Agent Capability Firewall

Secure Every AI Tool Before It ExecutesRuntime Policy Firewall for OpenClaw, Claude Code, Codex CLI & MCP - Block High-Risk Shell, Network & Filesystem Actions in Real Time.

Validated on real agent workflows. Full audit trail. Zero friction setup.

VS Code ExtensionPython SDKClaude CodeCodex CLIMCP GatewayOpenClaw Gateway

No credit card required

Terminal
$ skillgate scan ./my-agent-skill --enforce

  SkillGate v1.0.0 | Agent Skill Security Scan

  Scanning: ./my-agent-skill
  Files:    12 (Python, JS, Shell)
  Rules:    120 active

  ⚠  SG-SHELL-001  subprocess.run() with shell=True  main.py:23
  ⚠  SG-NET-001    urllib.request to external URL     fetch.py:45
  ✕  SG-CRED-001   Hardcoded API key detected         config.py:12
  ✕  SG-EVAL-001   eval() with user input             handler.py:67

  Risk Score: 74/200 (Medium)
  Policy:     FAIL: 2 critical findings exceed threshold

  ✕ Deployment blocked. Fix critical findings to proceed.
120
Security Checks
7
Attack Surfaces Governed
≤20ms
Sidecar P95 Target
≤30ms
Codex Bridge P95 Target

Blocks risky actions before local and CI execution

Protects Claude and MCP tool workflows with trust checks

Secures Codex runs with safe defaults and provider controls

Testbed Evidence

Generated from public agent repositories and replayed with authenticated SkillGate sidecar enforcement.

Total testbed corpus

3,470 invocations

awesome-llm-apps corpus

496 invocations

antigravity corpus

2,856 invocations

openclaw corpus

106 invocations

nanobot corpus

12 invocations

Authenticated sidecar replay

1,735 baseline invocations

SkillGate testbed proof card for shubhamsaboo awesome-llm-apps corpus replay
SkillGate testbed proof card for sickn33 antigravity-awesome-skills corpus replay
SkillGate testbed proof card for openclaw skills corpus replay
SkillGate testbed proof card for HKUDS nanobot skills corpus replay
SkillGate corpus size comparison across all capability testbed repositories

Why teams pick SkillGate

One control plane from static scan to runtime enforcement, built for agent security teams.

Runtime Sidecar Enforcement

Block risky tool actions before they run across editor, local, and CI workflows.

  • Checks shell, network, and file actions before execution
  • Applies team policy consistently across environments
  • Returns clear allow or block outcomes with reasons
  • Powers VS Code extension preflight and Python SDK @enforce decisions
  • Continuously validated with capability testbed corpora built from real-world agent repos
  • Keeps security overhead low for developer workflows

Auth and Offline License Modes

Keep protections reliable with secure sessions and safe fallback behavior.

  • Verifies active access before sensitive operations
  • Supports limited-connectivity scenarios without silent bypass
  • Matches runtime limits to your active plan
  • Stores credentials safely in normal operation

MCP Gateway for Claude Code

Protect MCP tool paths before requests reach external providers.

  • Approves trusted providers and blocks unknown sources
  • Flags risky tool metadata before model exposure
  • Detects permission changes that exceed approved scope
  • Maintains an auditable trust history for integrations

Claude Ecosystem Governance

Protect Claude workspaces from unsafe configuration and prompt injection.

  • Scans instruction files such as CLAUDE.md and AGENTS.md
  • Checks hooks and plugins before risky capabilities are allowed
  • Tracks configuration changes that impact safety posture
  • Helps teams investigate and remediate incidents quickly

Codex Bridge and CI Guard Mode

Run Codex safely with policy checks and strict CI defaults.

  • Runs Codex through SkillGate safety checks by default
  • Blocks unexpected config changes before execution
  • Requires re-approval when provider binaries change
  • Prevents silent expansion of trusted commands and providers

Signed Audit Proof for Compliance

Generate records your security and compliance teams can trust.

  • Exports JSON and SARIF for existing security tools
  • Signs scan and runtime records for audit confidence
  • Preserves action history for incident response
  • Provides remediation context for blocked operations

From First Scan to Production Protection

Flexible Pricing

Pricing That Grows With Your Team

Start with local visibility, then add CI blocking and runtime enforcement as you scale.

Free: basic visibility. Pro: stronger policy checks. Team: CI protection across repos. Enterprise: advanced controls and evidence for high-trust environments.

SkillGate Control Stack

Three layers: static policy checks, CI enforcement, then runtime and org controls.

Coverage Progression

Local and Policy ChecksCI and Team ProtectionProduction and Org Controls

Billing

Yearly saves 17%
Developer VisibilityTeam EnforcementOrg Control Plane
LEach step adds stronger prevention and tighter runtime boundaries.

Pick a plan by how much control you need in real production paths.

Local and Policy Checks

Start with practical scanning and clear policy decisions.

Local Checks

Free

Visibility only. No enforcement.

Designed for: Individual AI developers

Developer visibility

Governance Depth
$0forever

Run your first security scans for agent skills.

Static Governance

  • 3 scans per day
  • Baseline risk scoring
  • Top 5 findings per scan
  • Python, JS, TS, Shell analysis
  • CLI output (human-readable)
  • No policy enforcement
  • No signed attestations
  • No CI/CD integration
Most Popular

Policy Checks

Pro

Detect issues, but cannot block production merges.

Designed for: Freelancers and solo AI builders

Full static governance

Governance Depth
$41/month, billed annually

Save 17% with annual billing

Full static policy controls for individual developers and freelancers.

Static Governance + Policy Engine

  • Unlimited scans
  • All 7 languages (+ Go, Rust, Ruby)
  • 120 detection rules
  • Markdown and multi-artifact detection
  • Full risk scoring with severity + confidence breakdown
  • Policy customization (YAML)
  • Ed25519 signed attestation reports
  • Capability modeling and simulation
  • JSON + SARIF output formats
  • Email support
  • No CI/CD PR blocking

CI and Team Protection

Protect pull requests and keep standards consistent across repos.

Team Workflow Protection

Team

Enforce in CI, but runtime still uncontrolled.

Designed for: Engineering teams shipping AI workflows

Engineering team governance

Governance Depth
$83/month, billed annually

Save 17% with annual billing

CI enforcement and fleet controls for engineering teams.

Static + Policy + CI + Fleet Governance

  • Everything in Pro
  • Fleet-wide scanning controls
  • Multi-skill summaries with deterministic outputs
  • GitHub Action PR blocking
  • GitLab CI / Bitbucket Pipelines
  • Low-noise deterministic PR annotations
  • SARIF upload to GitHub Security tab
  • Org policy presets and drift detection
  • Central team dashboard
  • Slack/webhook alerts
  • Org risk posture summary
  • Up to 15 seats
  • Priority support
  • No dedicated signing keys

Production and Org Controls

Add stronger controls for production workflows and enterprise requirements.

Organization-Wide Controls

AI Agent Control Plane

Production Tier

Enterprise

Enforce at execution boundary.

Designed for: Regulated AI platforms

Foundational security infrastructure

Governance Depth
CustomAnnual contract

Runtime security control plane for regulated enterprise execution.

Full Control Stack

  • Runtime Budgets
  • Trust DAG
  • Compliance Exports
View Runtime Control Path

Skill -> Policy Engine -> Runtime Gateway -> Capability Budgets -> Lineage DAG

EU AI ActSOC2On-premAir-gapSigned AI-BOM
  • Everything in Team + regulated runtime controls
  • Runtime capability budgets
  • Transitive risk & trust propagation graph
  • Signed AI-BOM with cryptographic provenance
  • Org-wide policy simulation and rollout planning
  • Private relay and air-gapped deployment modes
  • Signed reputation graph integration
  • Authoritative entitlement APIs and signed decision logs
  • View all enterprise capabilities
    • Audit-grade export bundles
    • Control-mapping evidence (EU AI Act, SOC 2, internal controls)
    • Unlimited seats
    • On-prem and hybrid entitlement enforcement
    • Dedicated support engineer
    • Custom SLAs
  • Custom onboarding plan
  • Architecture and security review support
  • Dedicated support engineer

When Teams Usually Move to Team

  • You need reliable merge blocking in CI, not just warnings.
  • You need one view across multiple repos and skill bundles.
  • You need policy drift tracking at the org level.

When Programs Move to Enterprise

  • You must enforce controls at runtime, not only at PR time.
  • You need evidence packs ready for reviews and audits.
  • You require private relay or disconnected deployment models.
  • You need clear decision logs for security and compliance teams.
Compare Plans Across the Full Control Plane

Full capability matrix across policy, CI, runtime, and compliance needs.

CapabilityFreeProTeamEnterprise

Static Governance

Static governance baseline scans

IncludedIncludedIncludedIncluded

Policy-as-code customization

Not includedIncludedIncludedIncluded

Signed attestations and verification

Not includedIncludedIncludedIncluded

CI & Fleet Governance

Fleet-wide scanning across multiple skills and repositories

Not includedNot includedIncludedIncluded

CI/CD PR blocking and deterministic annotations

Not includedNot includedIncludedIncluded

Org risk posture summaries and drift controls

Not includedNot includedIncludedIncluded

Runtime & Org Control Plane

Runtime capability budgets

Not includedNot includedNot includedIncluded

Transitive risk and trust propagation graph

Not includedNot includedNot includedIncluded

Org-scale policy simulation and rollout modeling

Not includedNot includedIncludedIncluded

Private relay and air-gapped enforcement modes

Not includedNot includedNot includedIncluded

Audit export bundles and control-mapping evidence workflows

Not includedNot includedNot includedIncluded

Compliance & Evidence

Control mapping evidence packages (EU AI Act, SOC 2, internal controls)

Not includedNot includedLimitedIncluded

Signed governance decision logs and provenance export support

Not includedNot includedLimitedIncluded
Procurement GuideCompliance GuideDeployment Guide

Ship Claude Code and Codex workflows with guardrails

Start with runtime protections locally, then enforce the same guardrails for MCP and Codex in CI.

Built on regression testbeds that replay capability patterns from large public agent skill collections.

# Install

pip install skillgate

# Scan a skill

skillgate scan ./my-skill --enforce

# Verify a signed report

skillgate verify report.json