Security scanner for AI agents, MCP servers and agent skills.
Snyk Agent Scan is a Python-based security scanner, distributed via PyPI and usable as an MCP server, that audits agent components installed on a developer's machine for more than 15 distinct vulnerability classes. It auto-discovers configuration files for Claude Desktop, Claude Code, Cursor, VS Code, Windsurf, Gemini CLI, Amazon Q, and several other agents, then checks their MCP servers and agent skills for prompt injection, tool poisoning, tool shadowing, toxic flows, hardcoded secrets, malware payloads hidden in natural language, and unsafe credential handling. The tool operates in a scan mode that inspects existing configurations and an inventory mode that catalogs installed components; targeted scans of individual MCP JSON configs or skill Markdown files are also supported. A notable operational caveat is that scanning stdio MCP servers requires actually executing the commands defined in the configuration, so Snyk recommends running the tool inside a Docker container or VM when evaluating untrusted third-party configs. Security engineers, platform teams, and individual developers integrating MCP servers into their Claude or multi-agent workflows are the primary audience.
- ✓Open-source license (Apache-2.0)
- ✓Actively maintained (<30d)
- ✓Healthy fork ratio
- ✓Clear description
- ✓Topics declared
- ✓Mature repo (>1y old)
claude mcp add agent-scan -- uvx agent-scan{
"mcpServers": {
"agent-scan": {
"command": "uvx",
"args": ["agent-scan"]
}
}
}MCP Servers overview
What people ask about agent-scan
What is snyk/agent-scan?
+
snyk/agent-scan is mcp servers for the Claude AI ecosystem. Security scanner for AI agents, MCP servers and agent skills. It has 2.6k GitHub stars and was last updated today.
How do I install agent-scan?
+
You can install agent-scan by cloning the repository (https://github.com/snyk/agent-scan) or following the README instructions on GitHub. ClaudeWave also provides quick install blocks on this page.
Is snyk/agent-scan safe to use?
+
Our security agent has analyzed snyk/agent-scan and assigned a Trust Score of 100/100 (tier: Verified). See the full breakdown of passed checks and flags on this page.
Who maintains snyk/agent-scan?
+
snyk/agent-scan is maintained by snyk. The last recorded GitHub activity is from today, with 24 open issues.
Are there alternatives to agent-scan?
+
Yes. On ClaudeWave you can browse similar mcp servers at /categories/mcp, sorted by popularity or recent activity.
Deploy agent-scan to your cloud
Ship this repo to production in minutes. Each platform spins up its own environment with editable env vars.
Maintain this repo? Add a badge to your README
Drop the badge into your GitHub README to show it's tracked on ClaudeWave. Each badge links back to this page and reflects the live Trust Score.
[](https://claudewave.com/repo/snyk-agent-scan)<a href="https://claudewave.com/repo/snyk-agent-scan"><img src="https://claudewave.com/api/badge/snyk-agent-scan" alt="Featured on ClaudeWave: snyk/agent-scan" width="320" height="64" /></a>More MCP Servers
Fair-code workflow automation platform with native AI capabilities. Combine visual building with custom code, self-host or cloud, 400+ integrations.
User-friendly AI Interface (Supports Ollama, OpenAI API, ...)
An open-source AI agent that brings the power of Gemini directly into your terminal.
The fastest path to AI-powered full stack observability, even for lean teams.
🕷️ An adaptive Web Scraping framework that handles everything from a single request to a full-scale crawl!
⭐AI-driven public opinion & trend monitor with multi-platform aggregation, RSS, and smart alerts.🎯 告别信息过载,你的 AI 舆情监控助手与热点筛选工具!聚合多平台热点 + RSS 订阅,支持关键词精准筛选。AI 智能筛选新闻 + AI 翻译 + AI 分析简报直推手机,也支持接入 MCP 架构,赋能 AI 自然语言对话分析、情感洞察与趋势预测等。支持 Docker ,数据本地/云端自持。集成微信/飞书/钉钉/Telegram/邮件/ntfy/bark/slack 等渠道智能推送。