Getting Started with Panguard
Install Panguard, run your first scan, and enable real-time protection in under 5 minutes.
Step 1: Install Panguard
Install via npm or use the install script. Both methods set up the CLI, rule engine, and local AI model.
curl -fsSL https://get.panguard.ai | bashApple Silicon (ARM64) native binary. Intel Mac users: install via npm, or enable Rosetta 2 first.
Verify the installation:
panguard --version # Expected: 1.4.16
Run setup to auto-configure all detected AI platforms (Claude Code, Claude Desktop, Cursor, OpenClaw, Codex, WorkBuddy, NemoClaw, ArkClaw, Windsurf, QClaw, Cline, VS Code Copilot, Zed, Gemini CLI, Continue, Roo Code):
pga setupTip: pga is a shortcut for panguard. Both work.
Then start Panguard in any project:
cd your-project pga scan
[OK] Panguard v1.4.16 installed
[OK] Rule engine loaded (108 ATR + 108 total rules)
[OK] Scan complete.
Platform Quick Start
Step-by-step for each AI platform. Pick yours.
CCClaude Code
Step 1: Open your terminal
npm install -g @panguard-ai/panguard && pga upStep 2: Auto-configure Claude Code
pga setup --platform claude-codeStep 3: Restart Claude Code, then try:
# In Claude Code, ask: "scan my current project for security issues" "audit the MCP skill at github.com/owner/repo"
Step 4: Start 24/7 protection
pga guard start --dashboardDone! Claude Code now has 11 security tools via MCP. Guard monitors everything 24/7.
OCOpenClaw
Step 1: Install PanGuard
npm install -g @panguard-ai/panguard && pga upStep 2: Auto-configure OpenClaw
pga setup --platform openclawStep 3: Close and reopen OpenClaw
Step 4: In OpenClaw, PanGuard tools are now available. Try:
# In OpenClaw, ask: "use panguard to scan this project" "audit the skill I just installed"
Step 5: Start Guard for continuous protection
pga guard start --dashboardDone! Every skill OpenClaw installs will be automatically audited.
Or auto-detect all platforms at once:
pga setupDetects 16 platforms including Claude Code, Claude Desktop, Cursor, OpenClaw, Codex, Windsurf, Gemini CLI, and more automatically.
GitHub Action (CI/CD)
Block malicious MCP skills and SKILL.md files before they reach production. One line in your workflow. Results appear in the GitHub Security tab.
Add to your workflow (.github/workflows/atr-scan.yml):
name: ATR Security Scan on: [push, pull_request] jobs: atr-scan: runs-on: ubuntu-latest permissions: security-events: write steps: - uses: actions/checkout@v4 - uses: Agent-Threat-Rule/agent-threat-rules@v1 with: severity: medium # minimum severity to report fail-on-finding: true # block PRs with threats
What it does: Scans your repo for MCP config files and SKILL.md files using 108 ATR detection rules. Outputs SARIF to the GitHub Security tab.
Options:
severity— minimum level to report: informational, low, medium (default), high, criticalfail-on-finding— setfalseto warn without blockingpath— scan a specific directory (default: entire repo)
Step 2: Run Your First Scan
A quick scan checks your system for common vulnerabilities in about 60 seconds.
pga scanFor a comprehensive analysis including all ports, SSL certificates, and configuration files:
pga scan --deepStep 3: Enable Real-Time Protection
Guard runs as a daemon, monitoring your AI agents 24/7 with ATR detection rules.
pga guard startStep 4: Set Up Notifications
Panguard Chat sends you plain-language notifications when threats are detected and resolved.
panguard chat config # Follow the prompts to connect LINE, Slack, or Telegram
Step 5: Understanding Scan Results
Every scan produces a security score, grade, and detailed findings. Here's how to read them.
- Security Score (0-100): 0 = critical risk, 100 = fully protected. Anything below 60 needs immediate attention.
- Grade: A (90+), B (75-89), C (60-74), D (40-59), F (below 40). Target grade B or higher.
- Findings are sorted by severity: Critical > High > Medium > Low. Fix critical issues first.
Step 6: JSON Output for AI Agents
Panguard is Agent-Native. Use --json to get machine-readable output that AI agents can parse directly.
pga scan --json{"riskScore": 72, "findings": 8, "critical": 1, "high": 2, "medium": 3, "low": 2,
"scanDuration": "47s", "framework": "ISO 27001",
"topFinding": "SSH root login enabled (critical)"}
SAST Code Scanning
Scan your source code for SQL injection, XSS, hardcoded secrets, and more.
pga scan code --dir ./my-app --json[OK] Scanning ./my-app (142 files)
[OK] Semgrep: 3 findings
[OK] Built-in patterns: 1 finding
[OK] Secrets scanner: 0 findings
{"totalFindings": 4, "critical": 1, "high": 2, "medium": 1,
"topFinding": "Hardcoded AWS access key in config.js (critical)"}
Step 7: Remote Scanning
Scan any server or domain from outside. Panguard checks open ports, SSL certificates, HTTP headers, and DNS records.
pga scan --target example.com panguard scan --target 1.2.3.4 --json
Step 8: Compliance Reports
Generate ISO 27001, SOC 2, or Taiwan Cyber Security Act compliance reports automatically.
panguard report generate --framework iso27001 panguard report generate --framework soc2 panguard report generate --framework tcsa
More CLI Commands
Panguard has a full CLI toolkit. Here are the most useful commands beyond scan and guard.
pgapga uppga setuppga scanpga scan --deeppga audit skill <dir>pga guard startpga statuspga doctorpga --helpFull Deployment Checklist
Follow these steps to fully deploy Panguard. Each step is independent -- enable only what you need.
1. Security Scan -- Get your security score
Scan your system for vulnerabilities and get a security score. Quick mode ~30s, full mode ~60s.
panguard scan2. Real-time Protection -- Start the Guard daemon
Guard monitors your system 24/7. First 7 days in learning mode (detect + log), then auto-switches to protection mode (detect + block).
panguard guard start3. Alert Notifications -- Set up Telegram / Slack
Get notified instantly when threats are detected. Supports Telegram, Slack, Email, and Webhook.
panguard chat config4. Honeypots (Optional) -- Deploy decoy services
Deploy fake SSH, HTTP, MySQL services on your server to capture attacker behavior and intent.
panguard trap start --services ssh,http5. Compliance Reports (Optional) -- Generate reports
Auto-generate ISO 27001, SOC 2, or Taiwan Cyber Security Act compliance reports. Use as audit evidence.
panguard report generate --framework iso27001Advanced Configuration
Panguard works out of the box, but you can enhance detection with optional external tools. All tools degrade gracefully -- Panguard never stops working if an external tool is unavailable.
Ollama -- Run AI analysis locally without cloud APIs. Ideal for air-gapped environments.
Key environment variables: ANTHROPIC_API_KEY (Claude AI), OPENAI_API_KEY (GPT fallback), PANGUARD_LLM_MODEL (Ollama model override), OLLAMA_API_ENDPOINT (custom Ollama URL).
See the full Advanced Setup guide for installation instructions and configuration details.Multi-Endpoint Deployment
Deploying Panguard across multiple servers is straightforward. Use SSH loops for small fleets or Ansible for larger environments.
#!/bin/bash # servers.txt: one IP per line for server in $(cat servers.txt); do ssh root@$server 'curl -fsSL https://get.panguard.ai | bash && panguard guard start' done
For 20+ servers, consider using an Ansible playbook for idempotent, repeatable deployment.
See the full Multi-Endpoint Deployment guide for Ansible playbook examples and Threat Cloud integration.What's Next?
Explore the full documentation to customize rules, integrate with CI/CD, or set up compliance reports.