Claude Skill

snyk/agent-scan

Open-source security scanner for AI agents, MCP servers, and Claude Skills. Identify vulnerabilities and secure your AI applications with this Python tool from Snyk.

Overview

Stars2,729
Forks242
LanguagePython
Last pushed2026-07-02
Last synced2026-07-03
View on GitHub

Repository

Ownersnyk
Repositoryagent-scan
Full namesnyk/agent-scan
Repo ID962,024,783

Install this Skill

uvx snyk-agent-scan@latest

Registry

Typemcp_server
Quality score85/100
Verificationreadme_parsed
Last verified2026-05-31
Platforms
ClaudeMCPOpenClawCodexCursor
Capabilities
pdfmemorysearchterminalagentaimcpmodelcontextprotocolsecurity
Detected files
README.mddocspyproject.tomltests
Config keys
KEYSNYK_TOKENURL
Install methods
  • uvx snyk-agent-scan@latest
  • uvx snyk-agent-scan@latest ~/.vscode/mcp.json
  • uvx snyk-agent-scan@latest ~/path/to/my/SKILL.md
  • uvx snyk-agent-scan@latest ~/.claude/skills

Summary

A security scanner from Snyk designed to identify vulnerabilities in AI agents, MCP servers, and Claude Skills. It helps developers ensure the safety and integrity of their AI-powered applications and integrations.

Chinese description

AI代理、MCP服务器与Claude Skill的安全扫描器。

Key features

  • Security scanning for AI agents and Claude Skills
  • Vulnerability detection for MCP servers
  • Python-based security tool
  • Open-source project from Snyk
  • Focus on AI application security

Use cases

  • Securing AI agent deployments
  • Auditing MCP server implementations
  • Scanning Claude Skills for vulnerabilities
  • Integrating security checks into AI development pipelines
  • Open-source security assessment for AI tools

README excerpt

<p align="center"> <h1 align="center"> Snyk Agent Scan </h1> </p> <p align="center"> Discover and scan agent components on your machine for prompt injections<br/> and vulnerabilities (including agents, MCP servers, skills). </p> > **NEW** Read our [technical report on the emerging threats of the agent skill eco-system](.github/reports/skills-report.pdf) published together with Agent Scan 0.4, which adds support for scanning agent skills. <p align="center"> <a href="https://pypi.python.org/pypi/snyk-agent-scan"><img src="https://img.shields.io/pypi/v/snyk-agent-scan.svg" alt="snyk-agent-scan"/></a> <a href="https://pypi.python.org/pypi/snyk-agent-scan"><img src="https://img.shields.io/pypi/l/snyk-agent-scan.svg" alt="snyk-agent-scan license"/></a> <a href="https://pypi.python.org/pypi/snyk-agent-scan"><img src="https://img.shields.io/pypi/pyversions/snyk-agent-scan.svg" alt="snyk-agent-scan python version requirements"/></a> </p> <div align="center"> <img width="1304" height="976" alt="agent-scan-pretty" src="https://github.com/user-attachments/assets/49c32115-703c-465f-bb09-1b6bae852253" /> </div> <br> Agent Scan helps you keep an inventory of all your installed agent components (harnesses, MCP servers, and skills) and scans them for common threats like prompt injections, sensitive data handling, or malware payloads hidden in natural language. Ignore analysis on skills by using `--no-skills`. ## Security Warning > **⚠️ IMPORTANT: Scanning MCP configurations will execute the commands defined in them.** > > When Agent Scan scans an MCP configuration file, it starts the stdio MCP servers by executing the commands and arguments specified in the config. This is necessary to retrieve tool descriptions and perform security analysis. > > **Recommendati

Topics

Explore more

Data from GitHub. Synced on 2026-07-03