{"id":"0bdf14c9-8334-4833-bac8-b7874aa41059","shortId":"UW2qLq","kind":"skill","title":"Scan MCP servers for security findings before connecting them to agents with MCP Scanner","tagline":"Run MCP Scanner against a remote or local MCP server before trusting it, so the agent gets a bounded security review of tools, prompts, resources, dependencies, and supply-chain risk.","description":"# Scan MCP servers for security findings before connecting them to agents with MCP Scanner\n\nRun MCP Scanner against a remote or local MCP server before trusting it, so the agent gets a bounded security review of tools, prompts, resources, dependencies, and supply-chain risk.\n\n## Prerequisites\n\nPython 3.11+, uv, optional Cisco AI Defense API key, optional LLM provider key, optional VirusTotal API key\n\n## Installation\n\nUse the upstream install or setup path that matches your environment:\n- uv tool install --python 3.13 cisco-ai-mcp-scanner\n- uv tool install --python 3.13 --from git+https://github.com/cisco-ai-defense/mcp-scanner cisco-ai-mcp-scanner\n- git clone https://github.com/cisco-ai-defense/mcp-scanner\n- uv sync --python 3.13\n\nRequirements and caveats from upstream:\n- [![Python](https://img.shields.io/badge/python-3.11%2B-blue.svg)](https://www.python.org/downloads/)\n- A Python tool for scanning MCP (Model Context Protocol) servers and tools for potential security findings. The MCP Scanner combines Cisco AI Defense inspect API, YARA rules and LLM-as-a-judge to detect malicious MCP t...\n- **Vulnerable Packages Scanning**: Scan Python dependencies for known vulnerabilities (CVE/PYSEC/GHSA) using pip-audit integration.\n\nBasic usage or getting-started notes:\n- **Multiple Modes:** Run scanner as a stand-alone CLI tool or REST API server\n- A valid Cisco AI Defense API Key (optional)\n- LLM Provider API Key (optional)\n\n- Source: https://github.com/cisco-ai-defense/mcp-scanner\n- Extracted from upstream docs: https://raw.githubusercontent.com/cisco-ai-defense/mcp-scanner/HEAD/README.md\n\n## Documentation\n\n- https://blogs.cisco.com/ai/securing-the-ai-agent-supply-chain-with-ciscos-open-source-mcp-scanner\n\n## Source\n\n- [Agent Skill Exchange](https://agentskillexchange.com/skills/scan-mcp-servers-for-security-findings-before-connecting-them-to-agents-with-mcp-scanner/)","tags":["scan","mcp","servers","for","security","findings","before","connecting","them","agents","with","scanner"],"capabilities":["skill","source-agentskillexchange","skill-scan-mcp-servers-for-security-findings-before-connecting-them-to-agents-with-mcp-scanner","topic-agent-skills","topic-ai-agents","topic-ai-tools","topic-awesome-list","topic-claude-code","topic-codex","topic-cursor","topic-llm","topic-mcp","topic-npx-skills","topic-openclaw","topic-skills-catalog"],"categories":["skills"],"synonyms":[],"warnings":[],"endpointUrl":"https://skills.sh/agentskillexchange/skills/scan-mcp-servers-for-security-findings-before-connecting-them-to-agents-with-mcp-scanner","protocol":"skill","transport":"skills-sh","auth":{"type":"none","details":{"cli":"npx skills add agentskillexchange/skills","source_repo":"https://github.com/agentskillexchange/skills","install_from":"skills.sh"}},"qualityScore":"0.454","qualityRationale":"deterministic score 0.45 from registry signals: · indexed on github topic:agent-skills · 8 github stars · SKILL.md body (1,891 chars)","verified":false,"liveness":"unknown","lastLivenessCheck":null,"agentReviews":{"count":0,"score_avg":null,"cost_usd_avg":null,"success_rate":null,"latency_p50_ms":null,"narrative_summary":null,"summary_updated_at":null},"enrichmentModel":"deterministic:skill-github:v1","enrichmentVersion":1,"enrichedAt":"2026-05-18T19:12:18.518Z","embedding":null,"createdAt":"2026-05-18T13:19:09.349Z","updatedAt":"2026-05-18T19:12:18.518Z","lastSeenAt":"2026-05-18T19:12:18.518Z","tsv":"'/ai/securing-the-ai-agent-supply-chain-with-ciscos-open-source-mcp-scanner':266 '/badge/python-3.11%2b-blue.svg)](https://www.python.org/downloads/)':163 '/cisco-ai-defense/mcp-scanner':140,150,255 '/cisco-ai-defense/mcp-scanner/head/readme.md':262 '/skills/scan-mcp-servers-for-security-findings-before-connecting-them-to-agents-with-mcp-scanner/)':273 '3.11':93 '3.13':125,135,154 'agent':11,30,56,75,268 'agentskillexchange.com':272 'agentskillexchange.com/skills/scan-mcp-servers-for-security-findings-before-connecting-them-to-agents-with-mcp-scanner/)':271 'ai':97,128,143,185,242 'alon':232 'api':99,107,188,237,244,249 'audit':215 'basic':217 'blogs.cisco.com':265 'blogs.cisco.com/ai/securing-the-ai-agent-supply-chain-with-ciscos-open-source-mcp-scanner':264 'bound':33,78 'caveat':157 'chain':44,89 'cisco':96,127,142,184,241 'cisco-ai-mcp-scann':126,141 'cli':233 'clone':147 'combin':183 'connect':8,53 'context':171 'cve/pysec/ghsa':211 'defens':98,186,243 'depend':40,85,207 'detect':198 'doc':259 'document':263 'environ':120 'exchang':270 'extract':256 'find':6,51,179 'get':31,76,221 'getting-start':220 'git':137,146 'github.com':139,149,254 'github.com/cisco-ai-defense/mcp-scanner':138,148,253 'img.shields.io':162 'img.shields.io/badge/python-3.11%2b-blue.svg)](https://www.python.org/downloads/)':161 'inspect':187 'instal':109,113,123,133 'integr':216 'judg':196 'key':100,104,108,245,250 'known':209 'llm':102,193,247 'llm-as-a-judg':192 'local':22,67 'malici':199 'match':118 'mcp':2,13,16,23,47,58,61,68,129,144,169,181,200 'mode':225 'model':170 'multipl':224 'note':223 'option':95,101,105,246,251 'packag':203 'path':116 'pip':214 'pip-audit':213 'potenti':177 'prerequisit':91 'prompt':38,83 'protocol':172 'provid':103,248 'python':92,124,134,153,160,165,206 'raw.githubusercontent.com':261 'raw.githubusercontent.com/cisco-ai-defense/mcp-scanner/head/readme.md':260 'remot':20,65 'requir':155 'resourc':39,84 'rest':236 'review':35,80 'risk':45,90 'rule':190 'run':15,60,226 'scan':1,46,168,204,205 'scanner':14,17,59,62,130,145,182,227 'secur':5,34,50,79,178 'server':3,24,48,69,173,238 'setup':115 'skill':269 'skill-scan-mcp-servers-for-security-findings-before-connecting-them-to-agents-with-mcp-scanner' 'sourc':252,267 'source-agentskillexchange' 'stand':231 'stand-alon':230 'start':222 'suppli':43,88 'supply-chain':42,87 'sync':152 'tool':37,82,122,132,166,175,234 'topic-agent-skills' 'topic-ai-agents' 'topic-ai-tools' 'topic-awesome-list' 'topic-claude-code' 'topic-codex' 'topic-cursor' 'topic-llm' 'topic-mcp' 'topic-npx-skills' 'topic-openclaw' 'topic-skills-catalog' 'trust':26,71 'upstream':112,159,258 'usag':218 'use':110,212 'uv':94,121,131,151 'valid':240 'virustot':106 'vulner':202,210 'yara':189","prices":[{"id":"c48a9d47-ace5-40a0-a2c5-624cf47c09ab","listingId":"0bdf14c9-8334-4833-bac8-b7874aa41059","amountUsd":"0","unit":"free","nativeCurrency":null,"nativeAmount":null,"chain":null,"payTo":null,"paymentMethod":"skill-free","isPrimary":true,"details":{"org":"agentskillexchange","category":"skills","install_from":"skills.sh"},"createdAt":"2026-05-18T13:19:09.349Z"}],"sources":[{"listingId":"0bdf14c9-8334-4833-bac8-b7874aa41059","source":"github","sourceId":"agentskillexchange/skills/scan-mcp-servers-for-security-findings-before-connecting-them-to-agents-with-mcp-scanner","sourceUrl":"https://github.com/agentskillexchange/skills/tree/main/skills/scan-mcp-servers-for-security-findings-before-connecting-them-to-agents-with-mcp-scanner","isPrimary":false,"firstSeenAt":"2026-05-18T13:19:09.349Z","lastSeenAt":"2026-05-18T19:12:18.518Z"}],"details":{"listingId":"0bdf14c9-8334-4833-bac8-b7874aa41059","quickStartSnippet":null,"exampleRequest":null,"exampleResponse":null,"schema":null,"openapiUrl":null,"agentsTxtUrl":null,"citations":[],"useCases":[],"bestFor":[],"notFor":[],"kindDetails":{"org":"agentskillexchange","slug":"scan-mcp-servers-for-security-findings-before-connecting-them-to-agents-with-mcp-scanner","github":{"repo":"agentskillexchange/skills","stars":8,"topics":["agent-skills","ai-agents","ai-tools","awesome-list","claude-code","codex","cursor","llm","mcp","npx-skills","openclaw","skills-catalog"],"license":"mit","html_url":"https://github.com/agentskillexchange/skills","pushed_at":"2026-05-18T19:02:17Z","description":"The open catalog of AI agent skills — 2,000+ security-scanned skills for Claude Code, Cursor, Codex, and more.","skill_md_sha":"da837942c34353e553eace2daddf3d5cef6ab595","skill_md_path":"skills/scan-mcp-servers-for-security-findings-before-connecting-them-to-agents-with-mcp-scanner/SKILL.md","default_branch":"main","skill_tree_url":"https://github.com/agentskillexchange/skills/tree/main/skills/scan-mcp-servers-for-security-findings-before-connecting-them-to-agents-with-mcp-scanner"},"layout":"multi","source":"github","category":"skills","frontmatter":{"name":"Scan MCP servers for security findings before connecting them to agents with MCP Scanner","description":"Run MCP Scanner against a remote or local MCP server before trusting it, so the agent gets a bounded security review of tools, prompts, resources, dependencies, and supply-chain risk."},"skills_sh_url":"https://skills.sh/agentskillexchange/skills/scan-mcp-servers-for-security-findings-before-connecting-them-to-agents-with-mcp-scanner"},"updatedAt":"2026-05-18T19:12:18.518Z"}}