ToolPin

io.tooloracle/agentguard

io.tooloracle/agentguard · v1.0.0 · MCP 2025-03-26

AgentGuard — 20-tool AI safety MCP: policy preflight, risk scoring, audit logging, rate limits.

Reachability reachable
checked 2026-07-14 03:24 UTC
Registry status active
Tools pinned 24
b8ecbc93dd0e
Tools last changed unchanged since first capture 2026-07-14

Provenance

Registry namespace io.tooloracle (domain verified by the official registry)
Repository github.com/tooloracle/agentguard
Remote endpoints
https://feedoracle.io/guard-oracle/mcp/ (streamable-http)

Observed changes

When (UTC)EventDetail
2026-07-14 03:24 first capture 24 tools pinned

Pinned tool definitions (24)

ToolDescription
policy_preflight Pre-flight security check before any tool call. Evaluates all policies, computes risk score, checks rate limits, and returns allow/deny/require_approval decision. Call this BEFORE executing any agent tool. Writes to audit log automatically.
tool_risk_score Compute 0-100 risk score for any tool + input combination. 0=minimal risk (read-only), 100=critical (payment/irreversible). Detects secrets, injection attempts, high-value amounts. Use before deciding whether to proceed with a tool call.
approval_required Check if a tool call requires human approval before execution. Returns requires_approval=true/false with matched policy list. Set register_pending=true to create a trackable approval request with an approval_url for human review.
audit_log_write Write a tool call result to the persistent, signed audit log. Call this AFTER tool execution with the outcome. Each entry is cryptographically signed for tamper-evidence. Essential for compliance, DORA, MiCA audit trail requirements.
audit_log_query Query the persistent audit trail. Filter by agent, tool, decision, time range. Returns signed entries with tamper-detection. Use for compliance reporting, anomaly detection, or agent behaviour analysis.
decision_explain Get a human-readable explanation of why a tool call was allowed or denied. Pass request_id from a previous policy_preflight for stored explanation, or provide tool_name + tool_args for fresh analysis. Explains matched policies, risk...
rate_limit_check Check if an agent has exceeded rate limits. Returns per-window usage (minute/hour/day) with percentage used. Limits: 200/min, 5000/hr, 50000/day per agent. Use before high-frequency tool calls or for agent health monitoring.
payment_policy_check Validate a payment against policy rules before execution. Checks amount limits (>100k warns, >1M blocks), recipient allowlist/denylist, supported currencies/networks, AML reporting thresholds, and MiCA flags. Returns approved/rejected...
spend_limit_check Check if a payment amount stays within agent spend limits. Default limits: 10,000/call, 50,000/hr, 200,000/day. Trusted agents: 100,000/call, 500,000/hr, 2,000,000/day. Returns within_limits=true/false with headroom percentage.
secret_exposure_check Deep scan any text/payload for secrets, credentials, and PII. Detects: API keys (OpenAI, GitHub, AWS), tokens (Slack, Bearer), private keys (ETH, Bitcoin), credentials (passwords, secrets), and PII (emails, credit cards, SSNs). Returns...
payload_safety_check Comprehensive safety scan for injection attacks and dangerous patterns. Detects: prompt injection, jailbreak/DAN attempts, role hijacking, SQL injection (UNION/DROP/OR 1=1), XSS, Python/JS/Shell code injection, path traversal, oversized...
replay_guard_check Detect replay attacks — identical requests sent multiple times in a time window. Uses SHA256 fingerprint of (agent_id + tool_name + args). Default window: 300 seconds (5 min). Returns is_replay=true/false with duplicate count and...
cross_tool_anomaly_check Detect anomalous tool usage patterns across an agent recent history. Checks risky tool combinations (AML-then-payment, wallet-recon-then-transfer), high call frequency, repeated denials, broad reconnaissance, elevated risk scores.
scope_check Check if agent has required scope for a tool. Roles: admin, compliance_officer, trader, auditor, developer, readonly. Returns has_scope + missing scope + granting roles.
session_validate Create/validate/invalidate agent sessions with role, scopes, TTL and call budget. Actions: create|validate|invalidate|info.
tenant_policy_check Multi-tenant governance. Tenants: default, fintech_eu (MiCA/DORA), defi_protocol, enterprise_read. Checks tool blocklists, max risk scores, spend limits. Actions: check|list.
threat_intel_check Check entity against threat intelligence. Auto-detects ETH addresses, IPs, domains. Checks sanctions (Tornado Cash), disposable services, behavioral analysis from audit log. Returns threat_level: none|low|medium|high|critical.
output_safety_scan Post-execution output scanner. Checks tool output for PII leaks (email, phone, SSN, IBAN), secret exposure, data exfiltration patterns (outbound URLs, base64), and tool poisoning (injected instructions). Verdict: clean|warn|flag|block.
emergency_kill Emergency kill-switch. Immediately terminates agent session(s), revokes pending approvals, blocks rate limits, and audit-logs the emergency. Use for: compromised agents, runaway automation, suspicious behavior. kill_type: full|session_only|soft.
tool_manifest_verify Supply-chain verification for MCP tools. Checks publisher identity against allowlist, scans tool descriptions for prompt injection, validates server domain and signing capability. Verdict: trusted|caution|block.
approval_resolve Resolve a pending approval request. Approve or deny a tool call that was flagged for human review. Updates agent state and creates audit trail. Requires authentication.
approval_list List approval requests. Filter by status (pending/approved/denied/all), agent_id, or tool_name. Shows summary stats.
policy_register View the central policy registry. Query tiers (T1-T4), tool classifications, escalation rules. Actions: summary (default), lookup (by tool_name), tiers, rules, tools (by tier_id).
guard_metrics AgentGuard operational metrics. Returns decision stats, top agents/tools, risk distribution, daily activity, approval stats, and tier distribution.

Status badge

ToolPin status badge for io.tooloracle/agentguard

[![ToolPin](https://toolpin.dev/badge/io.tooloracle/agentguard.svg)](https://toolpin.dev/servers/io.tooloracle/agentguard)

Maintain this server? Add the badge to your README — it links your users to this live status page.