agent-bom

Security scanner for AI infrastructure and supply chain — discovers MCP clients and servers, scans for CVEs, maps blast radius, generates SBOMs, runs CIS benchmarks (AWS, Azure, GCP, Snowflake), OWASP/NIST/MITRE compliance, AISVS v1.0, MAESTRO layer tagging, and vector database security checks. Use when the user mentions vulnerability scanning, MCP server trust, compliance, SBOM generation, CIS benchmarks, blast radius, or AI supply chain risk.

Safety Notice

This listing is from the official public ClawHub registry. Review SKILL.md and referenced scripts before running.

Copy this and send it to your AI assistant to learn

Install skill "agent-bom" with this command: npx skills add msaad00/agent-bom

agent-bom — AI Agent Infrastructure Security Scanner

Discovers MCP clients and servers across 22 AI tools, scans for CVEs, maps blast radius, runs cloud CIS benchmarks, checks OWASP/NIST/MITRE compliance, generates SBOMs, and assesses AI infrastructure against AISVS v1.0 and MAESTRO framework layers.

Install

pipx install agent-bom
agent-bom scan              # auto-discover + scan
agent-bom check langchain   # check a specific package
agent-bom fs .              # scan filesystem packages
agent-bom image nginx:1.25  # scan container image (native, no Syft)
agent-bom cloud aws         # AWS CIS benchmark
agent-bom iac infra/        # scan Terraform/CloudFormation
agent-bom where             # show all discovery paths

As an MCP Server

{
  "mcpServers": {
    "agent-bom": {
      "command": "uvx",
      "args": ["agent-bom", "mcp"]
    }
  }
}

Tools (32)

Vulnerability Scanning

ToolDescription
scanFull discovery + vulnerability scan pipeline
checkCheck a package for CVEs (OSV, NVD, EPSS, KEV)
blast_radiusMap CVE impact chain across agents, servers, credentials
remediatePrioritized remediation plan for vulnerabilities
verifyPackage integrity + SLSA provenance check
diffCompare two scan reports (new/resolved/persistent)
whereShow MCP client config discovery paths
inventoryList discovered agents, servers, packages

Compliance & Policy

ToolDescription
complianceOWASP LLM/Agentic Top 10, EU AI Act, MITRE ATLAS, NIST AI RMF
policy_checkEvaluate results against custom security policy (17 conditions)
cis_benchmarkCIS benchmark checks (AWS, Azure v3.0, GCP v3.0, Snowflake)
generate_sbomGenerate SBOM (CycloneDX or SPDX format)
aisvs_benchmarkOWASP AISVS v1.0 compliance — 9 AI security checks

Registry & Trust

ToolDescription
registry_lookupLook up MCP server in 427+ server security metadata registry
marketplace_checkPre-install trust check with registry cross-reference
fleet_scanBatch registry lookup + risk scoring for MCP server inventories
skill_trustAssess skill file trust level (5-category analysis)
code_scanSAST scanning via Semgrep with CWE-based compliance mapping

Runtime & Analytics

ToolDescription
context_graphAgent context graph with lateral movement analysis
analytics_queryQuery vulnerability trends, posture history, and runtime events
runtime_correlateCross-reference proxy audit JSONL with CVE findings, risk amplification
vector_db_scanProbe Qdrant/Weaviate/Chroma/Milvus for auth and exposure
gpu_infra_scanGPU container and K8s node inventory + unauthenticated DCGM probe (MAESTRO KC6)

Specialized Scans

ToolDescription
dataset_card_scanScan dataset cards for bias, licensing, and provenance issues
training_pipeline_scanScan training pipeline configs for security risks
browser_extension_scanScan browser extensions for risky permissions and AI domain access
model_provenance_scanVerify model provenance and supply chain integrity
prompt_scanScan prompt templates for injection and data leakage risks
model_file_scanScan model files for unsafe serialization (pickle, etc.)
license_compliance_scanFull SPDX license catalog scan with copyleft and network-copyleft detection
ingest_external_scanImport Trivy/Grype/Syft scan results and merge into agent-bom findings

Resources

ResourceDescription
registry://serversBrowse 427+ MCP server security metadata registry

Example Workflows

# Check a package before installing
check(package="@modelcontextprotocol/server-filesystem", ecosystem="npm")

# Map blast radius of a CVE
blast_radius(cve_id="CVE-2024-21538")

# Full scan
scan()

# Run CIS benchmark
cis_benchmark(provider="aws")

# Run AISVS v1.0 compliance
aisvs_benchmark()

# Scan vector databases for auth misconfigurations
vector_db_scan()

# Discover GPU containers, K8s GPU nodes, and unauthenticated DCGM endpoints
gpu_infra_scan()

# Assess trust of a skill file
skill_trust(skill_content="<paste SKILL.md content>")

Guardrails

Always do:

  • Show CVEs even when NVD analysis is pending or severity is unknown — a CVE ID with no details is still a real finding. Report what is known; mark severity as unknown explicitly.
  • Confirm with the user before scanning cloud environments (cis_benchmark) — these make live API calls to AWS/Azure/GCP using the user's credentials.
  • Treat UNKNOWN severity as unresolved, not benign — it means data is not yet available, not that the issue is minor.

Never do:

  • Do not modify any files, install packages, or change system configuration. This skill is read-only.
  • Do not transmit env var values, credentials, or file contents to any external service. Only package names and CVE IDs leave the machine.
  • Do not invoke scan() autonomously on sensitive environments without user confirmation. The autonomous_invocation policy is restricted.

Stop and ask the user when:

  • The user requests a cloud CIS benchmark and no cloud credentials are configured.
  • A scan finds CRITICAL CVEs — present findings and ask whether to generate a remediation plan.
  • The user asks to scan a path outside their home directory.

Supported Frameworks (14)

  • OWASP LLM Top 10 (2025) — prompt injection, supply chain, data leakage
  • OWASP MCP Top 10 — MCP-specific security risks
  • OWASP Agentic Top 10 — tool poisoning, rug pulls, credential theft
  • OWASP AISVS v1.0 — AI Security Verification Standard (9 checks)
  • MITRE ATLAS — adversarial ML threat framework
  • NIST AI RMF — govern, map, measure, manage lifecycle
  • NIST CSF 2.0 — identify, protect, detect, respond, recover
  • NIST 800-53 Rev 5 — federal security controls (CM-8, RA-5, SI-2, SR-3)
  • FedRAMP Moderate — derived from NIST 800-53 controls
  • EU AI Act — risk classification, transparency, SBOM requirements
  • ISO 27001:2022 — information security controls (Annex A)
  • SOC 2 — Trust Services Criteria
  • CIS Controls v8 — implementation groups IG1/IG2/IG3
  • CMMC 2.0 — cybersecurity maturity model (Level 1-3)

Privacy & Data Handling

This skill installs agent-bom from PyPI. Verify the redaction behavior before running with any config files:

# Step 1: Install
pip install agent-bom

# Step 2: Review redaction logic BEFORE scanning
# sanitize_env_vars() replaces ALL env var values with ***REDACTED***
# BEFORE any config data is processed or stored:
# https://github.com/msaad00/agent-bom/blob/main/src/agent_bom/security.py#L159

# Step 3: Review config parsing — only structural data extracted:
# https://github.com/msaad00/agent-bom/blob/main/src/agent_bom/discovery/__init__.py

# Step 4: Verify package provenance (Sigstore)
agent-bom verify agent-bom

# Step 5: Only then run scans
agent-bom scan

What is extracted: Server names, commands, args, and URLs from MCP client config files across 22 AI tools. What is NOT extracted: Env var values are replaced with ***REDACTED*** by sanitize_env_vars() before any processing. Only public package names and CVE IDs are sent to vulnerability databases. Cloud CIS checks use locally configured credentials and call only the cloud provider's own APIs.

Verification

  • Source: github.com/msaad00/agent-bom (Apache-2.0)
  • Sigstore signed: agent-bom verify agent-bom@0.71.0
  • 6,040+ tests with CodeQL + OpenSSF Scorecard
  • No telemetry: Zero tracking, zero analytics

Source Transparency

This detail page is rendered from real SKILL.md content. Trust labels are metadata-based hints, not a safety guarantee.

Open Registry RecordOpen in ClawHub

Related Skills

Related by shared tags or category signals.

Security

AgentShield Scanner

Scan AI agent skills, MCP servers, and plugins for security vulnerabilities. Use when: user asks to check a skill/plugin for safety, audit security, scan for...

Registry SourceRecently Updated
066
Profile unavailable
Security

Security Check

🔒 Pre-installation security verification for external code and dependencies. Automated risk analysis for GitHub repos, npm packages, PyPI libraries, and she...

Registry SourceRecently Updated
0104
Profile unavailable
Security

RepoRead

Analyze GitHub repositories using RepoRead AI. Use when the user asks to "analyze a repo", "generate docs", "security audit a repo", "create a README", or wa...

Registry SourceRecently Updated
0157
Profile unavailable