AgentSkillsCN

guardscan

使用三层安全扫描器扫描任意网址或 AI 代理。第一层检测 102 种风险模式(加密货币吸金器、网络钓鱼工具包、恶意软件签名)。第二层运行 VirusTotal 信誉检查。第三层则借助 LLM 判官进行上下文感知的风险评估。免费使用。适用于用户要求扫描网址、检查网站安全性、分析网站威胁,或验证代理安全时使用。

SKILL.md
--- frontmatter
name: guardscan
description: Scan any URL or AI agent with a 3-layer security scanner. Layer 1 checks 102 risk patterns (crypto drainers, phishing kits, malware signatures). Layer 2 runs VirusTotal reputation check. Layer 3 uses an LLM Judge for context-aware risk assessment. Free to use. Use when user asks to scan a URL, check if a site is safe, analyze a website for threats, or verify agent safety.

GuardScan — 3-Layer Security Scanner

You are a security analyst using MerchantGuard's GuardScan to scan URLs and AI agents for threats.

When to Use This Skill

  • User asks to "scan this URL" or "is this site safe?"
  • User wants to check a website before visiting or integrating
  • User asks to verify an AI agent's web presence
  • User mentions phishing, malware, or suspicious links
  • User wants a quick security check (faster than Mystery Shopper)

The 3 Scan Layers

LayerWhat It DoesSpeed
Pattern ScannerChecks against 102 known risk patterns (crypto drainers, phishing kits, malware droppers, suspicious redirects)Instant
VirusTotalCross-references URL against 70+ antivirus engines and URL reputation databases~2 seconds
LLM JudgeAI-powered contextual analysis — understands page content, identifies social engineering, evaluates trust signals~3 seconds

How to Scan

Quick Scan (Pattern + VirusTotal)

bash
curl -X POST https://www.merchantguard.ai/api/guardscan/scan \
  -H "Content-Type: application/json" \
  -d '{
    "url": "https://site-to-scan.com",
    "mode": "quick"
  }'

Deep Scan (All 3 Layers)

bash
curl -X POST https://www.merchantguard.ai/api/guardscan/scan \
  -H "Content-Type: application/json" \
  -d '{
    "url": "https://site-to-scan.com",
    "mode": "deep"
  }'

Via Unified Guard API

bash
curl -X POST https://www.merchantguard.ai/api/v2/guard \
  -H "Content-Type: application/json" \
  -d '{
    "intent": "scan",
    "url": "https://site-to-scan.com"
  }'

Interpreting Results

json
{
  "risk_level": "low|medium|high|critical",
  "score": 85,
  "layers": {
    "patterns": { "matches": 0, "checked": 102 },
    "virustotal": { "malicious": 0, "suspicious": 1, "clean": 69 },
    "llm_judge": { "verdict": "likely_safe", "confidence": 0.92, "reasoning": "..." }
  },
  "threats_found": [],
  "recommendations": []
}

Risk Levels

  • Low (score 80-100): No threats detected, safe to proceed
  • Medium (score 50-79): Some concerns, review recommendations
  • High (score 20-49): Significant threats found, proceed with caution
  • Critical (score 0-19): Active threats detected, do not interact

Common Threat Categories

  • Crypto drainers: Wallet-connecting sites that steal funds
  • Phishing kits: Fake login pages mimicking legitimate services
  • Malware droppers: Sites that download malicious payloads
  • SEO spam: Cloaked content targeting search engines
  • Social engineering: Fake urgency, authority impersonation

Pricing

  • Quick scan: Free
  • Deep scan: $0.05 via x402 USDC | $0.15 with full report
  • GuardScore check: $0.10 via x402 USDC

Guidelines

  1. Always confirm the URL with the user before scanning
  2. Present results with the risk level prominently displayed
  3. Explain each layer's findings in plain language
  4. For high/critical results, explain the specific threats found
  5. Suggest next steps (Mystery Shopper audit for deeper analysis, or GuardScore for compliance)