snyk-agent-scan

What it does

A security scanner that discovers and analyzes agent components (MCP servers and agent skills) installed on a machine, checking for prompt injection vulnerabilities, malware payloads, hardcoded secrets, tool poisoning, toxic data flows, and other security risks. It auto-discovers configurations across multiple AI agents including Claude Desktop, Claude Code, Cursor, Windsurf, VS Code, Gemini CLI, Amazon Q, and others. The scanner reports issues across 15+ risk categories and supports machine-wide, user-level, project-scoped, and plugin-bundled configurations.

Who it's for

Security engineers and platform teams evaluating the safety of MCP servers and agent skills before integrating them with Claude or other AI agents. Also useful for developers managing multi-agent setups who need visibility into potential vulnerabilities across their entire tooling ecosystem.

Common use cases

• Audit MCP server configurations before allowing them to integrate with Claude or other agents
• Scan agent skills for credential handling issues, prompt injection vectors, or hidden malware payloads
• Inventory all installed MCP servers and skills across machines or teams
• Evaluate third-party agent components before allowing them in production environments
• Monitor for hardcoded secrets or suspicious patterns in agent extensions and skills

Setup pitfalls

• The scanner must execute MCP server startup commands to inspect tool descriptions — scanning untrusted or third-party configs risks running malicious code. Snyk recommends running scans in a sandbox (Docker container, VM, or disposable environment).
• Review consent prompts carefully before execution; they show the exact command and arguments that will be run. Use --dangerously-run-mcp-servers only in trusted environments.
• This package has 3 hardcoded secrets detected during development (present in the public repository).