Claude Skill
snyk/agent-scan
用于AI代理、MCP服务器和Claude Skill的开源安全扫描器。使用这款来自Snyk的Python工具识别漏洞,保护您的AI应用安全。
概览
仓库信息
安装这个 Skill
uvx snyk-agent-scan@latestRegistry 信息
uvx snyk-agent-scan@latestuvx snyk-agent-scan@latest ~/.vscode/mcp.jsonuvx snyk-agent-scan@latest ~/path/to/my/SKILL.mduvx snyk-agent-scan@latest ~/.claude/skills
项目简介
一款由Snyk开发的安全扫描器,用于识别AI代理、MCP服务器和Claude Skill中的漏洞。它帮助开发者确保其AI驱动应用与集成的安全性与完整性。
Security scanner for AI agents, MCP servers and agent skills.
要点
- 针对AI代理和Claude Skill的安全扫描
- MCP服务器的漏洞检测
- 基于Python的安全工具
- 来自Snyk的开源项目
- 专注于AI应用安全
使用场景
- 保护AI代理部署安全
- 审计MCP服务器实现
- 扫描Claude Skill中的漏洞
- 将安全检查集成到AI开发流程中
- 对AI工具进行开源安全评估
README 摘要
<p align="center"> <h1 align="center"> Snyk Agent Scan </h1> </p> <p align="center"> Discover and scan agent components on your machine for prompt injections<br/> and vulnerabilities (including agents, MCP servers, skills). </p> > **NEW** Read our [technical report on the emerging threats of the agent skill eco-system](.github/reports/skills-report.pdf) published together with Agent Scan 0.4, which adds support for scanning agent skills. <p align="center"> <a href="https://pypi.python.org/pypi/snyk-agent-scan"><img src="https://img.shields.io/pypi/v/snyk-agent-scan.svg" alt="snyk-agent-scan"/></a> <a href="https://pypi.python.org/pypi/snyk-agent-scan"><img src="https://img.shields.io/pypi/l/snyk-agent-scan.svg" alt="snyk-agent-scan license"/></a> <a href="https://pypi.python.org/pypi/snyk-agent-scan"><img src="https://img.shields.io/pypi/pyversions/snyk-agent-scan.svg" alt="snyk-agent-scan python version requirements"/></a> </p> <div align="center"> <img width="1304" height="976" alt="agent-scan-pretty" src="https://github.com/user-attachments/assets/49c32115-703c-465f-bb09-1b6bae852253" /> </div> <br> Agent Scan helps you keep an inventory of all your installed agent components (harnesses, MCP servers, and skills) and scans them for common threats like prompt injections, sensitive data handling, or malware payloads hidden in natural language. Ignore analysis on skills by using `--no-skills`. ## Security Warning > **⚠️ IMPORTANT: Scanning MCP configurations will execute the commands defined in them.** > > When Agent Scan scans an MCP configuration file, it starts the stdio MCP servers by executing the commands and arguments specified in the config. This is necessary to retrieve tool descriptions and perform security analysis. > > **Recommendati