Yes, Agentguard is free to use.

How do I install Agentguard?

Agentguard is a remote plugin. You do not need to install anything locally. Add the server URL to your AI app's MCP configuration and you are ready to go.

What AI apps work with Agentguard?

Agentguard uses the Model Context Protocol (MCP) and works with any MCP-compatible AI app, including Claude, ChatGPT / Codex, Gemini, Copilot, Cursor, and more.

Back to Browse

Agentguard MCP Server

by ToolOracle

Developer ToolsLow Risk10.0MCP RegistryRemote

Free

Server data from the Official MCP Registry

AgentGuard — 20-tool AI safety MCP: policy preflight, risk scoring, audit logging, rate limits.

About

AgentGuard — 20-tool AI safety MCP: policy preflight, risk scoring, audit logging, rate limits.

Remote endpoints: streamable-http: https://feedoracle.io/guard-oracle/mcp/

Security Report

10.0

Low Risk10.0Low Risk

Valid MCP server (1 strong, 0 medium validity signals). No known CVEs in dependencies. Imported from the Official MCP Registry. Trust signals: trusted author (11/11 approved). 1 finding(s) downgraded by scanner intelligence.

24 tools verified · Open access · 1 issue found

Security scores are indicators to help you make informed decisions, not guarantees. Always review permissions before connecting any MCP server.

Permissions Required

This plugin requests these system permissions. Most are normal for its category.

file_system

Check that this permission is expected for this type of plugin.

database

Check that this permission is expected for this type of plugin.

HTTP Network Access

Connects to external APIs or services over the internet.

How to Connect

Remote Plugin

No local installation needed. Your AI client connects to the remote endpoint directly.

Add this to your MCP configuration to connect:

{
  "mcpServers": {
    "io-tooloracle-agentguard": {
      "url": "https://feedoracle.io/guard-oracle/mcp/"
    }
  }
}

Documentation

View on GitHub

From the project's GitHub README.

🛡️ AgentGuard MCP

Security, Policy & Audit Layer for AI Agent Tool Execution — 20 tools | Part of FeedOracle & ToolOracle

AgentGuard is the governance and security layer for AI agent workflows. Before any tool executes, AgentGuard evaluates policies, scores risk, detects secrets and injection attempts, logs to a tamper-evident audit trail, and explains every decision. Built for regulated environments, autonomous payments, and enterprise AI agent deployments.

Quick Connect

# FeedOracle (compliance-focused)
npx -y mcp-remote https://feedoracle.io/guard/mcp/

# ToolOracle (agent-commerce focused)
npx -y mcp-remote https://tooloracle.io/guard/mcp/

{
  "mcpServers": {
    "agentguard": {
      "command": "npx",
      "args": ["-y", "mcp-remote", "https://feedoracle.io/guard/mcp/"]
    }
  }
}

How It Works — The Agent Security Loop

Agent wants to call: payment_execute({amount: 5000})
         │
         ▼
   policy_preflight()         ← Check before execution
         │
   risk_score: 95             ← Critical
   matched: pol-001, pol-002  ← Payment + High-risk policies
   decision: require_approval ← Human gate triggered
         │
   approval_required()        ← Register pending approval
         │
   [Human approves]
         │
   tool executes
         │
   audit_log_write()          ← Record outcome with signature
         │
   decision_explain()         ← Exportable compliance evidence

Tools — Welle 1: Core Security (7)

Tool	Description
`policy_preflight`	Pre-flight check before any tool call. Evaluates 7 policies, computes risk score, detects threats, auto-logs. Returns `allowed`/`denied`/`require_approval`/`flagged`.
`tool_risk_score`	0-100 risk score for tool + input. Detects secrets (API keys, passwords), prompt injection, high-value amounts. `eth_gas`→5, `payment_execute`→95+.
`approval_required`	Check if tool needs human approval. Optionally registers a pending approval request with tracking URL.
`audit_log_write`	Write tool execution to persistent, cryptographically-signed audit log (SQLite WAL). Call after execution to record outcome.
`audit_log_query`	Query audit trail. Filter by agent, tool, decision, time range. Paginated. Returns signed entries for tamper verification.
`decision_explain`	Human-readable explanation of any allow/deny decision. Pass `request_id` for stored entry or `tool_name` + `tool_args` for fresh analysis.
`rate_limit_check`	Check agent rate limits: 200/min, 5000/hr, 50000/day. Returns per-window usage with percentage.

Tools — Welle 2: Payment Controls & Safety

Tool	Description
`payment_policy_check`	Validate payment against policy: amount limits (>100k warns, >1M blocks), recipient denylist, supported currencies/networks, AML thresholds (>10k fiat flagged), MiCA flags.
`spend_limit_check`	Check per-call/hour/day spend limits by trust level. Default: 10k/call, 50k/hr, 200k/day. Trusted: 100k/call, 500k/hr, 2M/day.
`secret_exposure_check`	Deep scan for 19 secret patterns: OpenAI/GitHub/AWS/Slack keys, Bearer/Basic auth, ETH private keys, Bitcoin WIF, credit cards, SSNs, emails. Returns severity + remediation.
`payload_safety_check`	18-pattern safety scan: prompt injection, jailbreak/DAN, role hijacking, SQL (UNION/DROP/OR 1=1), XSS, Python/JS/Shell injection, path traversal, null bytes, oversized payloads.
`replay_guard_check`	Detect replay attacks via SHA256 fingerprint (agent+tool+args). Configurable window (default 5 min). Returns duplicate count + first/last seen.

Tools — Welle 3: Governance & Threat Intelligence (5)

Tool	Description
`cross_tool_anomaly_check`	Detect anomalous patterns: risky combos (wallet-recon→transfer, AML→payment), high frequency, repeated denials (policy probing), broad reconnaissance, elevated avg risk score.
`scope_check`	Role-based scope control. Roles: admin, compliance_officer, trader, auditor, developer, readonly. Returns has_scope, missing scope, granting roles. Logs denials.
`session_validate`	Full session lifecycle: create (TTL + call budget), validate (increment counter), invalidate, info. Sessions carry role, scopes, tenant, expiry.
`tenant_policy_check`	Multi-tenant governance. Built-in tenants: default, fintech_eu (MiCA/DORA/AMLD6), defi_protocol, enterprise_read. Per-tenant blocklists, risk limits, spend caps.
`threat_intel_check`	Entity threat intelligence. Auto-detects ETH addresses, IPs, domains. Checks sanctions (Tornado Cash, mixers), disposable services, behavioral analysis from audit log.

Built-in Tenants

Tenant	Max Risk	Spend/Day	Frameworks
`default`	70	100,000	—
`fintech_eu`	60	500,000	MiCA, DORA, AMLD6
`defi_protocol`	80	10,000,000	MiCA
`enterprise_read`	30	0	—

Built-in Roles & Scopes

Role	Scopes
`admin`	All scopes
`compliance_officer`	audit:read, compliance:read, blockchain:read, security:scan
`trader`	blockchain:read, payment:check, payment:execute, audit:read
`auditor`	audit:read, audit:write, compliance:read, monitor:read
`developer`	blockchain:read, security:scan, audit:read, monitor:read
`readonly`	blockchain:read, audit:read

Built-in Policies (7 Default)

Policy	Condition	Action
pol-001	Payment/transfer tools	`require_approval`
pol-002	Risk score ≥ 80	`require_approval`
pol-003	Secret/key in payload	`deny`
pol-004	Rate limit exceeded	`flag`
pol-005	Risk score ≤ 20	`allow` freely
pol-006	Prompt injection detected	`deny`
pol-007	Same tool > 50 calls/60s	`flag`

Risk Score Guide

Score	Level	Action
0-14	Minimal	Proceed freely
15-39	Low	Proceed, log for audit
40-69	Medium	Flag and proceed with caution
70-89	High	Require human approval
90-100	Critical	Block execution

Use Cases

Regulated AI Workflows: MiCA/DORA compliance requires audit trails — AgentGuard provides them automatically
Autonomous Payments: x402 agent payments run through approval_required gate before execution
Multi-tenant Platforms: Rate limiting and policy scoping per agent/session
Security Monitoring: Real-time detection of prompt injection and secret exposure in tool arguments
Compliance Reporting: Export audit log with cryptographic signatures for regulatory review

Backend: SQLite WAL-Mode

Persistent, stable, no daemon required. WAL-mode supports 1000+ writes/second. Shared between feedoracle.io and tooloracle.io — one source of truth.

Reviews

No reviews yet

Be the first to review this server!

More Developer Tools MCP Servers

Git

Free

by Modelcontextprotocol · Developer Tools

Read, search, and manipulate Git repositories programmatically

Toleno

Free

by Toleno · Developer Tools

Toleno Network MCP Server — Manage your Toleno mining account with Claude AI using natural language.

mcp-creator-python

Free

by mcp-marketplace · Developer Tools

Create, build, and publish Python MCP servers to PyPI — conversationally.

MarkItDown

Free

by Microsoft · Content & Media

Convert files (PDF, Word, Excel, images, audio) to Markdown for LLM consumption

mcp-creator-typescript

Free

by mcp-marketplace · Developer Tools

Scaffold, build, and publish TypeScript MCP servers to npm — conversationally

FinAgent

Free

by mcp-marketplace · Finance

Free stock data and market news for any MCP-compatible AI assistant.

Agentguard MCP Server

About

Security Report

Findings (1)

Permissions Required

How to Connect

Documentation

🛡️ AgentGuard MCP

Quick Connect

How It Works — The Agent Security Loop

Tools — Welle 1: Core Security (7)

Tools — Welle 2: Payment Controls & Safety

Tools — Welle 3: Governance & Threat Intelligence (5)

Built-in Tenants

Built-in Roles & Scopes

Built-in Policies (7 Default)

Risk Score Guide

Use Cases

Backend: SQLite WAL-Mode

Links

Reviews

No reviews yet

More Developer Tools MCP Servers

Git

Toleno

mcp-creator-python

MarkItDown

mcp-creator-typescript

FinAgent

Agentguard MCP Server

About

Security Report

Findings (1)

Permissions Required

How to Connect

Documentation

🛡️ AgentGuard MCP

Quick Connect

How It Works — The Agent Security Loop

Tools — Welle 1: Core Security (7)

Tools — Welle 2: Payment Controls & Safety

Tools — Welle 3: Governance & Threat Intelligence (5)

Built-in Tenants

Built-in Roles & Scopes

Built-in Policies (7 Default)

Risk Score Guide

Use Cases

Backend: SQLite WAL-Mode

Links

Reviews

No reviews yet

More Developer Tools MCP Servers

Git

Toleno

mcp-creator-python

MarkItDown

mcp-creator-typescript

FinAgent