Argus - Static analysis for every package an AI agent installs

by
Argus is an open-source static-analysis CLI that inspects every package an AI agent or MCP server tries to install. It runs SAST on the actual source code and blocks malicious payloads before they touch your machine.

Add a comment

Replies

Best
Maker
📌
Hey PH I built Argus out of a frustration I kept running into as a developer. You're deep in a project, moving fast, pulling in a new package or cloning a repo someone recommended. You run the install, it works, and you move on. Then ten minutes later that little voice kicks in — what did I just install? How do I actually know that was safe? Checksums and signatures don't answer that question. They tell you the package is authentic, not what the code actually does. That gap got a lot worse when AI coding agents entered the picture. Now it's not just me making that call. Claude Code, Cursor, and others are autonomously pulling in packages on my behalf and I'm not even in the loop. Argus intercepts the package before it lands, runs static analysis on the actual source, and blocks anything dangerous. One binary, zero dependencies, chains in front of any package manager with &&. It also integrates directly with Claude Code via a PreToolUse hook so agent installs go through the same gate. Happy to answer any questions!
Great question and honestly one of the most common concerns with static analysis tools. The short answer is that Argus is deliberately conservative about what it flags as CRITICAL. Dynamic loading and metaprogramming patterns like importlib.import_module or getattr indirection are WARNING tier, not CRITICAL, so they don't block the install. They're logged so you're aware but you're not stopped. CRITICAL is reserved for things that are almost never legitimate in an install-time context: subprocess spawning, eval/exec, hardcoded API keys, raw network beacons. A package doing subprocess.Popen(["curl", attacker_url]) in setup.py has no legitimate reason to be there. There will still be false positives in edge cases and I've tried to be honest about that on the site. The .argusignore file and inline argus-ignore directives are there for exactly those situations.