Snyk Agent Scan MCP and Skill Security Scanner
Snyk Agent Scan automatically discovers and scans AI agent components including MCP servers, agent skills, and agent harnesses for security vulnerabilities like prompt injections, tool poisoning, tool shadowing, and malware payloads. It supports Claude Code, Cursor, Windsurf, Gem
What it does
Snyk Agent Scan MCP and Skill Security Scanner
Snyk Agent Scan automatically discovers and scans AI agent components including MCP servers, agent skills, and agent harnesses for security vulnerabilities like prompt injections, tool poisoning, tool shadowing, and malware payloads. It supports Claude Code, Cursor, Windsurf, Gemini CLI, VS Code, and more.
Installation
Use the upstream install or setup path that matches your environment:
- uv run pip install -e .
- uv run -m src.agent_scan.cli
Requirements and caveats from upstream:
- <a href="https://pypi.python.org/pypi/snyk-agent-scan"><img src="https://img.shields.io/pypi/v/snyk-agent-scan.svg" alt="snyk-agent-scan"/></a>
- <a href="https://pypi.python.org/pypi/snyk-agent-scan"><img src="https://img.shields.io/pypi/l/snyk-agent-scan.svg" alt="snyk-agent-scan license"/></a>
- <a href="https://pypi.python.org/pypi/snyk-agent-scan"><img src="https://img.shields.io/pypi/pyversions/snyk-agent-scan.svg" alt="snyk-agent-scan python version requirements"/></a>
Basic usage or getting-started notes:
-
Use --dangerously-run-mcp-servers only in trusted environments where you've verified all MCP server commands
-
To get started:
-
Sign up at Snyk and get an API token from https://app.snyk.io/account (API Token → KEY → click to show).
-
Extracted from upstream docs: https://raw.githubusercontent.com/snyk/agent-scan/HEAD/README.md
Source
Capabilities
Install
Quality
deterministic score 0.45 from registry signals: · indexed on github topic:agent-skills · 8 github stars · SKILL.md body (1,622 chars)