GuardScan

Three-layer security scanner for code, URLs, and GitHub repos. Detects secrets, prompt-injection vectors, data-exfiltration paths, and PCI-DSS violations. Free, runs locally.

Run locally

npx @merchantguard/guardscan .

Three layers

Layer 1: 102 static patterns across 17 categories.
Layer 2: VirusTotal hash lookup for known IOCs.
Layer 3: AI judge for context-aware findings (only on suspicious matches).

GitHub Action

.github/workflows/guardscan.yml

name: GuardScan
on: [pull_request]
jobs:
  scan:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
      - uses: MerchantGuard/guardscan-action@v1
        with:
          fail-on: critical

Nothing on this page is legal advice. Trademarks pending: MerchantGuard™ (Serial 99051215), GuardScore™ (Serial 99030125), AgentGuard™ (Serial 99462472). Patents 63/983,615 / 63/983,621 / 63/983,843 / 63/984,626 (provisional, filed Feb 17 2026). See LEGAL.md, PATENTS.md, DISCLAIMER.md.

AgentGuard™

GuardScore Learn PSP Match High Risk Account