Agent Scan

v1.0.0Securitystable

Security scanner for AI agents, MCP servers and agent skills.

agentaimcpmodelcontextprotocolsecurity
Share:
2,449
Stars
0
Downloads
0
Weekly
0/5

What is Agent Scan?

Agent Scan is a Model Context Protocol (MCP) server that allows AI assistants like Claude, Cursor, and VS Code to security scanner for ai agents, mcp servers and agent skills.

Security scanner for AI agents, MCP servers and agent skills.

This server falls under the Security category on MCPgee, the world's largest MCP server directory with 33,000+ servers.

Features

  • Security scanner for AI agents, MCP servers and agent skills

Use Cases

Security scanner for AI agents and MCP servers
Audit agent skills and configurations
snyk

Maintainer

LicenseApache-2.0
Languagepython
Versionv1.0.0
UpdatedMay 22, 2026
Statushealthy
Maintenanceactive

Works with

ClaudeOpenAIwindowsmacoslinux

Installation

Manual Installation

npx agent-scan

Configuration

Configuration Details

Config File

claude_desktop_config.json

Performance

Response Metrics

Response Time< 200ms
ThroughputMedium

Resource Usage

Memory UsageLow
CPU UsageLow

How to Set Up and Use Agent Scan

Agent Scan is Snyk's open-source security scanner specifically built for AI agent ecosystems — it discovers MCP server configurations across all major coding environments (Claude Desktop, Cursor, Windsurf, VS Code, Amazon Q, and others), scans them for 15+ distinct security risks including prompt injection, tool poisoning, malware payloads, and hardcoded secrets, and reports actionable findings. Security engineers and development teams use it to audit their AI toolchains before deploying agents in production, or to continuously validate that newly installed MCP servers do not introduce supply chain vulnerabilities.

Prerequisites

  • Python 3.9+ and the uv package manager installed
  • A Snyk account with an API token from https://app.snyk.io/account
  • At least one MCP client installed (Claude Desktop, Cursor, VS Code, etc.) for auto-discovery to work
  • Optional: Docker or a VM sandbox for scanning untrusted third-party MCP configurations safely
1

Obtain your Snyk API token

Log in to your Snyk account at https://app.snyk.io/account and copy your personal API token from the Account Settings page.

2

Set the SNYK_TOKEN environment variable

Export your Snyk token so that agent-scan can authenticate with the Snyk platform when checking packages and scanning results.

export SNYK_TOKEN=your-snyk-api-token-here
3

Run a full machine scan with uvx

Use uvx to run the latest agent-scan without installing it. It will auto-discover MCP server configurations across all supported tools on your machine.

uvx snyk-agent-scan@latest
4

Scan a specific MCP configuration file

Target a single config file for scanning, useful when reviewing a newly added MCP server before enabling it.

uvx snyk-agent-scan@latest ~/.config/claude/claude_desktop_config.json
5

Scan agent skills directories

In addition to MCP config files, agent-scan can audit agent skill directories for security issues.

uvx snyk-agent-scan@latest ~/.claude/skills
6

Run in CI/CD non-interactive mode

For automated pipelines, pass the --dangerously-run-mcp-servers flag to allow server execution during scanning (use only in isolated environments).

uvx snyk-agent-scan@latest --dangerously-run-mcp-servers

Agent Scan Examples

Client configuration

Add agent-scan as an MCP server so your AI assistant can trigger scans on demand.

{
  "mcpServers": {
    "agent-scan": {
      "command": "uvx",
      "args": ["snyk-agent-scan@latest", "--mcp"],
      "env": {
        "SNYK_TOKEN": "your-snyk-api-token-here"
      }
    }
  }
}

Prompts to try

Example prompts and CLI commands for security scanning workflows.

- Run: uvx snyk-agent-scan@latest (full auto-discovery scan of your machine)
- "Scan all my MCP configurations and report any prompt injection risks."
- "Check ~/.vscode/mcp.json for hardcoded secrets or malicious tool definitions."
- Run: uvx snyk-agent-scan@latest --no-skills (skip agent skills, only scan MCP configs)
- Run: uvx snyk-agent-scan@latest inspect (examine configs without executing servers)

Troubleshooting Agent Scan

Scan fails with 'authentication error' or '401 Unauthorized'

Verify that SNYK_TOKEN is exported in your current shell and contains a valid token from https://app.snyk.io/account. Tokens can expire; generate a new one if needed.

No MCP configurations are discovered even though you have Claude Desktop installed

Agent-scan looks for configs in standard locations (e.g., ~/Library/Application Support/Claude/ on macOS). If your config is in a non-standard path, pass it explicitly: 'uvx snyk-agent-scan@latest /custom/path/claude_desktop_config.json'.

Scanning reports a false positive for a trusted MCP server

Use 'uvx snyk-agent-scan@latest inspect' to review the raw detection reasoning. You can also use '--no-skills' to narrow the scan scope and isolate which finding is triggering the alert.

Frequently Asked Questions about Agent Scan

What is Agent Scan?

Agent Scan is a Model Context Protocol (MCP) server that security scanner for ai agents, mcp servers and agent skills. It connects AI assistants to external tools and data sources through a standardized interface.

How do I install Agent Scan?

Follow the installation instructions on the Agent Scan GitHub repository. Clone the repo, install dependencies, and add the server config to your AI client.

Which AI clients work with Agent Scan?

Agent Scan works with all major MCP-compatible AI clients including Claude Desktop, Claude Code, Cursor, VS Code (GitHub Copilot), Windsurf, and Cline.

Is Agent Scan free to use?

Yes, Agent Scan is open source and available under the Apache-2.0 license. You can use it freely in both personal and commercial projects.

Agent Scan Alternatives — Similar Security Servers

Looking for alternatives to Agent Scan? Here are other popular security servers you can use with Claude, Cursor, and VS Code.

Casdoor

13.6k

An open-source Agent-first Identity and Access Management (IAM) /LLM MCP & agent gateway and auth server with web UI supporting OpenClaw, MCP, OAuth, OIDC, SAML, CAS, LDAP, SCIM, WebAuthn, TOTP, MFA, Face ID, Google Workspace, Azure AD

ghidraMCP

9.0k

An Model Context Protocol server that enables LLMs to autonomously reverse engineer applications by exposing Ghidra's decompilation and analysis tools. It allows AI agents to list code structures, rename methods, and analyze binaries directly through

HexStrike AI

8.9k

HexStrike AI MCP Agents is an advanced MCP server that lets AI agents (Claude, GPT, Copilot, etc.) autonomously run 150+ cybersecurity tools for automated pentesting, vulnerability discovery, bug bounty automation, and security research. Seamlessly b

IDA Pro MCP

8.7k

Enables AI-assisted reverse engineering in IDA Pro by providing tools to analyze binaries, decompile functions, manage comments, search patterns, and interact with the IDA database through natural language.

Anthropic Cybersecurity Skills

6.6k

754 structured cybersecurity skills for AI agents · Mapped to 5 frameworks: MITRE ATT&CK, NIST CSF 2.0, MITRE ATLAS, D3FEND & NIST AI RMF · agentskills.io standard · Works with Claude Code, GitHub Copilot, Codex CLI, Cursor, Gemini CLI & 20+ platform

Hooker

5.1k

🔥🔥 hooker is a Frida-based reverse engineering toolkit for Android. It offers a user-friendly CLI, universal scripts, auto hook generation, memory roaming to detect activities/services, one-click SOCKS5 proxy setup, Frida JustTrustMe, and BoringSSL u

Browse More Security MCP Servers

Explore all security servers available in the MCPgee directory. Each server includes setup guides for Claude, Cursor, and VS Code.

Quick Config Preview

{ "mcpServers": { "agent-scan": { "command": "npx", "args": ["-y", "agent-scan"] } } }

Add this to your claude_desktop_config.json or .cursor/mcp.json

Read the full setup guide →

Ready to use Agent Scan?

Browse our complete directory of 33,000+ MCP servers, read setup guides for your editor, and start building with the Model Context Protocol.

33,000+ ServersFree & Open SourceStep-by-Step Guides