snyk/agent-scan

MCPcommunity
snykApache-2.0Updated 21d agoGitHub

Security scanner for AI agents, MCP servers and agent skills.

Discover and scan agent components on your machine for prompt injections and vulnerabilities (including agents, MCP servers, skills). NEW Read our technical report on the emerging threats of the agent skill eco-system published together with Agent Scan 0.4, which adds support for scanning agent skills. Agent Scan helps you keep an inventory of all your installed agent components (harnesses, MCP…

Automatically indexed from public sources. Not yet verified by the developer on Forge.Claim this listing →
3kGitHub stars
232Forks
21d agoLast update
Package
Authorsnyk
LicenseApache-2.0
Sourcegithub
Trust Status
B
60/100Good
Listed in Forge index+10/10
Publisher identity verified+0/25
Publisher: run `forge publish` from the package repo to claim ownership
Ed25519 publish signature+0/10
Included automatically when the publisher runs `forge publish`
Domain verification+0/5
Publisher: host /.well-known/forge.json on the package homepage with { "publisher": "<github-login>" }
CVE scan · not run+0/30
Not yet scanned — package must be on npm
Static analysis · clean+20/20
npm provenance (Sigstore)+0/5
Publish from GitHub Actions with the --provenance flag
Paste into Claude Code, Cursor, or any AI assistant to fix all gaps
StatusCommunity-indexed
PublisherUnverified
SignatureUnsigned
Domain
Provenance
DependenciesNot audited
Tool surface
Security scan✓ CleanvHEAD · 19d ago
EvalsNone
IndexedMay 24, 2026

Verification confirms publisher identity (repo ownership), not code safety. The security scan covers known CVEs and suspicious install scripts — it cannot prove the absence of malicious code.

About

Discover and scan agent components on your machine for prompt injections and vulnerabilities (including agents, MCP servers, skills). NEW Read our technical report on the emerging threats of the agent skill eco-system published together with Agent Scan 0.4, which adds support for scanning agent skills. Agent Scan helps you keep an inventory of all your installed agent components (harnesses, MCP servers, and skills) and scans them for common threats like prompt injections, sensitive data…

Keywords
agentaimcpmodelcontextprotocolsecurity