npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

@flowguard/cli

v0.5.0

Published

AI Agent Security — scan every tool call for secrets, PII, destructive commands, and prompt injection. Runs locally, zero dependencies, no signup required.

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

baraklagzielbaraklagziel

Keywords

ai-securitymcpmcp-securitymcp-scannerclaude-codecursorwindsurfcodexagent-securityagentic-securitydlpdata-loss-preventionowaspsastsbomtool-poisoningprompt-injectionfinopsai-governancesupply-chain-security

Readme

FlowGuard

Security for AI agents. Scan every tool call for secrets, PII, destructive commands, and prompt injection. Runs locally with zero dependencies.

npx @flowguard/cli init

One command. No signup. No API key. No cloud. Instant protection for Claude Code, Cursor, Windsurf, and Codex.

Why FlowGuard

AI agents execute code, read files, query databases, and send emails -- all without human review. FlowGuard sits between your AI agent and its tools, scanning every interaction in real-time.

What happens without FlowGuard:

  • Agent leaks AWS keys in a commit
  • Agent rm -rfs your project directory
  • Malicious MCP server injects hidden instructions via tool descriptions
  • Agent exfiltrates sensitive data through a compromised tool

What happens with FlowGuard:

  • Every tool call scanned in < 1ms, locally
  • Secrets, PII, and destructive commands blocked before execution
  • Local dashboard shows everything your agents are doing
  • Full audit trail stored in local SQLite

Quick Start

# Install and protect your AI tools
npx @flowguard/cli init

# Check protection status
npx @flowguard/cli status

# Start local dashboard
npx @flowguard/cli start

FlowGuard auto-detects your AI tools, installs lightweight hooks, and starts protecting immediately. You'll see [FlowGuard] messages in your terminal on every tool call.

What It Detects

| Category | Examples | Severity | | ------------------------- | ------------------------------------------------------ | ------------ | | Secrets & Credentials | AWS keys, API tokens, private keys, connection strings | RESTRICTED | | Personal Data (PII) | SSN, credit cards, email, phone numbers | RESTRICTED | | Dangerous Commands | rm -rf /, mkfs, piped curl to shell | CRITICAL | | Prompt Injection | Ignore instructions, persona override, jailbreak | CRITICAL | | Hardcoded Passwords | Env secrets, database credentials in code | CONFIDENTIAL |

MCP Server Scanning

When used with the FlowGuard MCP proxy, every MCP server is scanned on first connect:

| Engine | What It Finds | | ------------------- | ------------------------------------------------------------ | | ESLint SAST | Code injection, eval(), exec(), unsafe patterns | | Secretlint | Hardcoded secrets in server source code | | Config Scanner | Insecure transport, excessive permissions, untrusted sources | | Tool Poisoning | Hidden instructions in tool descriptions (OWASP MCP #8) | | Tool Pinner | Rug-pull attacks -- detects when tool definitions change | | Permission Analyzer | Least-privilege violations | | Dependency Scanner | CVEs via OSV.dev -- zero binary deps | | SBOM Generator | CycloneDX SBOM + license compliance |

Optional subprocess scanners (if installed): Trivy, Gitleaks, Grype, Semgrep.

Supported AI Tools

| Tool | Status | Method | | -------------- | ----------- | ------------ | | Claude Code | Supported | Hook scripts | | Cursor | Supported | Hook scripts | | Windsurf | Supported | Hook scripts | | Codex | Coming soon | Hook scripts | | Claude Desktop | Supported | MCP proxy | | Any MCP client | Supported | MCP proxy |

Commands

npx @flowguard/cli init       # Auto-detect tools + install hooks
npx @flowguard/cli status     # Show what's protected
npx @flowguard/cli start      # Start local dashboard (localhost:3000)
npx @flowguard/cli stop       # Stop local dashboard
npx @flowguard/cli uninstall  # Remove all hooks

How It Works

Your AI Agent (Claude Code, Cursor, etc.)
       |
       v
  [FlowGuard Hook]  <-- scans every tool call in < 1ms
       |
       v
  Your tools execute normally
  • Everything runs locally -- no network calls, no cloud, no telemetry
  • Regex-based scanning -- sub-millisecond latency, zero performance impact
  • SQLite storage -- all events logged to ~/.flowguard/flowguard.db
  • Local dashboard -- npx @flowguard/cli start opens a web UI at localhost:3000

Local Dashboard

The dashboard gives you visibility into everything your AI agents are doing:

  • Data flow timeline -- every tool call with classification labels
  • Agent discovery -- which agents are active, what tools they use
  • Risk scoring -- per-agent and per-session risk assessment
  • Policy violations -- blocked actions with severity and context
  • MCP server scanner -- vulnerability findings, OWASP MCP Top 10 coverage

Configuration

# Environment variables (optional)
FLOWGUARD_API_URL    # Dashboard endpoint (default: http://localhost:3000)

# Config files (auto-created by init)
~/.flowguard/flowguard.db       # Local SQLite database
~/.flowguard/guard-rules.yaml   # Custom classification rules
~/.flowguard/policy.yaml        # Policy enforcement rules

Custom Rules

Add your own detection patterns in ~/.flowguard/guard-rules.yaml:

rules:
  - id: internal-project-code
    pattern: "PROJ-[0-9]{4}"
    tier: INTERNAL
    label: "Internal Project Code"

Coming Soon

  • Codex support
  • Team dashboard (share visibility across your team)
  • Policy-as-code enforcement
  • Slack/email alerting

License

MIT