Sage

Safety for Agents - a lightweight Agent Detection & Response (ADR) layer for AI agents that guards commands, files, and web requests.

Sage intercepts tool calls (Bash commands, URL fetches, file writes) via hook systems in Claude Code, Cursor / VS Code, OpenClaw, and OpenCode, and checks them against:

• URL reputation - cloud-based malware, phishing, and scam detection
• Local heuristics - YAML-based threat definitions for dangerous patterns
• Package supply-chain checks - registry existence, file reputation, and age analysis for npm/PyPI packages
• Plugin scanning - scans other installed plugins for threats at session start

Quick Start

Claude Code

Requires Node.js >= 18.

/plugin marketplace add https://github.com/gendigitalinc/sage.git
/plugin install sage@sage

Cursor

Build and install the extension, then run Sage: Enable Protection from the command palette.

pnpm install && pnpm -C packages/extension run package:cursor:vsix

OpenClaw

# From npm (recommended)
openclaw plugins install @gendigital/sage-openclaw

# From source
pnpm install && pnpm build
cp -r packages/openclaw sage && openclaw plugins install ./sage

OpenCode

Use a local source checkout and add the plugin path in OpenCode config: