Guardian Agent (now in beta) allows users to securely empower remote hosts to take actions on their behalf, using their SSH credentials. It allows Mosh and SSH users to enable agent forwarding for every connection, even to hosts they may not fully trust.

Guardian Agent is an alternative to traditional ssh-agent forwarding, which can only safely be enabled when connecting to trusted hosts. The traditional ssh-agent protocol doesn't give the agent information about which host is asking to perform a command on the user's behalf, which server that hosts wants to connect to, or which command the host wants to perform: