Threat explainer

Skill and plugin safety

How malicious skills, plugins, and agent packages hide risky behavior.

Install HOL GuardProtect a team

Agent skills are tiny helpers. Some helpers ask for too much.

Skills and plugins create supply-chain risk through install scripts, hidden prompts, and tool permission drift.

HOL Guard turns these moments into private receipts first, then public lessons only after redaction and moderation.

Harness setup guides

Protect the coding tools your team already uses without forcing everyone to become a security expert.

harness

Claude Code

Agentic coding harness with MCP and file access.

Open guide

harness

OpenCode

Open-source agent harness for local coding loops.

Open guide

harness

Hermes

Agent harness for skill and tool orchestration.

Open guide

harness

OpenClaw

Open agent workspace with pluggable tools.

Open guide

Redacted warnings

Real protection moments, scrubbed for safety before becoming public learning pages.

codex

Codex was stopped before reading an env file

A redacted example of a local secret read attempt.

Open guide

Safe labs

Practice attack patterns with static simulations. Nothing dangerous executes.

prompt-injection

Prompt injection replay

See how hidden text tries to override your instructions.

Open guide

supply-chain

Supply-chain install check

Walk through a simulated install that tries to change agent trust.

Open guide