Claude Skill
snyk/agent-scan
Open-source security scanner for AI agents, MCP servers, and Claude Skills. Identify vulnerabilities and secure your AI applications with this Python tool from Snyk.
Overview
Repository
Install this Skill
uvx snyk-agent-scan@latestRegistry
uvx snyk-agent-scan@latestuvx snyk-agent-scan@latest ~/.vscode/mcp.jsonuvx snyk-agent-scan@latest ~/path/to/my/SKILL.mduvx snyk-agent-scan@latest ~/.claude/skills
Summary
A security scanner from Snyk designed to identify vulnerabilities in AI agents, MCP servers, and Claude Skills. It helps developers ensure the safety and integrity of their AI-powered applications and integrations.
AI代理、MCP服务器与Claude Skill的安全扫描器。
Key features
- Security scanning for AI agents and Claude Skills
- Vulnerability detection for MCP servers
- Python-based security tool
- Open-source project from Snyk
- Focus on AI application security
Use cases
- Securing AI agent deployments
- Auditing MCP server implementations
- Scanning Claude Skills for vulnerabilities
- Integrating security checks into AI development pipelines
- Open-source security assessment for AI tools
README excerpt
<p align="center"> <h1 align="center"> Snyk Agent Scan </h1> </p> <p align="center"> Discover and scan agent components on your machine for prompt injections<br/> and vulnerabilities (including agents, MCP servers, skills). </p> > **NEW** Read our [technical report on the emerging threats of the agent skill eco-system](.github/reports/skills-report.pdf) published together with Agent Scan 0.4, which adds support for scanning agent skills. <p align="center"> <a href="https://pypi.python.org/pypi/snyk-agent-scan"><img src="https://img.shields.io/pypi/v/snyk-agent-scan.svg" alt="snyk-agent-scan"/></a> <a href="https://pypi.python.org/pypi/snyk-agent-scan"><img src="https://img.shields.io/pypi/l/snyk-agent-scan.svg" alt="snyk-agent-scan license"/></a> <a href="https://pypi.python.org/pypi/snyk-agent-scan"><img src="https://img.shields.io/pypi/pyversions/snyk-agent-scan.svg" alt="snyk-agent-scan python version requirements"/></a> </p> <div align="center"> <img width="1304" height="976" alt="agent-scan-pretty" src="https://github.com/user-attachments/assets/49c32115-703c-465f-bb09-1b6bae852253" /> </div> <br> Agent Scan helps you keep an inventory of all your installed agent components (harnesses, MCP servers, and skills) and scans them for common threats like prompt injections, sensitive data handling, or malware payloads hidden in natural language. Ignore analysis on skills by using `--no-skills`. ## Security Warning > **⚠️ IMPORTANT: Scanning MCP configurations will execute the commands defined in them.** > > When Agent Scan scans an MCP configuration file, it starts the stdio MCP servers by executing the commands and arguments specified in the config. This is necessary to retrieve tool descriptions and perform security analysis. > > **Recommendati