{"id":"snyk-agent-scan","name":"agent-scan","homepage":null,"repo_url":"https://github.com/snyk/agent-scan","category":"security","subcategories":[],"tags":["security","agent-scan","mcp","modelcontextprotocol","supply-chain","prompt-injection","tooling","cli","python"],"what_it_does":"Command-line security scanner that inventories and scans locally installed agent components (MCP server configurations, MCP tool descriptions, and optionally agent skills) for common agent-supply-chain threats such as prompt injection, tool poisoning/shadowing, toxic flows, malware payloads, untrusted content, and credential/secret handling issues.","use_cases":["Inventorying installed agent components (MCP servers/skills) on developer endpoints","Detecting prompt injection/tool poisoning/toxic-flow patterns in MCP tool definitions and agent skills","Integrating local agent supply-chain security checks into security workflows and audits","Monitoring agent supply chain centrally via background mode (MDM/CrowdStrike) and reporting to Snyk Evo"],"not_for":["Acting as a full vulnerability scanner for arbitrary codebases unrelated to agent components","Guaranteeing that scanned components are safe (it performs pattern/verification checks rather than formal verification)","Serving as an interactive agent orchestration runtime (it is a scanner/inspector CLI)"],"best_when":"You need automated, repeatable local checks of agent components (especially MCP servers) to reduce common prompt-injection and tool-related supply-chain risks.","avoid_when":"You cannot or do not want any network verification calls (it mentions invoking an Agent Scan API for verification).","alternatives":["Snyk-related security tooling with custom checks (where available)","Static analysis/security linters adapted for agent prompts and tool schemas","In-house scanning pipelines for MCP server configurations and skill markdown/prompts"],"af_score":46.5,"security_score":46.5,"reliability_score":32.5,"package_type":"mcp_server","discovery_source":["github"],"priority":"high","status":"evaluated","version_evaluated":null,"last_evaluated":"2026-03-30T13:21:10.664344+00:00","interface":{"has_rest_api":false,"has_graphql":false,"has_grpc":false,"has_mcp_server":false,"mcp_server_url":null,"has_sdk":false,"sdk_languages":["Python"],"openapi_spec_url":null,"webhooks":false},"auth":{"methods":["Snyk API token via SNYK_TOKEN environment variable (for verification/scan API)"],"oauth":false,"scopes":false,"notes":"README indicates signing up for Snyk and using an API token. No OAuth flow or explicit scopes are described in the provided text."},"pricing":{"model":null,"free_tier_exists":false,"free_tier_limits":null,"paid_tiers":[],"requires_credit_card":false,"estimated_workload_costs":null,"notes":"Pricing is not specified in the provided content; background mode mentions contacting Snyk for setup and that large-scale API use is considered abuse."},"requirements":{"requires_signup":true,"requires_credit_card":false,"domain_verification":false,"data_residency":[],"compliance":[],"min_contract":null},"agent_readiness":{"af_score":46.5,"security_score":46.5,"reliability_score":32.5,"mcp_server_quality":40.0,"documentation_accuracy":70.0,"error_message_quality":0.0,"error_message_notes":null,"auth_complexity":80.0,"rate_limit_clarity":10.0,"tls_enforcement":20.0,"auth_strength":65.0,"scope_granularity":20.0,"dependency_hygiene":55.0,"secret_handling":70.0,"security_notes":"Security purpose is clear and it states it does not store/log MCP tool call contents/results; it also offers an opt-out flag. However, provided text does not specify transport security details for API calls, scope granularity for tokens, or explicit guidance on safe handling of secrets in logs beyond general statements. Dependencies include mcp[cli] and pyjwt, implying network/auth functionality that should be verified for TLS enforcement and secure defaults.","uptime_documented":0.0,"version_stability":60.0,"breaking_changes_history":40.0,"error_recovery":30.0,"idempotency_support":"false","idempotency_notes":null,"pagination_style":"none","retry_guidance_documented":false,"known_agent_gotchas":["Tooling scans local files and may connect to MCP servers to retrieve tool descriptions; scanning untrusted MCP servers could be risky even if output is suppressed.","Background mode sends results to a central Snyk Evo instance; ensure opt-out/storage-file settings match internal policy.","Scanning behavior may depend on local install paths and well-known client definitions; components not in those paths may not be discovered."]}}