agent-bom-discover-snowflake
Discover Snowflake Cortex, Snowpark, notebook, Streamlit, MCP, and AI-observability assets from the operator's environment, emit canonical agent-bom inventory JSON, and scan it without giving agent-bom long-lived Snowflake credentials. Use when a user asks to inventory Snowflake AI or Cortex infrastructure as canonical inventory.
Best use case
agent-bom-discover-snowflake is best used when you need a repeatable AI agent workflow instead of a one-off prompt.
Discover Snowflake Cortex, Snowpark, notebook, Streamlit, MCP, and AI-observability assets from the operator's environment, emit canonical agent-bom inventory JSON, and scan it without giving agent-bom long-lived Snowflake credentials. Use when a user asks to inventory Snowflake AI or Cortex infrastructure as canonical inventory.
Teams using agent-bom-discover-snowflake should expect a more consistent output, faster repeated execution, less prompt rewriting.
When to use this skill
- You want a reusable workflow that can be run more than once with consistent structure.
When not to use this skill
- You only need a quick one-off answer and do not need a reusable workflow.
- You cannot install or maintain the underlying files, dependencies, or repository context.
Installation
Claude Code / Cursor / Codex
Manual Installation
- Download SKILL.md from GitHub
- Place it in
.claude/skills/discover-snowflake/SKILL.mdinside your project - Restart your AI agent — it will auto-discover the skill
How agent-bom-discover-snowflake Compares
| Feature / Agent | agent-bom-discover-snowflake | Standard Approach |
|---|---|---|
| Platform Support | Not specified | Limited / Varies |
| Context Awareness | High | Baseline |
| Installation Complexity | Unknown | N/A |
Frequently Asked Questions
What does this skill do?
Discover Snowflake Cortex, Snowpark, notebook, Streamlit, MCP, and AI-observability assets from the operator's environment, emit canonical agent-bom inventory JSON, and scan it without giving agent-bom long-lived Snowflake credentials. Use when a user asks to inventory Snowflake AI or Cortex infrastructure as canonical inventory.
Where can I find the source code?
You can find the source code on GitHub using the link provided at the top of the page.
SKILL.md Source
# agent-bom-discover-snowflake Use this skill to collect Snowflake AI and workload inventory as schema-valid agent-bom inventory. Default to discover-only: write JSON to an operator-selected path and stop. ## Guardrails - Use only operator-approved Snowflake accounts, warehouses, databases, and read-only roles. - Prefer SSO, OAuth, or key-pair auth. Do not request or display `SNOWFLAKE_PASSWORD`, private key contents, passphrases, or OAuth tokens. - Do not modify Snowflake resources. This workflow is discovery-only. - Write inventory only to a path the operator chose. - Treat AI-generated prose as non-authoritative; schema-validated inventory JSON is the evidence. ## Workflow ```bash python examples/operator_pull/snowflake_inventory_adapter.py \ --account "$SNOWFLAKE_ACCOUNT" \ --user "$SNOWFLAKE_USER" \ --authenticator snowflake_jwt \ --source snowflake-skill-invoked \ --discovery-method skill_invoked_pull \ --output snowflake-inventory.json ``` Scan only when the operator asks for findings: ```bash agent-bom agents --inventory snowflake-inventory.json --format json --output agent-bom-snowflake-findings.json ``` ## Evidence Contract The emitted inventory carries `discovery_provenance.source_type: skill_invoked_pull`, `observed_via: skill_invoked_pull, snowflake_sdk`, sanitized `metadata.permissions_used`, and redacted credential material. If schema validation fails, stop and fix the inventory instead of scanning a best-effort summary.
Related Skills
agent-bom-discover
Discover AI agents, MCP servers, and configurations on this machine or environment. Use when: "find agents", "what's configured", "doctor", "what MCP servers", "show me what's installed", "mcp inventory".
agent-bom-discover-gcp
Discover GCP-hosted AI agent and MCP-relevant assets from the operator's environment, emit canonical agent-bom inventory JSON, and scan it without giving agent-bom long-lived GCP credentials. Use when a user asks to inventory Vertex AI, Cloud Run, Cloud Functions, GKE, or agentic GCP infrastructure as canonical inventory.
agent-bom-discover-azure
Discover Azure-hosted AI agent and MCP-relevant assets from the operator's environment, emit canonical agent-bom inventory JSON, and scan it without giving agent-bom long-lived Azure credentials. Use when a user asks to inventory Azure OpenAI, Container Apps, AKS, Functions, ML, or agentic Azure infrastructure as canonical inventory.
agent-bom-discover-aws
Discover AWS-hosted AI agent and MCP-relevant assets from the operator's environment, emit canonical agent-bom inventory JSON, and scan it without giving agent-bom long-lived cloud credentials. Use when a user asks to inventory AWS Bedrock, ECS, SageMaker, Lambda, EKS, Step Functions, EC2, or agentic AWS infrastructure as canonical inventory. Passing that inventory to agent-bom is optional and operator-chosen.
missing-guardrail-fixture
Fixture that intentionally omits the capability guardrail contract.
agent-bom-vulnerability-intel
Use agent-bom to check package, SBOM, inventory, and agent dependency exposure against OSV, GitHub Security Advisories, NVD, EPSS, and CISA KEV with explicit data-boundary choices. Use when a user asks for CVE lookup, advisory intelligence, exploitability context, fix versions, GHSA/OSV/NVD enrichment, or package vulnerability triage.
agent-bom-troubleshoot
Diagnose issues, check prerequisites, and validate configurations. Use when: "doctor", "debug", "why failing", "validate config", "check prerequisites", "something is broken", "db status", "fix my setup".
agent-bom-scan
Open security scanner for agentic infrastructure — agents, MCP, packages, blast radius, runtime, and trust for package CVEs (OSV, NVD, EPSS, KEV), container images, provenance, filesystems, and SBOMs. Use when: "check package", "scan image", "verify", "is this safe", "scan dependencies", "CVE lookup", "blast radius".
agent-bom-scan-infra
Scan infrastructure-as-code, cloud configurations, and find secrets. Use when: "check terraform", "scan kubernetes", "IaC", "find secrets", "scan dockerfile", "cloud security", "misconfigurations".
agent-bom-runtime
AI runtime security monitoring — context graph analysis, runtime audit log correlation with CVE findings, and vulnerability analytics queries. Use when the user mentions runtime monitoring, context graphs, lateral movement analysis, audit log correlation, or vulnerability analytics.
agent-bom-registry
MCP server security registry and trust assessment — look up servers in the 427+ server security metadata registry, run pre-install marketplace checks, batch fleet risk scoring, assess skill file trust, and run SAST code scans. Use when the user mentions MCP server trust, registry lookup, marketplace check, or skill trust assessment.
agent-bom-monitor
Monitor agent fleet, track trust scores, and manage lifecycle states. Use when: "fleet", "watch agents", "runtime status", "trust scores", "fleet sync", "agent lifecycle", "serve dashboard".