AI Agent Security
The OpenClaw ecosystem makes it easy to discover and install AI skills — but openness requires trust. Panguard provides the security layer that makes that trust verifiable.Skill Auditor
Automated security scanner for AI agent skills. Detects prompt injection, tool poisoning, hidden Unicode, encoded payloads, and excessive permissions. Returns a 0-100 risk score in under 1 second.
MCP Server
Model Context Protocol server exposing 11 Panguard tools to AI assistants like Claude Desktop and Cursor.
Endpoint Protection
Scan, monitor, trap, and report — a closed-loop defense for your servers and workstations.Scan
60-second security audit with 10 scanners. Produces a risk score (0—100), severity-graded findings, and optional PDF reports.
Guard
24/7 real-time monitoring powered by a 4-agent DARE pipeline (Detect, Analyze, Respond, Report). 10 monitor types, event correlation, and automated threat response.
Chat
AI-powered notifications via Telegram, Slack, Email, and Webhook. Adapts tone and detail level to 3 user roles: boss, developer, and IT admin.
Trap
Deploy 8 honeypot protocols to lure and profile attackers. Captures credentials, commands, and tool signatures, then classifies attacker skill level and intent.
Report
Auto-generate compliance reports for ISO 27001, SOC 2, and Taiwan Cyber Security Act (TCSA). Outputs JSON and PDF in English and Traditional Chinese.
Manager
Centralized fleet orchestration with hub-and-spoke architecture. Agent registry, cross-agent threat correlation, and policy distribution for up to 500 endpoints.
Threat Cloud
Collective threat intelligence platform. Every Guard instance contributes anonymized threat data, and every instance benefits from the community’s detections.
How the Products Work Together
The products are designed to complement each other in a layered defense strategy:| Workflow | Products Involved | Description |
|---|---|---|
| Assess and Protect | Scan + Guard | Run a one-time scan to establish your baseline, then enable Guard for continuous monitoring. |
| Detect and Notify | Guard + Chat | Guard detects threats in real time and Chat delivers plain-language alerts to your preferred channel. |
| Lure and Learn | Trap + Guard + Threat Cloud | Honeypots capture attacker behavior, Guard auto-blocks the source IPs, and intelligence is shared via Threat Cloud. |
| Comply and Report | Scan + Report | Scan findings map directly to compliance controls. Generate audit-ready PDF reports on demand. |
| Scale and Centralize | Manager + Guard + Threat Cloud | Deploy Guard agents across your fleet, manage them from a single Manager, and correlate threats globally. |
| AI Copilot | MCP + Scan + Guard | Use natural language in Claude or Cursor to run scans, check status, and block IPs via the MCP server. |
Architecture at a Glance
Panguard is built as a 13-package TypeScript monorepo managed by pnpm workspaces. All packages share a common@panguard-ai/core foundation that provides the rule engine, monitor engine, AI provider abstraction, i18n, and structured logging.
| Layer | Components | Responsibility |
|---|---|---|
| Endpoint | Guard, Scan, Trap, Chat | Local detection, scanning, honeypots, and notifications |
| Management | Manager, Auth | Fleet orchestration, agent registry, authentication |
| Intelligence | Threat Cloud, Report | Collective IoC sharing, compliance reporting |
| Integration | MCP, Web, Admin | AI assistant integration, dashboards |
Each product can run independently. You do not need to deploy the full suite. Start with
panguard scan and add products as your needs grow.