{"id":"snyk-agent-scan","name":"agent-scan","af_score":46.5,"security_score":46.5,"reliability_score":32.5,"what_it_does":"Command-line security scanner that inventories and scans locally installed agent components (MCP server configurations, MCP tool descriptions, and optionally agent skills) for common agent-supply-chain threats such as prompt injection, tool poisoning/shadowing, toxic flows, malware payloads, untrusted content, and credential/secret handling issues.","best_when":"You need automated, repeatable local checks of agent components (especially MCP servers) to reduce common prompt-injection and tool-related supply-chain risks.","avoid_when":"You cannot or do not want any network verification calls (it mentions invoking an Agent Scan API for verification).","last_evaluated":"2026-03-30T13:21:10.664344+00:00","has_mcp":false,"has_api":false,"auth_methods":["Snyk API token via SNYK_TOKEN environment variable (for verification/scan API)"],"has_free_tier":false,"known_gotchas":["Tooling scans local files and may connect to MCP servers to retrieve tool descriptions; scanning untrusted MCP servers could be risky even if output is suppressed.","Background mode sends results to a central Snyk Evo instance; ensure opt-out/storage-file settings match internal policy.","Scanning behavior may depend on local install paths and well-known client definitions; components not in those paths may not be discovered."],"error_quality":0.0}