Argus
Static analysis for every package an AI agent installs
Start new thread
Daniel Blanco

Argus - Static analysis for every package an AI agent installs

by
Argus is an open-source static-analysis CLI that inspects every package an AI agent or MCP server tries to install. It runs SAST on the actual source code and blocks malicious payloads before they touch your machine.

Add a comment

Replies

Best
Daniel Blanco
Maker
📌
Hey PH I built Argus out of a frustration I kept running into as a developer. You're deep in a project, moving fast, pulling in a new package or cloning a repo someone recommended. You run the install, it works, and you move on. Then ten minutes later that little voice kicks in — what did I just install? How do I actually know that was safe? Checksums and signatures don't answer that question. They tell you the package is authentic, not what the code actually does. That gap got a lot worse when AI coding agents entered the picture. Now it's not just me making that call. Claude Code, Cursor, and others are autonomously pulling in packages on my behalf and I'm not even in the loop. Argus intercepts the package before it lands, runs static analysis on the actual source, and blocks anything dangerous. One binary, zero dependencies, chains in front of any package manager with &&. It also integrates directly with Claude Code via a PreToolUse hook so agent installs go through the same gate. Happy to answer any questions!