AI antivirus that protects developer agents by scanning plugins, skills, and MCP servers before they run.
hol-guard is worth checking the docs before setup with strong trust signals. Check agent compatibility and use-case fit before adding it to your workflow.
gh repo view hashgraph-online/hol-guard --webOpen the official repository or website.
Check the README for package manager, auth, and platform requirements.
Try it in a small test task inside your agent workflow.
HOL Guard is a security tool for AI coding assistants like Codex and Claude Code. It scans plugins and tools for malware before they execute, preventing harmful code from running on your machine. It works locally and can be integrated into CI pipelines.
HOL Guard is an AI antivirus designed to protect developer agents and AI harnesses from malicious code. It provides local scanning of plugins, skills, MCP servers, and marketplace packages before they are executed. The tool includes two packages: `hol-guard` for runtime protection of agents like Codex, Claude Code, Cursor, Gemini, and OpenCode, and `plugin-scanner` for CI/CD linting and verification of packages before release. HOL Guard features a first-run guided setup (`hol-guard init`) that progressively enables protections with user approval. It supports containerized deployment via Docker and is available on PyPI. The project is open-source under the Apache 2.0 license and actively maintained by the hashgraph-online organization.
Strong trust signals; still review the README and permissions before production use.
Last commit was about 1 days ago.
352 GitHub stars indicate community interest.
11 open issues signal maintenance load.
NOASSERTION license detected.
Protect Codex, Claude Code, or Cursor from malicious plugins during development.
Scan MCP servers and skills for security vulnerabilities before integration.
Integrate plugin-scanner into CI pipelines to verify packages before release.
Run as a local security daemon to monitor AI agent activities.
Use in enterprise environments to enforce security policies on AI tools.
The tool requires local installation and may have false positives.
As with any security tool, it should be kept updated to detect new threats.
352
Stars
5
Forks
11
Issues
NOASSERTION
License
A terminal dashboard to monitor AI coding agents like Claude Code and Codex CLI in real-time.
A bridge between Streamable HTTP and stdio MCP transports, enabling flexible MCP server connectivity.
A full-stack AI Red Teaming platform for securing AI ecosystems with comprehensive scanning and evaluation.
2 security/trust notes recorded.
Setup difficulty is 3/5.