agent-bom-scan
Open security scanner for agentic infrastructure — agents, MCP, packages, blast radius, runtime, and trust for package CVEs (OSV, NVD, EPSS, KEV), container images, provenance, filesystems, and SBOMs. Use when: "check package", "scan image", "verify", "is this safe", "scan dependencies", "CVE lookup", "blast radius".
Best use case
agent-bom-scan is best used when you need a repeatable AI agent workflow instead of a one-off prompt.
Open security scanner for agentic infrastructure — agents, MCP, packages, blast radius, runtime, and trust for package CVEs (OSV, NVD, EPSS, KEV), container images, provenance, filesystems, and SBOMs. Use when: "check package", "scan image", "verify", "is this safe", "scan dependencies", "CVE lookup", "blast radius".
Teams using agent-bom-scan should expect a more consistent output, faster repeated execution, less prompt rewriting.
When to use this skill
- You want a reusable workflow that can be run more than once with consistent structure.
When not to use this skill
- You only need a quick one-off answer and do not need a reusable workflow.
- You cannot install or maintain the underlying files, dependencies, or repository context.
Installation
Claude Code / Cursor / Codex
Manual Installation
- Download SKILL.md from GitHub
- Place it in
.claude/skills/scan/SKILL.mdinside your project - Restart your AI agent — it will auto-discover the skill
How agent-bom-scan Compares
| Feature / Agent | agent-bom-scan | Standard Approach |
|---|---|---|
| Platform Support | Not specified | Limited / Varies |
| Context Awareness | High | Baseline |
| Installation Complexity | Unknown | N/A |
Frequently Asked Questions
What does this skill do?
Open security scanner for agentic infrastructure — agents, MCP, packages, blast radius, runtime, and trust for package CVEs (OSV, NVD, EPSS, KEV), container images, provenance, filesystems, and SBOMs. Use when: "check package", "scan image", "verify", "is this safe", "scan dependencies", "CVE lookup", "blast radius".
Where can I find the source code?
You can find the source code on GitHub using the link provided at the top of the page.
SKILL.md Source
# agent-bom-scan — AI Supply Chain Vulnerability Scanner
Checks packages for CVEs, scans container images natively, verifies package
provenance via Sigstore, scans filesystems, and generates SBOMs.
## Install
```bash
pipx install agent-bom
agent-bom agents # discover agents and scan dependencies
agent-bom check langchain==0.1.0 # check a specific package with version
agent-bom image nginx:1.25 # scan container image (native)
agent-bom fs . # scan filesystem packages
agent-bom sbom . # generate SBOM
agent-bom verify agent-bom # verify Sigstore provenance
agent-bom where # show all discovery paths
```
### As an MCP Server
```json
{
"mcpServers": {
"agent-bom": {
"command": "uvx",
"args": ["agent-bom", "mcp", "server"]
}
}
}
```
## When to Use
- "check package" / "is this package safe"
- "scan image" / "scan container"
- "verify" / "check provenance"
- "is this safe" / "CVE lookup"
- "scan dependencies"
- "blast radius"
- "generate SBOM"
## Tools (8)
| Tool | Description |
|------|-------------|
| `check` | Check a package for CVEs (OSV, NVD, EPSS, KEV) |
| `scan` | Full discovery + vulnerability scan pipeline |
| `blast_radius` | Map CVE impact chain across agents, servers, credentials |
| `remediate` | Prioritized remediation plan for vulnerabilities |
| `verify` | Package integrity + SLSA provenance check |
| `diff` | Compare two scan reports (new/resolved/persistent) |
| `where` | Show MCP client config discovery paths |
| `inventory` | List discovered agents, servers, packages |
## Examples
```
# Check a package before installing
check(package="langchain", version="0.1.0", ecosystem="pypi")
# Map blast radius of a CVE
blast_radius(cve_id="CVE-2024-21538")
# Full scan
scan()
# Verify package provenance
verify(package="agent-bom")
```
## Agentic Workflows
Use tool chains, not isolated calls, when the user asks for a decision:
| User intent | Recommended sequence | Output |
|-------------|----------------------|--------|
| "Is this MCP safe to install?" | `registry_lookup` -> `check` -> `blast_radius` when a package/version is known | concise allow/warn/block recommendation with evidence |
| "Gate this PR" | `scan` with SARIF output and fail on high/critical findings | SARIF for code scanning plus non-zero gate result |
| "Audit my fleet inventory" | validate inventory -> `scan`/`agents` with JSON output -> `context_graph` | findings plus graph-ready JSON |
| "What changed since last run?" | current scan -> `diff` against prior JSON | new/resolved/persistent findings |
| "What should I fix first?" | `scan` -> `blast_radius` -> `remediate` plan | prioritized plan only; no file writes |
Pick output by consumer: SARIF for CI, JSON for automation/graph, HTML or
Markdown for human review, CycloneDX/SPDX for SBOM consumers.
For CLI gates, prefer:
```bash
agent-bom agents --format sarif --output agent-bom.sarif --fail-on-severity high
```
## Guardrails
- Show CVEs even when NVD analysis is pending or severity is `unknown` — a CVE ID is still a real finding.
- Treat `UNKNOWN` severity as unresolved, not benign — it means data is not yet available.
- Do not modify any files, install packages, or change system configuration.
- Only public package names and CVE IDs leave the machine for vulnerability database lookups.
- Ask before scanning paths outside the user's home directory.
## Privacy & Data Handling
```bash
# Step 1: Install
pip install agent-bom
# Step 2: Review redaction logic BEFORE scanning
# sanitize_env_vars() replaces ALL env var values with ***REDACTED***
# BEFORE any config data is processed or stored:
# https://github.com/msaad00/agent-bom/blob/main/src/agent_bom/security.py#L159
# Step 3: Verify package provenance (Sigstore)
agent-bom verify agent-bom
# Step 4: Only then run scans
agent-bom agents
```
## Verification
- **Source**: [github.com/msaad00/agent-bom](https://github.com/msaad00/agent-bom) (Apache-2.0)
- **Sigstore signed**: `agent-bom verify agent-bom@0.88.5`
- **7,100+ tests** with CodeQL + OpenSSF Scorecard
- **No telemetry**: Zero tracking, zero analyticsRelated Skills
agent-bom-scan-infra
Scan infrastructure-as-code, cloud configurations, and find secrets. Use when: "check terraform", "scan kubernetes", "IaC", "find secrets", "scan dockerfile", "cloud security", "misconfigurations".
missing-guardrail-fixture
Fixture that intentionally omits the capability guardrail contract.
agent-bom-vulnerability-intel
Use agent-bom to check package, SBOM, inventory, and agent dependency exposure against OSV, GitHub Security Advisories, NVD, EPSS, and CISA KEV with explicit data-boundary choices. Use when a user asks for CVE lookup, advisory intelligence, exploitability context, fix versions, GHSA/OSV/NVD enrichment, or package vulnerability triage.
agent-bom-troubleshoot
Diagnose issues, check prerequisites, and validate configurations. Use when: "doctor", "debug", "why failing", "validate config", "check prerequisites", "something is broken", "db status", "fix my setup".
agent-bom-runtime
AI runtime security monitoring — context graph analysis, runtime audit log correlation with CVE findings, and vulnerability analytics queries. Use when the user mentions runtime monitoring, context graphs, lateral movement analysis, audit log correlation, or vulnerability analytics.
agent-bom-registry
MCP server security registry and trust assessment — look up servers in the 427+ server security metadata registry, run pre-install marketplace checks, batch fleet risk scoring, assess skill file trust, and run SAST code scans. Use when the user mentions MCP server trust, registry lookup, marketplace check, or skill trust assessment.
agent-bom-monitor
Monitor agent fleet, track trust scores, and manage lifecycle states. Use when: "fleet", "watch agents", "runtime status", "trust scores", "fleet sync", "agent lifecycle", "serve dashboard".
agent-bom-ingest
Validate and ingest operator-pushed agent-bom inventory JSON from AWS, Azure, GCP, Snowflake, CMDB, or endpoint collectors. Use when a user has canonical inventory JSON and wants local findings, graph, policy, provenance, or auditor-ready exports without giving agent-bom direct cloud credentials.
agent-bom-enforce
Enforce security policies on MCP tool calls and block dangerous operations at runtime. Use when: "block risky calls", "apply policy", "proxy", "runtime protection", "policy enforcement", "intercept MCP calls".
agent-bom-discover
Discover AI agents, MCP servers, and configurations on this machine or environment. Use when: "find agents", "what's configured", "doctor", "what MCP servers", "show me what's installed", "mcp inventory".
agent-bom-discover-snowflake
Discover Snowflake Cortex, Snowpark, notebook, Streamlit, MCP, and AI-observability assets from the operator's environment, emit canonical agent-bom inventory JSON, and scan it without giving agent-bom long-lived Snowflake credentials. Use when a user asks to inventory Snowflake AI or Cortex infrastructure as canonical inventory.
agent-bom-discover-gcp
Discover GCP-hosted AI agent and MCP-relevant assets from the operator's environment, emit canonical agent-bom inventory JSON, and scan it without giving agent-bom long-lived GCP credentials. Use when a user asks to inventory Vertex AI, Cloud Run, Cloud Functions, GKE, or agentic GCP infrastructure as canonical inventory.