Claude Skill

snyk/agent-scan

用于AI代理、MCP服务器和Claude Skill的开源安全扫描器。使用这款来自Snyk的Python工具识别漏洞,保护您的AI应用安全。

概览

Stars2,731
Forks242
语言Python
最后更新2026-07-02
最近同步2026-07-03
前往 GitHub

仓库信息

拥有者snyk
仓库agent-scan
完整名称snyk/agent-scan
Repo ID962,024,783

安装这个 Skill

uvx snyk-agent-scan@latest

Registry 信息

类型mcp_server
质量分85/100
验证状态readme_parsed
最近验证2026-05-31
平台
ClaudeMCPOpenClawCodexCursor
能力
pdfmemorysearchterminalagentaimcpmodelcontextprotocolsecurity
识别文件
README.mddocspyproject.tomltests
配置键
KEYSNYK_TOKENURL
安装方式
  • uvx snyk-agent-scan@latest
  • uvx snyk-agent-scan@latest ~/.vscode/mcp.json
  • uvx snyk-agent-scan@latest ~/path/to/my/SKILL.md
  • uvx snyk-agent-scan@latest ~/.claude/skills

项目简介

一款由Snyk开发的安全扫描器,用于识别AI代理、MCP服务器和Claude Skill中的漏洞。它帮助开发者确保其AI驱动应用与集成的安全性与完整性。

英文描述

Security scanner for AI agents, MCP servers and agent skills.

要点

  • 针对AI代理和Claude Skill的安全扫描
  • MCP服务器的漏洞检测
  • 基于Python的安全工具
  • 来自Snyk的开源项目
  • 专注于AI应用安全

使用场景

  • 保护AI代理部署安全
  • 审计MCP服务器实现
  • 扫描Claude Skill中的漏洞
  • 将安全检查集成到AI开发流程中
  • 对AI工具进行开源安全评估

README 摘要

<p align="center"> <h1 align="center"> Snyk Agent Scan </h1> </p> <p align="center"> Discover and scan agent components on your machine for prompt injections<br/> and vulnerabilities (including agents, MCP servers, skills). </p> > **NEW** Read our [technical report on the emerging threats of the agent skill eco-system](.github/reports/skills-report.pdf) published together with Agent Scan 0.4, which adds support for scanning agent skills. <p align="center"> <a href="https://pypi.python.org/pypi/snyk-agent-scan"><img src="https://img.shields.io/pypi/v/snyk-agent-scan.svg" alt="snyk-agent-scan"/></a> <a href="https://pypi.python.org/pypi/snyk-agent-scan"><img src="https://img.shields.io/pypi/l/snyk-agent-scan.svg" alt="snyk-agent-scan license"/></a> <a href="https://pypi.python.org/pypi/snyk-agent-scan"><img src="https://img.shields.io/pypi/pyversions/snyk-agent-scan.svg" alt="snyk-agent-scan python version requirements"/></a> </p> <div align="center"> <img width="1304" height="976" alt="agent-scan-pretty" src="https://github.com/user-attachments/assets/49c32115-703c-465f-bb09-1b6bae852253" /> </div> <br> Agent Scan helps you keep an inventory of all your installed agent components (harnesses, MCP servers, and skills) and scans them for common threats like prompt injections, sensitive data handling, or malware payloads hidden in natural language. Ignore analysis on skills by using `--no-skills`. ## Security Warning > **⚠️ IMPORTANT: Scanning MCP configurations will execute the commands defined in them.** > > When Agent Scan scans an MCP configuration file, it starts the stdio MCP servers by executing the commands and arguments specified in the config. This is necessary to retrieve tool descriptions and perform security analysis. > > **Recommendati

话题

探索更多

数据来自 GitHub,同步时间:2026-07-03