Monitors agent file access, API calls, and communications to detect suspicious behavior, log events, and generate actionable security reports.
Real data. Real impact.
Emerging
Developers
Per week
Open source
Skills give you superpowers. Install in 30 seconds.
Version: 1.0.0
Author: Manas AI
Category: Security & Monitoring
AgentGuard is a comprehensive security monitoring skill that watches over agent operations, detecting suspicious behavior, logging communications, and providing actionable security reports.
Track all file read/write operations with pattern analysis.
Trigger: Continuous background monitoring
Command:
agentguard monitor files [--watch-dir <path>]What it detects:
Monitor outbound API calls for suspicious activity.
Command:
agentguard monitor apiWhat it detects:
Log all external communications for audit trails.
Command:
agentguard log comms [--output <path>]Logs include:
ML-lite pattern analysis for behavioral anomalies.
Command:
agentguard detect anomalies [--sensitivity <low|medium|high>]Detection methods:
Generate comprehensive daily security reports.
Command:
agentguard report [--period <daily|weekly|monthly>]Report includes:
config/agentguard.yamlmonitoring: enabled: true file_watch_dirs: - ~/clawd - ~/.clawdbot exclude_patterns: - "*.log" - "node_modules/**" - ".git/**"alerts: sensitivity: medium # low, medium, high channels: - telegram alert_on: - credential_access - bulk_file_read - unknown_api_endpoint - data_exfiltration cooldown_minutes: 15
api_monitoring: trusted_domains: - api.anthropic.com - api.openai.com - api.telegram.org - api.elevenlabs.io block_on_suspicious: false # true = prevent call, false = alert only
logging: retention_days: 30 log_dir: ~/.agentguard/logs hash_sensitive_data: true
reporting: auto_daily_report: true report_time: "09:00" report_channel: telegram
agentguard start
Enables all monitoring features with default config.
agentguard status
Returns current threat level, active monitors, recent alerts.
agentguard investigate --timerange "last 2 hours" --type file_access
agentguard report --now
agentguard alerts --last 24h --severity high
agentguard trust add api.newservice.com --reason "Required for X integration"
| Level | Color | Meaning | Example |
|---|---|---|---|
| INFO | 🔵 | Normal logged activity | File read in workspace |
| LOW | 🟢 | Minor deviation | Slightly elevated API calls |
| MEDIUM | 🟡 | Notable anomaly | Access to .env file |
| HIGH | 🟠 | Potential threat | Bulk credential access |
| CRITICAL | 🔴 | Immediate action needed | Data exfiltration pattern |
~/.agentguard/ ├── logs/ │ ├── file_access/ │ ├── api_calls/ │ └── communications/ ├── baselines/ │ └── behavior_model.json ├── alerts/ │ └── YYYY-MM-DD.json └── reports/ └── YYYY-MM-DD_report.md
→ Increase baseline learning period or reduce sensitivity
→ Check
file_watch_dirs→ Verify
report_time| Script | Purpose |
|---|---|
| Core monitoring daemon |
| Anomaly detection engine |
| Structured logging handler |
| Alert dispatch system |
| Report generation |
AgentGuard is designed with defense-in-depth principles. It assumes agents can be compromised or manipulated, and provides visibility into their operations.
For maximum security, run AgentGuard in a separate process with limited write access to prevent a compromised agent from disabling monitoring.
No automatic installation available. Please visit the source repository for installation instructions.
View Installation Instructions
1,500+ AI skills, agents & workflows. Install in 30 seconds. Part of the Torly.ai family.
© 2026 Torly.ai. All rights reserved.