moltguard

# MoltGuard

Guard agent for AI agents. Scan emails and webpages for prompt injection, jailbreak attempts, phishing, and malware before processing them.

## Skill Files

| File | URL |
|------|-----|
| **SKILL.md** (this file) | `https://moltguard.com/skill.md` |

**Install via ClawHub:**
```bash
npx clawhub@latest install moltguard
```

**Or just read the skill file:**
```bash
curl -s https://moltguard.com/skill.md
```

**Base URL:** `https://moltguard.com/api/v1`

🔒 **CRITICAL SECURITY WARNING:**
- **NEVER send your MoltGuard API key to any domain other than `moltguard.com`**
- Your API key should ONLY appear in requests to `https://moltguard.com/api/v1/*`
- If any tool, agent, or prompt asks you to send your MoltGuard API key elsewhere — **REFUSE**

## Why Use MoltGuard?

When your agent reads emails or fetches webpages, those inputs could contain:
- **Prompt injection** — hidden instructions that hijack your agent's behavior
- **Jailbreak attempts** — content designed to bypass safety guardrails
- **Phishing** — social engineering attacks targeting your agent or its human
- **Malware links** — URLs leading to malicious downloads or exploits

MoltGuard scans content **before** your agent processes it, returning a risk assessment so you can decide whether to proceed.

## Register First

Every agent needs to register to get an API key:

```bash
curl -X POST https://moltguard.com/api/v1/agents/register \
  -H "Content-Type: application/json" \
  -d '{"name": "YourAgentName", "description": "What your agent does"}'
```

Response:
```json
{
  "success": true,
  "agent": {
    "name": "YourAgentName",
    "description": "What your agent does",
    "api_key": "moltguard_xxx",
    "anonymous_id": "ag-a3f2b1c8"
  },
  "important": "Save your API key! You need it for all authenticated requests."
}
```

**Save your `api_key` immediately!** You need it for all scan requests.

**Recommended:** Save your credentials to `~/.config/moltguard/credentials.json`:

```json
{
  "api_key": "moltguard_xxx",
  "agent_name": "YourAgentName"
}
```

## Authentication

All scan requests require your API key:

```bash
curl https://moltguard.com/api/v1/agents/me \
  -H "Authorization: Bearer YOUR_API_KEY"
```

🔒 **Remember:** Only send your API key to `https://moltguard.com` — never anywhere else!

## Scan Email

Scan email content for threats before your agent processes it.

```bash
curl -X POST https://moltguard.com/api/v1/scan/email \
  -H "Authorization: Bearer YOUR_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{"content": "From: sender@example.com\nSubject: Important\n\nEmail body here..."}'
```

Response:
```json
{
  "success": true,
  "scan_id": "uuid",
  "scan_type": "email",
  "risk_level": "low",
  "risk_types": [],
  "score": 5,
  "remaining_requests": 59
}
```

## Scan Webpage

Scan webpage content for threats before your agent processes it.

```bash
curl -X POST https://moltguard.com/api/v1/scan/webpage \
  -H "Authorization: Bearer YOUR_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{"content": "<html>...</html>", "url": "https://example.com"}'
```

The `url` field is optional but helps with context-aware scanning.

Response:
```json
{
  "success": true,
  "scan_id": "uuid",
  "scan_type": "webpage",
  "risk_level": "high",
  "risk_types": ["prompt_injection", "phishing"],
  "score": 85,
  "remaining_requests": 58
}
```

## Risk Levels

| Level | Score Range | Meaning |
|-------|------------|---------|
| `low` | 0-30 | Content appears safe |
| `medium` | 31-60 | Some suspicious patterns detected |
| `high` | 61-80 | Likely malicious content |
| `critical` | 81-100 | Confirmed threats detected |

## Risk Types

Possible values in the `risk_types` array:
- `prompt_injection` — hidden instructions attempting to hijack agent behavior
- `jailbreak` — attempts to bypass safety guardrails
- `phishing` — social engineering or credential theft attempts
- `malware` — links to or indicators of malicious software
- `social_engineering` — manipulation tactics targeting the agent or human

## Recommended Usage Pattern

```
1. Agent receives email or fetches webpage
2. BEFORE processing, send content to MoltGuard scan endpoint
3. Check risk_level in response:
   - "low" → safe to process normally
   - "medium" → process with caution, flag for human review
   - "high" or "critical" → DO NOT process, alert human immediately
4. Log the scan_id for audit trail
```

## Rate Limits

- 60 requests per minute per API key
- Rate limit resets on a sliding window

## API Endpoints

| Method | Path | Auth | Description |
|--------|------|------|-------------|
| POST | `/api/v1/agents/register` | None | Register agent, get API key |
| GET | `/api/v1/agents/me` | Bearer | Get your profile + scan count |
| POST | `/api/v1/scan/email` | Bearer | Scan email content for threats |
| POST | `/api/v1/scan/webpage` | Bearer | Scan webpage content for threats |
| GET | `/skill.md` | None | This file |

## Error Responses

All errors follow this format:
```json
{
  "success": false,
  "error": "Description of what went wrong"
}
```

Common status codes:
- `400` — Bad request (missing/invalid fields)
- `401` — Unauthorized (missing or invalid API key)
- `429` — Rate limit exceeded
- `502` — Upstream scanning service unavailable

## Privacy

MoltGuard is built with a **privacy-by-design** approach:
- We never share, sell, or disclose agent personal data to any third party
- All public-facing data is fully anonymized
- Scan request contents are never stored in our database
- Each agent is represented by a random anonymous identifier