Stop risky AI actions before they run.
HOL Guard blocks risky reads, installs, MCP registrations, and config changes before execution.
No credit card required. We'll email install steps so you can set up Guard when you're back at your computer.
supported AI agents
to install & protect
source on GitHub
secret file families protected
local decision receipts
action interception
AI agents got dangerous in 2025.
Your security tools didn't catch up.
The threat surface changed. AI coding agents now have the same permissions as your developers — but none of the judgment. Here's why traditional tools can't protect you.
Agents run commands autonomously
AI coding agents now install packages, edit configs, register MCP servers, and execute shell commands — all without asking. Each action is a potential attack vector.
Scanners check after the fact
Traditional security scanners review code after it's written. They can't stop an agent from reading your .env file or running rm -rf in real time.
Guard works during execution
Guard intercepts actions before they run — pausing secret reads, blocking dangerous commands, and reviewing MCP tool calls in real time, not after.
Start free. Upgrade to Pro when you're ready.
- Get install instructions by email
- Save your setup
- Access Pro features
- Sync receipts across machines
- Receive curated advisories
- Manage Slack and email alerts
Enter your email to create your free account.
For maintainers and plugin publishers
For maintainers
The scanner
for agent
ecosystems.
Validate extensions before release. Use plugin-scanner for maintainer CI checks, then use hol-guard locally to enforce runtime decisions.
# Local maintainer gate
$ pipx install plugin-scanner
$ plugin-scanner verify .
# GitHub Actions PR gate
permissions:
contents: read
security-events: write
jobs:
scan-plugin:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: hashgraph-online/ai-plugin-scanner-action@v1
with:
plugin_dir: "."
min_score: 80
fail_on_severity: highMulti-ecosystem detection
Auto-detects Codex plugins, Claude Code plugins, Gemini CLI extensions, and OpenCode workspace bundles in any repository.
Trust scores and badges
Computes a weighted trust score across security, MCP posture, installability, and maintenance. Plugins that pass can display Scanner Clean, MCP Hardened, and Marketplace Ready badges.
GitHub Action for CI
Use plugin-scanner verify in CI, or the published ai-plugin-scanner action, to gate PRs before release.
MCP transport hardening
Flags insecure HTTP MCP endpoints, wildcard binds, and missing auth postures before they reach production.
Manifest and marketplace validation
Checks relative paths, required screenshots, privacy policy URLs, and plugin metadata completeness — the same rules the HOL Registry uses for import.
Skill-level security scanning
Scans bundled skills for prompt injection markers, zero-width characters, dangerous shell commands, and secret leaks.
Supported agents
Install Guard in 60 seconds.
- 1Install Guard
- 2Copy and run a command below
Cursor
set -o pipefail; curl -fsSL https://hol.org/guard/install.sh | bash -s -- --harness cursor --mode install --verifyInstalls Guard and configures Cursor in one step. Already installed?
Understand the threats.
Stop them locally.
Prompt injection, MCP tool poisoning, supply-chain attacks, and secret exfiltration — real threats against AI coding agents, explained with detection steps and fixes.
Explore the security hubLearn about prompt injection, malicious MCP servers, and secret exfiltration
Real attack breakdowns, detection steps, and Guard configuration for each threat. Browse advisories, warnings, and interactive labs.
Browse advisories & warningsAdd a safety layer
before the next command.
Create a free account. Install locally in 30 seconds. No credit card required.