{"id":47981591,"url":"https://github.com/signalcoding/signal-sentinel-scanner","last_synced_at":"2026-04-10T00:01:03.036Z","repository":{"id":349104590,"uuid":"1200596481","full_name":"SignalCoding/signal-sentinel-scanner","owner":"SignalCoding","description":"MCP \u0026 Agent Skill Security Scanner - OWASP Agentic AI Top 10 + MCP Top 10 Compliant. 21 security rules scanning MCP server configurations and SKILL.md packages for vulnerabilities.","archived":false,"fork":false,"pushed_at":"2026-04-07T08:08:47.000Z","size":173,"stargazers_count":0,"open_issues_count":0,"forks_count":0,"subscribers_count":0,"default_branch":"main","last_synced_at":"2026-04-07T22:03:39.254Z","etag":null,"topics":["agent-skills","agentic-ai","ai-agents","cli","dotnet","mcp","owasp","scanner","security","skill-scanning","websocket"],"latest_commit_sha":null,"homepage":"https://signalcoding.co.uk/products/sentinel-scanner/","language":"C#","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/SignalCoding.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":"SECURITY.md","support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2026-04-03T15:48:05.000Z","updated_at":"2026-04-07T08:08:55.000Z","dependencies_parsed_at":"2026-04-08T23:00:56.177Z","dependency_job_id":null,"html_url":"https://github.com/SignalCoding/signal-sentinel-scanner","commit_stats":null,"previous_names":["signalcoding/signal-sentinel-scanner"],"tags_count":5,"template":false,"template_full_name":null,"purl":"pkg:github/SignalCoding/signal-sentinel-scanner","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/SignalCoding%2Fsignal-sentinel-scanner","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/SignalCoding%2Fsignal-sentinel-scanner/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/SignalCoding%2Fsignal-sentinel-scanner/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/SignalCoding%2Fsignal-sentinel-scanner/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/SignalCoding","download_url":"https://codeload.github.com/SignalCoding/signal-sentinel-scanner/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/SignalCoding%2Fsignal-sentinel-scanner/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":31577448,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-04-08T14:31:17.711Z","status":"ssl_error","status_checked_at":"2026-04-08T14:31:17.202Z","response_time":54,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.5:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["agent-skills","agentic-ai","ai-agents","cli","dotnet","mcp","owasp","scanner","security","skill-scanning","websocket"],"created_at":"2026-04-04T11:05:59.868Z","updated_at":"2026-04-10T00:01:02.983Z","avatar_url":"https://github.com/SignalCoding.png","language":"C#","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Signal Sentinel\n\n[![License](https://img.shields.io/badge/license-Apache%202.0-blue.svg)](LICENSE)\n[![.NET](https://img.shields.io/badge/.NET-10.0-purple.svg)](https://dotnet.microsoft.com/)\n[![OWASP](https://img.shields.io/badge/OWASP-ASI%20Top%2010-green.svg)](https://owasp.org/www-project-agentic-ai-top-10/)\n\n**Signal Sentinel** is a security-first MCP (Model Context Protocol) security product family, designed to address the critical security gap in the agentic AI ecosystem.\n\n## Products\n\n| Product | Type | Description |\n|---------|------|-------------|\n| **Sentinel Scanner** | CLI Tool | Security audit tool for MCP server configurations |\n| **Sentinel Gateway** | Proxy/Firewall | Real-time security enforcement between agents and MCP servers |\n| **Sentinel Classify** | MCP Server | Document classification and sensitivity labelling |\n\n## Signal Sentinel Scanner\n\nThe Scanner is a command-line tool that audits MCP server configurations for security vulnerabilities. It produces a scored report with OWASP ASI01-ASI10 mapping and remediation guidance.\n\n### Installation\n\n```bash\n# Install as .NET global tool\ndotnet tool install -g SignalSentinel.Scanner\n\n# Or run via Docker\ndocker run signalcoding/sentinel-scanner --help\n```\n\n### Quick Start\n\n```bash\n# Auto-discover and scan all MCP configurations\nsentinel-scan --discover\n\n# Scan a specific configuration file\nsentinel-scan --config ~/.cursor/mcp.json\n\n# Scan a remote MCP server\nsentinel-scan --remote https://mcp.example.com/mcp\n\n# Generate HTML report\nsentinel-scan --discover --format html --output report.html\n\n# CI mode (exit code 1 on critical/high findings)\nsentinel-scan --discover --ci --format json\n```\n\n### Output Formats\n\n- **Markdown** (default): Human-readable report with emoji indicators\n- **JSON**: Machine-readable for CI/CD integration\n- **HTML**: Styled report with Signal Coding branding\n\n### Security Rules\n\nThe Scanner implements 10 security rules aligned with OWASP Agentic AI Top 10:\n\n| Rule | OWASP | Description |\n|------|-------|-------------|\n| SS-001 | ASI01 | Tool Poisoning Detection |\n| SS-002 | ASI02 | Overbroad Permissions Detection |\n| SS-003 | ASI03 | Missing Authentication Detection |\n| SS-004 | ASI04 | Supply Chain Vulnerability Detection |\n| SS-005 | ASI05 | Code Execution Capability Detection |\n| SS-006 | ASI06 | Memory/Context Write Access Detection |\n| SS-007 | ASI07 | Inter-Agent Communication Detection |\n| SS-008 | ASI09 | Sensitive Data Access Detection |\n| SS-009 | ASI01 | Excessive Description Length |\n| SS-010 | ASI02 | Cross-Server Attack Path Analysis |\n\n### Grading System\n\n| Grade | Description |\n|-------|-------------|\n| **A** | No critical/high findings, no attack paths |\n| **B** | No critical findings, minor issues |\n| **C** | 1-2 high findings or 1 attack path |\n| **D** | Critical findings present |\n| **F** | Multiple critical findings or attack paths |\n\n## Building from Source\n\n### Prerequisites\n\n- .NET 10 SDK\n- Git\n\n### Build\n\n```bash\ngit clone https://github.com/SignalCoding/signal-sentinel-scanner.git\ncd signal-sentinel-scanner\ndotnet build\n```\n\n### Test\n\n```bash\ndotnet test\n```\n\n### Package\n\n```bash\ndotnet pack -c Release\n```\n\n## Architecture\n\n```\nsignal-sentinel/\n├── src/\n│   ├── SignalSentinel.Core/       # Shared library (MCP protocol, security patterns)\n│   ├── SignalSentinel.Scanner/    # CLI scanner application\n│   └── SignalSentinel.Gateway/    # Proxy/firewall (Phase 2)\n├── tests/\n│   └── SignalSentinel.Scanner.Tests/\n├── deploy/\n│   ├── docker/\n│   └── azure/\n└── policies/                      # Security policy templates\n```\n\n## Contributing\n\nSee [CONTRIBUTING.md](CONTRIBUTING.md) for guidelines.\n\n## Security\n\nSee [SECURITY.md](SECURITY.md) for our security policy and responsible disclosure process.\n\n## License\n\nApache 2.0 - See [LICENSE](LICENSE) for details.\n\n## About Signal Coding Limited\n\nSignal Coding Limited builds enterprise software engineering tools with defence-grade governance. Our products are built to MOD JSP 440/656 compliance and OWASP security standards.\n\n**Website:** [signalcoding.co.uk](https://signalcoding.co.uk)\n\n---\n\nCopyright 2026 Signal Coding Limited. All rights reserved.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fsignalcoding%2Fsignal-sentinel-scanner","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fsignalcoding%2Fsignal-sentinel-scanner","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fsignalcoding%2Fsignal-sentinel-scanner/lists"}