{"id":48346946,"url":"https://github.com/go-authgate/agent-scanner","last_synced_at":"2026-04-05T07:30:25.493Z","repository":{"id":346538895,"uuid":"1189707753","full_name":"go-authgate/agent-scanner","owner":"go-authgate","description":"Security scanner for AI agents, MCP servers, and agent skills","archived":false,"fork":false,"pushed_at":"2026-03-25T11:46:22.000Z","size":189,"stargazers_count":1,"open_issues_count":2,"forks_count":0,"subscribers_count":0,"default_branch":"main","last_synced_at":"2026-03-25T11:49:26.472Z","etag":null,"topics":["ai-agent","ai-security","claude-desktop","cli","cursor","golang","mcp","mcp-server","model-context-protocol","prompt-injection","security","security-scanner","tool-poisoning","vscode"],"latest_commit_sha":null,"homepage":null,"language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/go-authgate.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":".github/FUNDING.yml","license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null},"funding":{"github":null,"patreon":null,"open_collective":null,"ko_fi":null,"tidelift":null,"community_bridge":null,"liberapay":null,"issuehunt":null,"otechie":null,"lfx_crowdfunding":null,"custom":["https://www.paypal.me/appleboy46"]}},"created_at":"2026-03-23T15:34:27.000Z","updated_at":"2026-03-24T15:54:38.000Z","dependencies_parsed_at":null,"dependency_job_id":null,"html_url":"https://github.com/go-authgate/agent-scanner","commit_stats":null,"previous_names":["go-authgate/agent-scanner"],"tags_count":null,"template":false,"template_full_name":null,"purl":"pkg:github/go-authgate/agent-scanner","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/go-authgate%2Fagent-scanner","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/go-authgate%2Fagent-scanner/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/go-authgate%2Fagent-scanner/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/go-authgate%2Fagent-scanner/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/go-authgate","download_url":"https://codeload.github.com/go-authgate/agent-scanner/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/go-authgate%2Fagent-scanner/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":31427539,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-04-05T02:22:46.605Z","status":"ssl_error","status_checked_at":"2026-04-05T02:22:33.263Z","response_time":75,"last_error":"SSL_read: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["ai-agent","ai-security","claude-desktop","cli","cursor","golang","mcp","mcp-server","model-context-protocol","prompt-injection","security","security-scanner","tool-poisoning","vscode"],"created_at":"2026-04-05T07:30:24.855Z","updated_at":"2026-04-05T07:30:25.484Z","avatar_url":"https://github.com/go-authgate.png","language":"Go","funding_links":["https://www.paypal.me/appleboy46"],"categories":[],"sub_categories":[],"readme":"# Agent Scanner\n\nSecurity scanner for AI agents, MCP servers, and agent skills. Discovers installed AI agent clients, connects to their configured MCP servers, and detects prompt injections, tool poisoning, toxic flows, and other security threats.\n\nInspired by [snyk/agent-scan](https://github.com/snyk/agent-scan), reimplemented in Go as a single static binary.\n\n## Features\n\n- **Auto-discovery** of 11+ AI agent clients (Claude Desktop, Claude Code, Cursor, VS Code, Windsurf, Gemini CLI, Kiro, Codex, etc.)\n- **MCP protocol client** supporting stdio, SSE, and streamable HTTP transports\n- **13 security rules** detecting prompt injections, tool shadowing, hardcoded secrets, malicious code, toxic flows, and more\n- **Skill scanning** for agent skill directories containing `SKILL.md`\n- **Direct scanning** from package managers (`npm:`, `pypi:`, `oci://`) and URLs (`sse://`, `streamable-http://`)\n- **MCP server mode** — run agent-scanner itself as an MCP server with background periodic scanning\n- **Cross-platform** support (macOS, Linux, Windows)\n- **Single binary** with zero runtime dependencies\n\n## Installation\n\n### From source\n\n```bash\ngit clone https://github.com/go-authgate/agent-scanner.git\ncd agent-scanner\nmake build\n```\n\nBinary will be at `bin/agent-scanner`.\n\n### Cross-platform builds\n\n```bash\nmake build_linux_amd64\nmake build_linux_arm64\nmake build_darwin_amd64\nmake build_darwin_arm64\nmake build_windows_amd64\n```\n\n## Usage\n\n### Scan (default)\n\nDiscover and scan all MCP servers on your machine:\n\n```bash\nagent-scanner scan\n```\n\nScan a specific config file:\n\n```bash\nagent-scanner scan ~/.cursor/mcp.json\n```\n\nScan a remote MCP server directly:\n\n```bash\nagent-scanner scan sse://localhost:3000/sse\nagent-scanner scan streamable-https://example.com/mcp\n```\n\nScan an npm/PyPI MCP package:\n\n```bash\nagent-scanner scan npm:@modelcontextprotocol/server-filesystem@latest\nagent-scanner scan pypi:mcp-server-sqlite@0.1.0\n```\n\n### Scan Skills\n\nScan a single skill directory (must contain `SKILL.md`):\n\n```bash\nagent-scanner scan ./path/to/my-skill\n```\n\nScan a parent directory containing multiple skills:\n\n```bash\nagent-scanner scan ./skills/\n```\n\nAuto-discover and scan skills from known client directories (e.g. `~/.claude/commands`):\n\n```bash\nagent-scanner scan --skills\n```\n\n### Inspect\n\nList tools, prompts, and resources without security analysis:\n\n```bash\nagent-scanner inspect\n```\n\n### MCP Server Mode\n\nRun agent-scanner as an MCP server, exposing `scan` and `get_scan_results` tools:\n\n```bash\nagent-scanner mcp-server\n```\n\nRun in tool-only mode (no background scanning):\n\n```bash\nagent-scanner mcp-server --tool\n```\n\nCustomize the background scan interval:\n\n```bash\nagent-scanner mcp-server --scan-interval 60\n```\n\nInstall agent-scanner into Claude Desktop configuration:\n\n```bash\nagent-scanner install-mcp-server\nagent-scanner install-mcp-server ~/.config/claude/claude_desktop_config.json\n```\n\n### Options\n\n```text\n--json                     Output results as JSON\n--skills                   Include skill directory scanning\n--verbose                  Enable verbose logging\n--server-timeout N         MCP server connection timeout in seconds (default: 10)\n--skip-ssl-verify          Disable SSL certificate verification\n--scan-all-users           Scan all user home directories\n--print-errors             Show server startup errors/tracebacks\n--print-full-descriptions  Show full entity descriptions\n--analysis-url URL         Remote verification server URL\n--control-server URL       Upload results to control server\n```\n\n### JSON output\n\n```bash\nagent-scanner scan --json | jq '.[] | .issues'\n```\n\n## Issue Codes\n\n### Critical (E-codes)\n\n| Code | Description                                  |\n| ---- | -------------------------------------------- |\n| E001 | Prompt injection in tool description         |\n| E002 | Cross-server tool reference (tool shadowing) |\n| E003 | Tool description hijacks agent behavior      |\n| E004 | Prompt injection in skill                    |\n| E005 | Suspicious download URL in skill             |\n| E006 | Malicious code patterns in skill             |\n\n### Warnings (W-codes)\n\n| Code | Description                              |\n| ---- | ---------------------------------------- |\n| W001 | Suspicious trigger words in descriptions |\n| W002 | Too many entities (\u003e100)                 |\n| W007 | Insecure credential handling             |\n| W008 | Hardcoded secrets                        |\n| W009 | Direct financial execution capability    |\n| W011 | Untrusted third-party content exposure   |\n| W012 | Unverifiable external dependencies       |\n| W013 | System service modification              |\n\n### Toxic Flows (TF-codes)\n\n| Code  | Description                                                    |\n| ----- | -------------------------------------------------------------- |\n| TF001 | Data leak flow (untrusted source → private data → public sink) |\n| TF002 | Destructive flow (untrusted source → irreversible action)      |\n\n## Supported Clients\n\n| Client         | macOS | Linux | Windows |\n| -------------- | ----- | ----- | ------- |\n| Claude Desktop | ✓     | —     | ✓       |\n| Claude Code    | ✓     | ✓     | ✓       |\n| Cursor         | ✓     | ✓     | ✓       |\n| VS Code        | ✓     | ✓     | ✓       |\n| Windsurf       | ✓     | ✓     | ✓       |\n| Gemini CLI     | ✓     | ✓     | ✓       |\n| Kiro           | ✓     | ✓     | ✓       |\n| Codex          | ✓     | ✓     | ✓       |\n| OpenCode       | ✓     | ✓     | —       |\n| OpenClaw       | ✓     | ✓     | ✓       |\n| Antigravity    | ✓     | ✓     | —       |\n\n## Architecture\n\n```text\nDiscovery → Inspect → Analyze → Report/Push\n```\n\n1. **Discovery** — Find installed AI agent clients and parse their MCP config files\n2. **Inspect** — Connect to MCP servers concurrently, extract tool/prompt/resource signatures\n3. **Analyze** — Run local security rules + optional remote ML-based analysis\n4. **Report** — Output as colored terminal text or JSON\n5. **Push** — Upload redacted results to control servers\n\n## Development\n\n```bash\nmake test       # Run tests with coverage\nmake lint       # Run golangci-lint\nmake fmt        # Format code\nmake build      # Build binary\n```\n\n## License\n\nSee [LICENSE](LICENSE) for details.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fgo-authgate%2Fagent-scanner","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fgo-authgate%2Fagent-scanner","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fgo-authgate%2Fagent-scanner/lists"}