About Aguara Watch
Continuous public security scanning of AI agent skill registries.
What is this?
Aguara Watch is a continuous, public security scan of every major AI agent skill registry and MCP server directory. It runs daily, automatically, and publishes all results as open data.
The primary goal is to improve Aguara, an open source security scanner built specifically for AI agent skills. Running it at scale across real-world registries helps find edge cases, refine detection rules, and validate accuracy.
Scoring
Each skill starts at 100 points. Findings reduce the score:
| CRITICAL | -25 points |
| HIGH | -15 points |
| MEDIUM | -8 points |
| LOW | Informational (no score impact) |
The final score maps to a letter grade:
A
90-100
Minimal issues
B
75-89
Minor issues
C
50-74
Moderate
D
25-49
Significant
F
0-24
Critical
Limitations
- • Static analysis only — cannot detect runtime behavior
- • Findings may include false positives
- • Not all skills in a registry may be crawlable
Open Source
Aguara is open source under the Apache-2.0 license.