Scan before you agent.
RepoGuard is a free-to-use static repository scanner for AI coding agents such as Codex, Claude Code, Cursor, Gemini CLI, and similar tools.
Made by MPG ONE LLC.
RepoGuard is free for end users, but it is not an open-source license. You may use it for free, but you may not copy, rename, rebrand, redistribute, sell, or publish modified versions without written permission from MPG ONE LLC.
AI coding agents can read project files, follow instructions in docs, run commands, install dependencies, and edit code. That creates a new risk category: a repository may be safe-looking to a human but hostile to an autonomous coding agent.
RepoGuard checks a repository before you give it to an agent.
It looks for risks like:
- prompt injection aimed at AI coding agents
- dangerous install scripts such as
curl | bash - package lifecycle scripts that run shell commands
- sensitive-file access combined with network exfiltration
- suspicious GitHub Actions workflows
- obfuscated JavaScript
- crypto miner indicators
- Docker socket and privileged container usage
RepoGuard does static analysis only. It does not run repository code, install dependencies, or execute setup scripts.
Directly from GitHub:
python3 -m pip install git+https://github.com/mpg-one/RepoGuard.gitOr from a local clone of this repository:
python3 -m pip install .Then run:
repoguard scan .You can also run it without installing:
PYTHONPATH=src python3 -m repoguard scan .repoguard scan https://github.com/user/repoRepoGuard clones the repository into a temporary directory, scans it, and removes the temporary copy when finished.
RepoGuard is built as a CLI-first scanner so it can be used directly by people, CI systems, and AI-agent tooling.
Current support:
- CLI usage with local paths and GitHub repository URLs
- JSON output for agent/tool integrations
- SARIF output for security pipelines
- exit-code gating with
--fail-on
Integration-ready targets:
- MCP server wrapper for Claude, Cursor, Codex-compatible clients, and other MCP-capable tools
- Codex skill wrapper that runs
repoguard scanbefore an agent works inside an unknown repository - GitHub Action for scanning pull requests and repositories before agent access
The intended agent flow is:
Unknown repository
|
v
RepoGuard scan
|
v
Risk report
|
v
Human or AI agent decides whether to continueThe CLI is available now. Native MCP server and skill packages are planned on top of the same scanner engine.
Human-readable report:
repoguard scan .JSON report:
repoguard scan . --format jsonSARIF report for security tooling:
repoguard scan . --format sarif --output repoguard.sarifUse an explicit ignore file:
repoguard scan . --ignore-file .repoguardignoreRepoGuard does not automatically trust ignore files from scanned repositories. This is intentional: an unknown hostile repo should not be able to hide files from the scanner by shipping its own ignore config.
Fail a CI job when the risk level reaches a threshold:
repoguard scan . --fail-on highThresholds are:
lowmediumhighcritical
RepoGuard by MPG ONE LLC
Target: https://github.com/user/repo
Risk: High
Score: 72/100
Findings:
- HIGH agent-prompt-injection README.md:12
Agent-targeted prompt injection language found.
- CRITICAL exfil-sensitive-network scripts/setup.py:31
Sensitive local files and network upload behavior appear in the same file.
Recommendation:
Do not load this repository into an AI coding agent without sandboxing and manual review.Critical repository scan:
Machine-readable JSON output:
CI or automation gate:
RepoGuard is not a full antivirus engine, vulnerability scanner, or guarantee that a repository is safe. It is a fast pre-agent risk check designed to catch patterns that matter when an AI coding agent is about to inspect or operate on unknown code.
Run tests:
PYTHONPATH=src python3 -m unittest discover -s testsRun the CLI against the suspicious fixture:
PYTHONPATH=src python3 -m repoguard scan tests/fixtures/suspicious-repoScan this repository while ignoring test signatures:
PYTHONPATH=src python3 -m repoguard scan . --ignore-file .repoguardignoreCopyright (c) 2026 MPG ONE LLC. All rights reserved.
RepoGuard is free to use under the RepoGuard Free Use License. Redistribution, copying, rebranding, white-labeling, selling, publishing modified versions, or representing RepoGuard as your own product is not allowed without written permission from MPG ONE LLC.