Claude Skill
gendigitalinc/sage
Sage is a lightweight Agent Detection & Response (ADR) layer that guards commands, files, and web requests for AI agents. Integrates with Claude Code, Cursor, and VS Code.
Overview
Repository
Install this Skill
git clone https://github.com/gendigitalinc/sage.gitRegistry
Summary
Sage is a lightweight Agent Detection & Response (ADR) layer that monitors and guards commands, file operations, and web requests made by AI agents. It integrates with Claude Code, Cursor, and VS Code as part of the Gen Agent Trust Hub, providing real-time security oversight without heavy overhead.
轻量级AI代理检测与响应(ADR)层——守护命令、文件及网络请求。隶属于Gen代理信任中心。
Key features
- Lightweight ADR layer for AI agents
- Guards commands, file operations, and web requests
- Integrates with Claude Code, Cursor, and VS Code
- Part of the Gen Agent Trust Hub ecosystem
- Real-time detection and response for agent actions
Use cases
- Monitor and block unsafe commands in Claude Code sessions
- Prevent unauthorized file access by AI agents in VS Code
- Audit web requests made by Cursor AI extensions
- Enforce security policies across agent workflows
- Enable safe agent automation in development environments
README excerpt
# Sage <p align="center"> <img src="images/logo-shaded.png" alt="Sage" width="250"> </p> <p align="center"> <strong>Safety for Agents</strong> — Agent Detection & Response for AI coding assistants </p> --- <p align="center"> <img src="images/block-cc-chmod.gif" alt="Sage blocking a dangerous command in Claude Code" width="700"> </p> Sage is a lightweight security layer that protects AI agents from executing dangerous actions. It intercepts tool calls — shell commands, URL fetches, file writes — and checks them against multiple threat detection layers before they run. > **Note:** Sage may appear under a different product name (e.g., Norton Sage, Avast Sage) depending on how it was installed. See [Branding](docs/branding.md) for details. ## Key Features - **URL reputation** — cloud-based detection of malware, phishing, and scam URLs - **Local heuristics** — 300+ YAML-based threat patterns for dangerous commands, suspicious URLs, credential exposure, and obfuscation - **Prompt injection detection** — two-tier defense (heuristics + fine-tuned ML model) against injected instructions in fetched content. See [Prompt Injection](docs/prompt-injection.md) - **Package supply-chain checks** — registry existence, file reputation, and age analysis for npm/PyPI packages - **Plugin scanning** — scans installed plugins for threats at session start - **AMSI integration** — Windows Antimalware Scan Interface support (Windows + WSL via PowerShell interop; no-op on macOS and non-WSL Linux) ## Quick Start Visit **[ai.gendigital.com/sage](https://ai.gendigital.com/sage)** for the latest installation instructions, or use the platform-specific guides below. **Claude Code** — [install guide](https://ai.gendigital.com/sage#install-claude-code) · requires [Node.js >= 18](https