OSS Alternative - Discover Top Open Source Alternatives to Popular Software

snyk/agent-scan

A security scanner for AI agents, MCP servers, and agent skills, detecting prompt injections and other vulnerabilities.

Core Features

Auto-discover agent components (MCP servers, skills).

Scans various AI agents (Claude, Cursor, Gemini CLI, Windsurf, etc.).

Detects 15+ distinct security risks (prompt injection, malware payloads, credential handling).

Supports scanning specific configuration files or skill directories.

Quick Start

uvx snyk-agent-scan@latest

Detailed Introduction

Snyk Agent Scan is an open-source command-line interface (CLI) tool designed to enhance the security posture of AI agent ecosystems. It automatically identifies and inventories agent components like harnesses, MCP servers, and agent skills across macOS, Linux, and Windows. The tool specializes in detecting critical vulnerabilities such as prompt injections, sensitive data handling issues, and hidden malware payloads within natural language interactions. By providing comprehensive scanning capabilities for a wide range of popular AI agents, Snyk Agent Scan helps developers and organizations proactively mitigate emerging threats in the rapidly evolving AI agent skill landscape.