Before you install that MCP skill
— scan it.

We scanned 53,577 skills. 1 in 25 is dangerous.

postmark-mcp v1.0.16 silently forwarded 15,000 emails/dayMCPJam Inspector CVSS 9.8 remote code executionClaude Code hooks exploited for API key theftAzure MCP Server SSRF stole managed identity tokens43% of public MCP servers vulnerable to command executionpostmark-mcp v1.0.16 silently forwarded 15,000 emails/dayMCPJam Inspector CVSS 9.8 remote code executionClaude Code hooks exploited for API key theftAzure MCP Server SSRF stole managed identity tokens43% of public MCP servers vulnerable to command execution

Check any MCP skill before you install

Scans run server-side. No code is stored. Only content hash is cached.

OWASP 10/10108 ATR Rules96.9% Recall on SKILL.mdAdopted by Cisco AI DefenseSAFE-MCP 91.8%16 PlatformsMIT Licensed53,577 Skills Scanned

Works with 16 platforms:

Claude CodeClaude DesktopCursorOpenClawCodex CLIWorkBuddyNemoClawArkClawWindsurfQClawClineVS Code CopilotZedGemini CLIContinueRoo CodeClaude CodeClaude DesktopCursorOpenClawCodex CLIWorkBuddyNemoClawArkClawWindsurfQClawClineVS Code CopilotZedGemini CLIContinueRoo Code

Trusted by security teams

Cisco AI Defense34 ATR rules merged

OWASPAgentic Top 10 PR

SAFE-MCP91.8% coverage

108

ATR Detection Rules

54K+

Skills Scanned

96.9%

SKILL.md Recall

99.6%

MCP Precision

See it in action

One command. Full protection.

Install PanGuard, and your AI agents are protected in under 60 seconds.

PanGuard Guard Dashboard — 188 rules active, real-time protection status, 3-layer detection

Real-time dashboard showing 188 active rules, event monitoring, and 3-layer detection status.

This is not hypothetical.

Real CVEs. Real attacks. Real victims.

MCPJam InspectorCRITICALCVSS 9.8

Default 0.0.0.0 binding, one HTTP request = RCE. All versions before v1.4.3.

CVE-2026-23744

Claude Code (Anthropic)CRITICALCVSS 8.7

Hooks + MCP config exploited for arbitrary shell execution and API key theft.

CVE-2025-59536 + CVE-2026-21852

Azure MCP ServerHIGHCVSS 7.5

SSRF steals managed identity tokens. Attacker gains Azure resource access.

CVE-2026-26118

postmark-mcpHIGH

Clean for 15 versions. v1.0.16 added silent BCC forwarding 3K-15K emails/day.

ATR ClawHub scan

We scanned 53,577 MCP skills. 2.4% have CRITICAL or HIGH security risks.

Why PanGuard

< 1 Hour Response

New threat to detection: industry takes weeks. PanGuard takes 1 hour. Community reports + LLM auto-review, not committee approvals.

Trust Network

Not antivirus. A trust rating for every MCP skill. Like SSL certificates for the agent ecosystem.

Collective Defense

Every scan makes everyone safer. One machine discovers a threat. One hour later, every machine is immune.

How we compare

	PanGuard	Cisco DefenseClaw	OWASP
Rule update speed	< 1 hour (community + LLM)	Weeks (committee)	Months
Setup	1 command	Enterprise deployment	N/A (framework only)
Cost	Free + open source	Free but enterprise-focused	Free (checklist only)
Who it's for	Individual developers	Enterprise security teams	Security architects

PanGuard

Rule update speed< 1 hour (community + LLM)

Setup1 command

CostFree + open source

Who it's forIndividual developers

Cisco DefenseClaw

Rule update speedWeeks (committee)

SetupEnterprise deployment

CostFree but enterprise-focused

Who it's forEnterprise security teams

OWASP

Rule update speedMonths

SetupN/A (framework only)

CostFree (checklist only)

Who it's forSecurity architects

Threat Crystallization

AI understands new threats. Crystallizes them into regex rules. Executes in 0ms. Protects everyone.

Scan

Pattern-match against 108 ATR rules

3ms

Every skill is checked against the full ATR rule set. Known patterns are caught instantly with zero false negatives on matched signatures.

Detect + Block

CRITICAL threats blocked immediately

< 1s

High-confidence matches trigger instant response: block, quarantine, or alert. No human intervention needed for known threats.

Crystallize

LLM generates a new regex rule

< 1 hour

When the LLM discovers a new attack pattern, it crystallizes the understanding into a deterministic regex rule. From probabilistic AI to deterministic defense.

Protect Everyone

New rule distributed to all users

all users

The crystallized rule flows through Threat Cloud to every PanGuard installation. One discovery protects the entire network.

One command. Full protection.

This is not hypothetical.

Why PanGuard

< 1 Hour Response

Trust Network

Collective Defense

How we compare

PanGuard

Cisco DefenseClaw

OWASP

Threat Crystallization

Scan

Detect + Block

Crystallize

Protect Everyone

The Mission: Decentralized AI Agent Security

Before you install that MCP skill
— scan it.

One command. Full protection.

This is not hypothetical.

Why PanGuard

< 1 Hour Response

Trust Network

Collective Defense

How we compare

PanGuard

Cisco DefenseClaw

OWASP

Threat Crystallization

Scan

Detect + Block

Crystallize

Protect Everyone

The Mission: Decentralized AI Agent Security

Before you install that MCP skill
— scan it.

One command. Full protection.

This is not hypothetical.

Why PanGuard

< 1 Hour Response

Trust Network

Collective Defense

How we compare

PanGuard

Cisco DefenseClaw

OWASP

Threat Crystallization

Scan

Detect + Block

Crystallize

Protect Everyone

The Mission: Decentralized AI Agent Security

Before you install that MCP skill — scan it.

One command. Full protection.

This is not hypothetical.

Why PanGuard

< 1 Hour Response

Trust Network

Collective Defense

How we compare

PanGuard

Cisco DefenseClaw

OWASP

Threat Crystallization

Scan

Detect + Block

Crystallize

Protect Everyone

The Mission: Decentralized AI Agent Security

Before you install that MCP skill — scan it.

Before you install that MCP skill
— scan it.

Before you install that MCP skill
— scan it.