sage

Name: sage
Author: avast

Verified

Lightweight Agent Detection & Response (ADR) layer for AI agents — guards commands, files, and web requests. Part of Gen Agent Trust Hub.

135stars

6forks

TypeScript

Added 3/9/2026

View on GitHub Download ZIP Scan for vulnerabilities

AI Agentsagentsaiclaude-codeclaude-code-plugincursor-ai

Installation

# Add to your Claude Code skills
git clone https://github.com/avast/sage

Getting Started

Guides for using ai agents skills like sage.

Caveman: Cut Claude Token Use by 65%
How agent-side prompt compression works, when to use it, and when not to.
What is an AI Skills Marketplace?
Definitions, how marketplaces work, and how to choose between them in 2026.
Getting Started with AI Skills

Security ReportVerified

Last scanned: 5/30/2026

{
  "issues": [],
  "status": "PASSED",
  "scannedAt": "2026-05-30T16:19:02.836Z",
  "npmAuditRan": true,
  "pipAuditRan": true
}

README.md

Agentic AI for Beginners

Build your first AI agent from scratch - tool use, ReAct pattern, memory, deployment

41 minBeginner

Comments (0)

to leave a comment.

No comments yet. Be the first to share your thoughts!

Related Skills

ECC

by affaan-m

The agent harness performance optimization system. Skills, instincts, memory, security, and research-first development for Claude Code, Codex, Opencode, Cursor and beyond.

213,760

fireauto ETOS-LLM-Studio

30 days in the Featured rail · terms & refunds

First-time install walkthrough for Claude Code, Codex CLI, and ChatGPT.

AI Agentsai-agentsanthropic

n8n

by n8n-io

Fair-code workflow automation platform with native AI capabilities. Combine visual building with custom code, self-host or cloud, 400+ integrations.

192,127

58,474

TypeScript

MCP Serversaiapis

The agent that grows with you

191,299

33,249

Python

AI Agentsaiai-agent

View details

Compare

everything-claude-code

by affaan-m

The agent harness performance optimization system. Skills, instincts, memory, security, and research-first development for Claude Code, Codex, Opencode, Cursor and beyond.

185,940

28,768

JavaScript

AI Agentsai-agentsanthropic

View details

Compare

claude-code

by anthropics

Claude Code is an agentic coding tool that lives in your terminal, understands your codebase, and helps you code faster by executing routine tasks, explaining complex code, and handling git workflows - all through natural language commands.

120,031

19,897

Shell

AI Agents

An open-source AI agent that brings the power of Gemini directly into your terminal.

105,182

14,041

TypeScript

AI Agentsaiai-agents

View details

Compare

Sage

Safety for Agents - a lightweight Agent Detection & Response (ADR) layer for AI agents that guards commands, files, and web requests.

Sage intercepts tool calls (Bash commands, URL fetches, file writes) via hook systems in Claude Code, Cursor / VS Code, OpenClaw, and OpenCode, and checks them against:

URL reputation - cloud-based malware, phishing, and scam detection
Local heuristics - YAML-based threat definitions for dangerous patterns
Package supply-chain checks - registry existence, file reputation, and age analysis for npm/PyPI packages
Plugin scanning - scans other installed plugins for threats at session start

Quick Start

Claude Code

Requires Node.js >= 18.

/plugin marketplace add https://github.com/avast/sage.git
/plugin install sage@sage

Cursor

Build and install the extension, then run Sage: Enable Protection from the command palette.

pnpm install && pnpm -C packages/extension run package:cursor:vsix

OpenClaw

# From npm (recommended)
openclaw plugins install @gendigital/sage-openclaw

# From source
pnpm install && pnpm build
cp -r packages/openclaw sage && openclaw plugins install ./sage

OpenCode

Use a local source checkout and add the plugin path in OpenCode config:

git clone https://github.com/avast/sage
cd sage
pnpm install
pnpm --filter @sage/opencode run build

{
  "plugin": ["/absolute/path/to/sage/packages/opencode"]
}

See Getting Started for detailed instructions.

Documentation

Document	Description
Getting Started	Installation for all platforms
How It Works	Detection layers, data flow, verdicts
Configuration	All config options and file paths
Threat Rules	YAML rule format and what gets checked
Package Protection	npm/PyPI supply-chain checks
Plugin Scanning	Session-start plugin scanning
AMSI Scanning	Windows antimalware scanning via AMSI
Architecture	Monorepo structure, packages, design decisions
Development	Building, testing, tooling, conventions
FAQ	Common questions
Privacy	What data is sent, what stays local

Platform guides: Claude Code · Cursor / VS Code · OpenClaw · OpenCode

Current Limitations

MCP tool call interception (mcp__*) is not yet implemented
Custom user threat definitions (~/.sage/threats/) are not yet implemented

Privacy

Sage sends URL hashes and package hashes to Gen Digital reputation APIs. File content, commands, and source code stay local. Both services can be disabled for fully offline operation. See Privacy for details.

Contributing

See CONTRIBUTING.md for development setup, coding conventions, and the threat rule contribution process.

License

Source code: Apache License 2.0
Threat detection rules (threats/): Detection Rule License 1.1