Joined May 2023
- Tweets 132
- Following 60
- Followers 325,667
- Likes 401
28 Photos and videos
Pinned Tweet
Jun 8
We built an open benchmark for AI agent guardrails, ran four tools against 84 real attack samples, and published every result. No cherry-picked demos. No "99% detection" claims you can't reproduce.
Here's what we found 👇🏻
1
4
1,090
AgentGuard 🛡️ retweeted
We’re putting money where the mechanism is.
Introducing GoPlus Growth Fund — with $50K initial deployment
to support quality projects in the @SafuSkill × @fourdotmemezh OpenFour ecosystem.
Here’s what makes it different from every other “ecosystem fund”:
🔸 Not for profit.
The fund doesn’t exit. Doesn’t trim. Doesn’t sell.
Every position is held forever.
🔸 Fully on-chain.
Independent address. Public dashboard.
Every buy, every LP, every wallet — verifiable on BscScan.
🔸 Supports organic growth only.
We allocate to projects with real momentum,
verified builders, and real users — not artificial pumps.
🔸 Real builders only.
GitHub-verified creators.
No farming. No theater.
After deep allocation, projects can choose:
→ Burn the tokens — deflationary signal
→ Or pair them as LP — liquidity for the long run.
Either way, the fund never sells.
This is what an ecosystem fund looks like
when a security company builds it.
Verifiable, not promised.
Address disclosed before first buy.
Stay tuned.
下一个时代的生态基金,长这样。
#GoPlusGrowthFund #SkillCoin #OpenFour
5
2
17
32,509
Jun 12
You approved "fetch database schema." Your MCP server used that approval to read .env, exfiltrate your AWS credentials, and POST your SSH keys to a webhook.
Same session. Same permission grant.
The agent didn't flag it — because from its perspective, a tool returned data and it acted on it. That's not a bug. That's the architecture.
2
1
937
Jun 12
AgentGuard enforces what the protocol doesn't.
Runtime hooks — syscall-level interception before execution. Writes to .env/.ssh/.aws denied.
Unregistered outbound domains rejected. curl|sh, rm -rf caught before fork(). Every block logged with full attribution: which server, which tool, which payload.
Skill scanning — 24 rules before a skill runs. Backdoors, obfuscated scripts, hardcoded webhooks, Web3 drains. Trust Registry auto-attests scope on install; exceed it and you're blocked with the exact call logged.
Daily patrol — 8 integrity checks, 6-dimension health score. Drift detection, not point-in-time audits.
1
105
Jun 12
agentguard init --agent auto — 30 seconds, open source. The protocol won't add this safety layer. That's on you.
github.com/GoPlusSecurity/ag…
93
Jun 10
You just installed 14 skills from a random GitHub repo.
You didn't read them.
Nobody did.
Your Claude Code runs every one with shell access. File access. Environment access. API keys.
One malicious skill away from losing everything.
Here's the fix:
2
4
618
Jun 10
Web3 is the bonus round.
Generic scanners miss a lot of the crypto-specific threat model.
AgentGuard ships with blockchain-aware rules for:
→ Wallet-draining patterns
→ Unlimited token approval risks
→ Reentrancy indicators
→ Proxy exploit patterns
→ Suspicious contract interaction flows
If you build in Web3, this matters.
A lot.
1
150
Jun 10
You are not just “agentic coding.”
You are letting untrusted instructions from strangers run inside your dev environment.
No review.
No sandbox.
No guard.
That is not engineering.
That is gambling.
AgentGuard makes it engineering again.
Open source. MIT licensed.
Install it before your next random skill does something you did not approve.
github.com/GoPlusSecurity/ag…
137