Safety for Agents - a lightweight Agent Detection & Response (ADR) layer for AI agents that guards commands, files, and web requests.
Sage intercepts tool calls (Bash commands, URL fetches, file writes) via hook systems in Claude Code, Cursor / VS Code, and OpenClaw, and checks them against:
- URL reputation - cloud-based malware, phishing, and scam detection
- Local heuristics - YAML-based threat definitions for dangerous patterns
- Package supply-chain checks - registry existence, file reputation, and age analysis for npm/PyPI packages
- Plugin scanning - scans other installed plugins for threats at session start
Requires Node.js >= 18.
/plugin marketplace add https://github.com/avast/sage.git
/plugin install sage@sage
Build and install the extension, then run Sage: Enable Protection from the command palette.
pnpm install && pnpm -C packages/extension run package:cursor:vsix# From npm (recommended)
openclaw plugins install @gendigital/sage-openclaw
# From source
pnpm install && pnpm build
cp -r packages/openclaw sage && openclaw plugins install ./sageSee Getting Started for detailed instructions.
| Document | Description |
|---|---|
| Getting Started | Installation for all platforms |
| How It Works | Detection layers, data flow, verdicts |
| Configuration | All config options and file paths |
| Threat Rules | YAML rule format and what gets checked |
| Package Protection | npm/PyPI supply-chain checks |
| Plugin Scanning | Session-start plugin scanning |
| Architecture | Monorepo structure, packages, design decisions |
| Development | Building, testing, tooling, conventions |
| FAQ | Common questions |
| Privacy | What data is sent, what stays local |
Platform guides: Claude Code · Cursor / VS Code · OpenClaw
- MCP tool call interception (
mcp__*) is not yet implemented - Custom user threat definitions (
~/.sage/threats/) are not yet implemented
Sage sends URL hashes and package hashes to Gen Digital reputation APIs. File content, commands, and source code stay local. Both services can be disabled for fully offline operation. See Privacy for details.
See CONTRIBUTING.md for development setup, coding conventions, and the threat rule contribution process.
Copyright 2026 Gen Digital Inc.
- Source code: Apache License 2.0
- Threat detection rules (
threats/): Detection Rule License 1.1