Rating
Votes
0
score
Downloads
0
total
Price
Free
Access token required
Works With
About
Snyk Agent Scan
Discover and scan agent components on your machine for prompt injections and vulnerabilities (including agents, MCP servers, skills).
NEW Read our technical report on the emerging threats of the agent skill eco-system published together with Agent Scan 0.4, which adds support for scanning agent skills.
Agent Scan helps you keep an inventory of all your installed agent components (harnesses, MCP servers, and skills) and scans them for common threats like prompt injections, sensitive data handling, or malware payloads hidden in natural language. By default it focuses on MCP servers; add --skills to autodiscover and scan agent skills.
Highlights
- Auto-discover MCP configurations, agent tools, skills
- Scanning of Claude, Cursor, Windsurf, Gemini CLI, and other agents.
- Detects 15+ distinct security risks across MCP servers and agent skills:
- MCP: Prompt Injection, Tool Poisoning, Tool Shadowing, Toxic Flows
- Skills: Prompt Injection, Malware Payloads, Untrusted Content, Credential Handling, Hardcoded Secrets
Supported agents and capabilities
Agent Scan auto-discovers agents and their capabilities (MCP servers or skills) when their install paths exist. The table reflects well-known agent definitions.
- ✓: at least one path is defined for that capability.
- ✗: the agent is listed for that OS but has no paths for that capability.
- —: that agent is not included for that OS.
- Skills columns apply when using
--skills.
| Agent | macOS MCP | macOS Skills | Linux MCP | Linux Skills | Windows MCP | Windows Skills |
|---|---|---|---|---|---|---|
| Windsurf | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ |
| Cursor | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ |
| VS Code | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ |
| Claude Desktop | ✓ | ✗ | — | — | ✓ | ✗ |
| Claude Code | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ |
| Gemini CLI | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ |
| OpenClaw | ✗ | ✓ | ✗ | ✓ | ✗ | ✓ |
| Kiro | ✓ | ✗ | ✓ | ✗ | ✓ | ✗ |
| OpenCode | ✗ | ✗ | ✗ | ✗ | ✗ | ✗ |
| Antigravity | ✓ | ✗ | ✓ | ✗ | ✓ | ✗ |
| Codex | ✗ | ✓ | ✗ | ✓ | — | — |
| Amazon Q | ✓ | ✗ | ✓ | ✗ | ✗ | ✗ |
Quick Start
To get started:
- 1.Sign up at [Snyk](https://snyk.io) and get an API token from https://app.snyk.io/account (API Token → KEY → click to show).
- 2.Set the token as an environment variable before running any scan:
```bash
export SNYK_TOKEN=your-api-token-here
```
- 1.Have uv installed on your system.
Scanning
Don't lose this
Three weeks from now, you'll want Agent Scan again. Will you remember where to find it?
Save it to your library and the next time you need Agent Scan, it’s one tap away — from any AI app you use. Group it into a bench with the rest of the team for that kind of task and you can pull the whole stack at once.
⚡ Pro tip for geeks: add a-gnt 🤵🏻♂️ as a custom connector in Claude or a custom GPT in ChatGPT — one click and your library is right there in the chat. Or, if you’re in an editor, install the a-gnt MCP server and say “use my [bench name]” in Claude Code, Cursor, VS Code, or Windsurf.
a-gnt's Take
Our honest review
This plugs directly into your AI and gives it new abilities it didn't have before. Security scanner for AI agents, MCP servers and agent skills. Once connected, just ask your AI to use it. It's completely free and works across most major AI apps. This one just landed in the catalog — worth trying while it's fresh.
Tips for getting started
Tap "Get" above, pick your AI app, and follow the steps. Most installs take under 30 seconds.
What's New
Imported from GitHub
Ratings & Reviews
0.0
out of 5
0 ratings
No reviews yet. Be the first to share your experience.