agent-bom-registry

MCP server security registry and trust assessment — look up servers in the 427+ server security metadata registry, run pre-install marketplace checks, batch fleet risk scoring, assess skill file trust, and run SAST code scans. Use when the user mentions MCP server trust, registry lookup, marketplace check, or skill trust assessment.

Safety Notice

This listing is from the official public ClawHub registry. Review SKILL.md and referenced scripts before running.

Copy this and send it to your AI assistant to learn

Install skill "agent-bom-registry" with this command: npx skills add msaad00/agent-bom-registry

agent-bom-registry — MCP Server Trust & Security Registry

Look up MCP servers in the 427+ server security metadata registry, assess skill file trust, and run pre-install marketplace checks.

Install

pipx install agent-bom
agent-bom registry-lookup brave-search
agent-bom marketplace-check @anthropic/server-filesystem

Tools (7)

ToolDescription
registry_lookupLook up MCP server in 427+ server security metadata registry
marketplace_checkPre-install trust check with registry cross-reference
fleet_scanBatch registry lookup + risk scoring for MCP server inventories
skill_scanScan instruction files for package refs, trust, and findings
skill_verifyVerify Sigstore provenance for instruction files
skill_trustAssess skill file trust level (5-category analysis)
code_scanSAST scanning via Semgrep with CWE-based compliance mapping

Example Workflows

# Look up a server in the registry
registry_lookup(server_name="brave-search")

# Pre-install trust check
marketplace_check(package="@modelcontextprotocol/server-filesystem")

# Scan instruction files and then assess a specific skill file
skill_scan(path=".")
skill_trust(skill_path="./SKILL.md")

# Batch risk scoring
fleet_scan(servers=["brave-search", "github", "slack"])

MCP Resources

ResourceDescription
registry://serversBrowse 427+ MCP server security metadata registry

Privacy & Data Handling

Registry data is bundled in the package — lookups are in-memory string matches with zero network calls. Skill trust analysis parses content passed as a string argument (no file system access needed).

Verification

  • Source: github.com/msaad00/agent-bom (Apache-2.0)
  • 7,100+ tests with CodeQL + OpenSSF Scorecard
  • No telemetry: Zero tracking, zero analytics

Source Transparency

This detail page is rendered from real SKILL.md content. Trust labels are metadata-based hints, not a safety guarantee.

Open Registry RecordOpen in ClawHub

Related Skills

Related by shared tags or category signals.

Security

Network AI

Local Python orchestration skill: multi-agent workflows via shared blackboard file, permission gating, token budget scripts, and persistent project context....

Registry SourceRecently Updated
2.4K6jovancoding
Security

Docker Pilot

Safe, intelligent Docker container management — fleet status, lifecycle operations, cleanup, compose stacks, troubleshooting, and security hardening. Classif...

Registry SourceRecently Updated
00wahajahmed010
Security

AgentTrust — Security Scanner for AI Skills

Scan AI skills for malware, injections, data leaks, verify integrity, and check agent wallet reputation without API keys or accounts.

Registry SourceRecently Updated
870poteshniy
Security

Mastercard Corp

Mastercard is a global payment network processing $9+ trillion annually, diversifying into cybersecurity, data analytics, and loyalty to reduce swipe fee dep...

Registry SourceRecently Updated
00hanxueyuan