MCP-Scan: An MCP Security Scanner
@invariantlabs-ai
MCP-Scan: An MCP Security Scanner について
Security scanner for AI agents, MCP servers and agent skills.
基本情報
設定
以下の設定を使って、このサーバーを MCP 対応クライアントに追加してください。
{
"mcpServers": {
"mcp-scan": {
"command": "uvx",
"args": [
"snyk-agent-scan@latest"
]
}
}
}ツール
ツールは検出されませんでした
ツールは README から自動的に抽出されます。メンテナーは ## Tools という見出しの下に記載することで、このタブに反映できます。
概要
What is MCP-Scan: An MCP Security Scanner?
MCP-Scan (also known as Snyk Agent Scan) is a security scanner that discovers and scans agent components on your machine—including MCP servers, agent tools, and skills—for prompt injections, malware payloads, and other vulnerabilities. It is designed for developers and security teams who need to inspect the supply chain of AI agents.
How to use MCP-Scan: An MCP Security Scanner?
Obtain a Snyk API token and set it as the SNYK_TOKEN environment variable. Install uv on your system, then run uvx snyk-agent-scan@latest to auto-discover and scan all agents, MCP servers, and skills. You can also scan specific MCP configuration files or skill files by passing file paths as arguments.
Key features of MCP-Scan: An MCP Security Scanner
- Auto-discovers MCP configurations, agent tools, and skills
- Detects 15+ distinct security risks (e.g., prompt injection, tool poisoning)
- Supports scanning of Claude, Cursor, Windsurf, Gemini CLI, and more
- Interactive consent prompt before running any stdio MCP server
- Background mode for enterprise-wide monitoring via Snyk Evo
Use cases of MCP-Scan: An MCP Security Scanner
- Scan your local machine for vulnerable MCP servers and agent skills
- Integrate security into CI/CD pipelines (non‑interactive mode)
- Monitor the company‑wide agent supply chain from a central dashboard
FAQ from MCP-Scan: An MCP Security Scanner
Do I need a Snyk account to use it?
Yes. You must sign up at Snyk, obtain an API token, and set it as the SNYK_TOKEN environment variable.
What happens when scanning MCP configuration files?
Scanning an MCP config executes the commands defined in it to retrieve tool descriptions. Agent Scan prompts for user consent before starting each stdio server; for non‑interactive environments use --dangerously-run-mcp-servers.
Is my data shared with Snyk?
Yes. Skills, agent applications, tool names, and descriptions are shared with Snyk for security analysis. Agent Scan does not store or log the contents or results of MCP tool calls.
Which agents are supported?
Claude Desktop/Code, Cursor, Windsurf, VS Code, Gemini CLI, Amazon Q, and several others across macOS, Linux, and Windows.
What are the runtime requirements?
Python (via PyPI package snyk-agent-scan), the uv tool, and network access to Snyk’s API.
「開発者ツール」の他のコンテンツ
Stakpak Agent CLI
stakpakShip your code, on autopilot. An open source agent that lives on your machines 24/7 and keeps your apps running. 🦀
Deepwiki MCP Server
regenrek📖 MCP server for fetch deepwiki.com and get latest knowledge in Cursor and other Code Editors
TalkToFigma
sonnylazuardiTalkToFigma: MCP integration between AI Agent (Cursor, Claude Code, Codex) and Figma, allowing Agentic AI to communicate with Figma for reading designs and modifying them programmatically.
DevDocs by CyberAGI 🚀
cyberagiincCompletely free, private, UI based Tech Documentation MCP server. Designed for coders and software developers in mind. Easily integrate into Cursor, Windsurf, Cline, Roo Code, Claude Desktop App
test
harlancA simple,high performance and secure live media server in pure Rust (RTMP[cluster]/RTSP/WebRTC[whip/whep]/HTTP-FLV/HLS).🦀
コメント