Skip to main content
This page documents every tool exposed by the Panguard MCP server. Each tool includes its description, input schema, and example usage.

panguard_scan

Run a security health check scan on the local system. Returns risk score (0—100), grade (A—F), and list of security findings.
depth
string
default:"quick"
Scan depth: quick (~30 seconds) or full (~60 seconds).
lang
string
default:"en"
Output language: en or zh-TW.
Example prompt: “Run a full security scan on this machine in Chinese.” Example response: Risk score 72/100 (Grade C), 8 findings (1 critical, 2 high, 3 medium, 2 low).

panguard_scan_code

Scan a source code directory for security vulnerabilities (SAST). Detects SQL injection, XSS, hardcoded secrets, command injection, and more.
dir
string
required
Source code directory to scan. Absolute or relative path.
lang
string
default:"en"
Output language: en or zh-TW.
Example prompt: “Check the ./src directory for security vulnerabilities.”

panguard_guard_start

Start the Panguard Guard real-time threat monitoring daemon.
dataDir
string
Data directory path. Defaults to ~/.panguard-guard.
mode
string
Operating mode: learning or protection.
Example prompt: “Start real-time protection in learning mode.”

panguard_guard_stop

Stop the Panguard Guard daemon.
dataDir
string
Data directory path. Defaults to ~/.panguard-guard.
Example prompt: “Stop the Guard engine.”

panguard_status

Get the current status of all Panguard services (Guard, Scan, Manager). Returns running state, threat counts, and system information.
dataDir
string
Data directory path. Defaults to ~/.panguard-guard.
Example prompt: “What is the current security status of this machine?” Returns: Guard running state, mode, uptime, security score, active threats, events processed.

panguard_alerts

Get recent security alerts detected by Panguard Guard. Returns the latest threat events with severity and details.
limit
number
default:"20"
Maximum number of alerts to return.
severity
string
default:"all"
Filter by severity: critical, high, medium, low, or all.
dataDir
string
Data directory path. Defaults to ~/.panguard-guard.
Example prompt: “Show me the last 5 critical alerts.”

panguard_block_ip

Manually block an IP address from accessing the system.
ip
string
required
IP address to block (IPv4 or IPv6).
duration
string
default:"1h"
Block duration. Examples: 1h, 24h, permanent.
reason
string
Reason for blocking (stored in the action manifest).
Example prompt: “Block IP 203.0.113.50 for 24 hours because it was port scanning.”

panguard_generate_report

Generate a PDF compliance report from scan results. Returns the path to the generated PDF.
output
string
default:"./panguard-report.pdf"
Output PDF file path.
lang
string
default:"en"
Report language: en or zh-TW.
depth
string
default:"full"
Scan depth for the underlying scan: quick or full.
Example prompt: “Generate a PDF security report in Traditional Chinese.”

panguard_init

Initialize Panguard configuration with defaults (non-interactive mode).
dataDir
string
Data directory path. Defaults to ~/.panguard-guard.
lang
string
default:"en"
Default language: en or zh-TW.
mode
string
default:"learning"
Initial operating mode: learning or protection.
Example prompt: “Initialize Panguard with Chinese language defaults.”

panguard_audit_skill

Audit an OpenClaw/AgentSkills SKILL.md directory for security issues. Checks manifest validity, prompt injection, tool poisoning, code vulnerabilities, dependencies, and permissions.
path
string
required
Path to skill directory containing SKILL.md.
Returns: Risk score (0—100) and detailed findings covering:
  • Manifest validity
  • Prompt injection detection
  • Tool poisoning analysis
  • Code vulnerability scanning
  • Dependency audit
  • Permission review
Example prompt: “Audit the skill at ./my-agent-skill for security issues.”

panguard_deploy

Deploy Panguard services: scan for vulnerabilities, start Guard monitoring, and generate an initial report. This is the one-click setup for full protection.
dataDir
string
Data directory path. Defaults to ~/.panguard-guard.
lang
string
default:"en"
Language: en or zh-TW.
mode
string
default:"learning"
Initial Guard mode: learning or protection.
generateReport
boolean
default:"true"
Whether to generate a PDF report after scanning.
Example prompt: “Deploy full protection on this machine with a PDF report.” Executes: panguard scan + panguard guard start + panguard scan --output report.pdf

Tool Availability by Plan

ToolCommunitySoloProBusiness
panguard_scanYesYesYesYes
panguard_scan_codeYesYesYesYes
panguard_guard_startYesYesYes
panguard_guard_stopYesYesYes
panguard_statusYesYesYesYes
panguard_alertsYesYesYes
panguard_block_ipYesYesYes
panguard_generate_reportYesYes
panguard_initYesYesYesYes
panguard_audit_skillYesYesYesYes
panguard_deployYesYesYes
All tools return structured JSON responses that AI assistants can parse and present in natural language. The isError field in the response indicates whether the operation succeeded or failed.