Hi HN, I built this because AI agents have full shell/file/network access but zero security review for third-party skills. AgentGuard auto-scans skills before they run (24 detection rules), blocks dangerous runtime actions (rm -rf, credential theft, pipe injection), and provides Web3 asset protection via GoPlus API (token honeypots, tx simulation, phishing detection). Works with Claude Code, OpenClaw, and any MCP-compatible agent. MIT licensed, 134 tests. Would love feedback on detection gaps and what platforms to support next.