions before release. Use plugin-scanner for maintainer CI checks, then use hol-guard locally to enforce runtime decisions.

maintainer quickstart
# Local maintainer gate
$ pipx install plugin-scanner
$ plugin-scanner verify .

# GitHub Actions PR gate
permissions:
contents: read
security-events: write
jobs:
scan-plugin:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: hashgraph-online/ai-plugin-scanner-action@v1
with:
plugin_dir: "."
min_score: 80
fail_on_severity: high

Multi-ecosystem detection

Auto-detects Codex plugins, Claude Code plugins, Gemini CLI extensions, and OpenCode workspace bundles in any repository.

Trust scores and badges

Computes a weighted trust score across security, MCP posture, installability, and maintenance. Plugins that pass can display Scanner Clean, MCP Hardened, and Marketplace Ready badges.

GitHub Action for CI

Use plugin-scanner verify in CI, or the published ai-plugin-scanner action, to gate PRs before release.

MCP transport hardening

Flags insecure HTTP MCP endpoints, wildcard binds, and missing auth postures before they reach production.

Manifest and marketplace validation

Checks relative paths, required screenshots, privacy policy URLs, and plugin metadata completeness — the same rules the HOL Registry uses for import.

Skill-level security scanning

Scans bundled skills for prompt injection markers, zero-width characters, dangerous shell commands, and secret leaks.

Add Scanner ActionRead documentation
Get started free

Your agent
just got teeth.

Install Guard locally in 30 seconds. Intercepts run on your machine. No account required to start.

Free forever plan60s install5 harnesses100% local

Pick your harness

Codexhol-guard install codex
Claude Codehol-guard install claude-code
Cursorhol-guard install cursor
Gemini CLIhol-guard detect gemini
OpenCodehol-guard detect opencode
Install Guard — FreeOpen dashboard
Need team policies or hosted agents? Request a demo →