Hol Guard
AI antivirus for developer agents: protect Codex, Claude Code, Cursor, Gemini, OpenCode, plugins, skills, MCP servers, and AI harnesses before tools run.
What is Hol Guard?
Hol Guard is a Model Context Protocol (MCP) server that allows AI assistants like Claude, Cursor, and VS Code to ai antivirus for developer agents: protect codex, claude code, cursor, gemini, opencode, plugins, skills, mcp servers, and ai harnesses before tools run.
AI antivirus for developer agents: protect Codex, Claude Code, Cursor, Gemini, OpenCode, plugins, skills, MCP servers, and AI harnesses before tools run.
This server falls under the Security category on MCPgee, the world's largest MCP server directory with 33,000+ servers.
Features
- AI antivirus for developer agents: protect Codex, Claude Cod
Use Cases
Maintainer
Works with
Installation
Manual Installation
npx hol-guardConfiguration
Configuration Details
claude_desktop_config.json
Performance
Response Metrics
Resource Usage
How to Set Up and Use Hol Guard
HOL Guard is an AI antivirus and security layer for developer AI harnesses that intercepts tool actions before files change or network access occurs. It integrates with Codex, Claude Code, Cursor, Gemini CLI, OpenCode, and other harnesses to block malicious commands, detect prompt injection, scan for leaked secrets, and log a receipt history of every approved or denied action. Its companion tool Plugin Scanner evaluates the quality and security posture of Codex plugins, Claude Code extensions, Gemini extensions, and OpenCode plugins before they run.
Prerequisites
- Python 3.11 or later (for Cisco MCP scanning coverage); Python 3.9+ for basic features
- pipx recommended for isolated installation (pip also supported)
- At least one supported AI harness: Codex, Claude Code, Cursor, Gemini CLI, or OpenCode
- Free HOL Guard Cloud account at hol-guard.com for advisory sync (optional)
Install HOL Guard and Plugin Scanner
Install both packages using pipx for isolated environments. Use pip if you prefer a global install. For Cisco MCP scanning coverage, install the cisco extra and ensure Python 3.11+.
pipx install hol-guard
pipx install plugin-scannerRun first-time setup
Run hol-guard init to go through the guided first-run setup, which detects your installed harnesses and configures default security settings.
hol-guard initBootstrap your harness
Run the bootstrap command to auto-detect your primary AI harness and install HOL Guard's approval gates into it. This sets up the interception layer for Claude Code, Codex, or whichever harness is detected.
hol-guard bootstrapSet your security level
Choose a protection level from Gentle (minimal friction) to Paranoid (blocks all unrecognized MCP server actions). Balanced is the default and blocks secrets, shell exfiltration, and prompt injection.
hol-guard settings set security-level balancedLaunch your harness with approval gates
Use hol-guard run to start your AI harness through HOL Guard's protection layer. The --dry-run flag lets you preview which actions would be blocked without actually blocking them.
hol-guard run codex --dry-run
hol-guard run codexReview approvals and receipts
Check pending approvals and review the history of all decisions HOL Guard has made during your sessions.
hol-guard approvals
hol-guard receipts
hol-guard statusHol Guard Examples
Plugin Scanner usage
Scan a local plugin directory for security issues, manifest problems, and code quality issues. Output can be plain text, JSON, Markdown, or SARIF for CI integration.
plugin-scanner scan ./my-plugin
plugin-scanner scan . --format sarif --output report.sarif
plugin-scanner verify .
plugin-scanner lint ./my-pluginPrompts to try
HOL Guard operates at the harness level rather than as a conversational MCP server, but these commands demonstrate typical security workflows.
- Run `hol-guard status` to see which harnesses are protected and what security level is active
- Run `plugin-scanner scan .` in a plugin directory to audit it before installation
- Run `hol-guard receipts` to review a full log of what your AI agent has approved or blocked
- Run `hol-guard run claude-code` to launch Claude Code through the HOL Guard approval gate
- Run `hol-guard connect` to link to HOL Guard Cloud for advisory sync and threat intelligenceTroubleshooting Hol Guard
hol-guard bootstrap does not detect my harness
Run `hol-guard start` to see what harnesses were detected. If your harness is missing, ensure it is installed in a standard location. You can also manually specify the harness with `hol-guard run <harness-name>`.
Cisco MCP scanning features are unavailable
Cisco coverage requires Python 3.11+ and the cisco extra: `pip install "hol-guard[cisco]"`. Set CISCO_MCP_SCAN=auto in your environment or pass --cisco-mode auto to scan commands.
Advisory sync fails with authentication error
Run `hol-guard connect` to authenticate with HOL Guard Cloud. For SSH or CI environments without a browser, use `hol-guard connect --headless` which provides a URL to complete auth on another device.
Frequently Asked Questions about Hol Guard
What is Hol Guard?
Hol Guard is a Model Context Protocol (MCP) server that ai antivirus for developer agents: protect codex, claude code, cursor, gemini, opencode, plugins, skills, mcp servers, and ai harnesses before tools run. It connects AI assistants to external tools and data sources through a standardized interface.
How do I install Hol Guard?
Follow the installation instructions on the Hol Guard GitHub repository. Clone the repo, install dependencies, and add the server config to your AI client.
Which AI clients work with Hol Guard?
Hol Guard works with all major MCP-compatible AI clients including Claude Desktop, Claude Code, Cursor, VS Code (GitHub Copilot), Windsurf, and Cline.
Is Hol Guard free to use?
Yes, Hol Guard is open source and available under the NOASSERTION license. You can use it freely in both personal and commercial projects.
Hol Guard Alternatives — Similar Security Servers
Looking for alternatives to Hol Guard? Here are other popular security servers you can use with Claude, Cursor, and VS Code.
Casdoor
★ 13.6kAn open-source Agent-first Identity and Access Management (IAM) /LLM MCP & agent gateway and auth server with web UI supporting OpenClaw, MCP, OAuth, OIDC, SAML, CAS, LDAP, SCIM, WebAuthn, TOTP, MFA, Face ID, Google Workspace, Azure AD
ghidraMCP
★ 9.0kAn Model Context Protocol server that enables LLMs to autonomously reverse engineer applications by exposing Ghidra's decompilation and analysis tools. It allows AI agents to list code structures, rename methods, and analyze binaries directly through
HexStrike AI
★ 8.9kHexStrike AI MCP Agents is an advanced MCP server that lets AI agents (Claude, GPT, Copilot, etc.) autonomously run 150+ cybersecurity tools for automated pentesting, vulnerability discovery, bug bounty automation, and security research. Seamlessly b
IDA Pro MCP
★ 8.7kEnables AI-assisted reverse engineering in IDA Pro by providing tools to analyze binaries, decompile functions, manage comments, search patterns, and interact with the IDA database through natural language.
Anthropic Cybersecurity Skills
★ 6.6k754 structured cybersecurity skills for AI agents · Mapped to 5 frameworks: MITRE ATT&CK, NIST CSF 2.0, MITRE ATLAS, D3FEND & NIST AI RMF · agentskills.io standard · Works with Claude Code, GitHub Copilot, Codex CLI, Cursor, Gemini CLI & 20+ platform
Hooker
★ 5.1k🔥🔥 hooker is a Frida-based reverse engineering toolkit for Android. It offers a user-friendly CLI, universal scripts, auto hook generation, memory roaming to detect activities/services, one-click SOCKS5 proxy setup, Frida JustTrustMe, and BoringSSL u
Browse More Security MCP Servers
Explore all security servers available in the MCPgee directory. Each server includes setup guides for Claude, Cursor, and VS Code.
Set Up Hol Guard in Your Editor
Choose your AI client for step-by-step setup instructions.
Quick Config Preview
Add this to your claude_desktop_config.json or .cursor/mcp.json
Ready to use Hol Guard?
Browse our complete directory of 33,000+ MCP servers, read setup guides for your editor, and start building with the Model Context Protocol.