agent-bom-registry

MCP server security registry and trust assessment — look up servers in the 427+ server security metadata registry, run pre-install marketplace checks, batch fleet risk scoring, assess skill file trust, and run SAST code scans. Use when the user mentions MCP server trust, registry lookup, marketplace check, or skill trust assessment.

Safety Notice

This listing is from the official public ClawHub registry. Review SKILL.md and referenced scripts before running.

Copy this and send it to your AI assistant to learn

Install skill "agent-bom-registry" with this command: npx skills add msaad00/agent-bom-registry

agent-bom-registry — MCP Server Trust & Security Registry

Look up MCP servers in the 427+ server security metadata registry, assess skill file trust, and run pre-install marketplace checks.

Install

pipx install agent-bom
agent-bom registry-lookup brave-search
agent-bom marketplace-check @anthropic/server-filesystem

Tools (5)

Tool	Description
`registry_lookup`	Look up MCP server in 427+ server security metadata registry
`marketplace_check`	Pre-install trust check with registry cross-reference
`fleet_scan`	Batch registry lookup + risk scoring for MCP server inventories
`skill_trust`	Assess skill file trust level (5-category analysis)
`code_scan`	SAST scanning via Semgrep with CWE-based compliance mapping

Example Workflows

# Look up a server in the registry
registry_lookup(server_name="brave-search")

# Pre-install trust check
marketplace_check(package="@modelcontextprotocol/server-filesystem")

# Assess trust of a skill file
skill_trust(skill_content="<paste SKILL.md content>")

# Batch risk scoring
fleet_scan(servers=["brave-search", "github", "slack"])

MCP Resources

Resource	Description
`registry://servers`	Browse 427+ MCP server security metadata registry

Privacy & Data Handling

Registry data is bundled in the package — lookups are in-memory string matches with zero network calls. Skill trust analysis parses content passed as a string argument (no file system access needed).

Verification

Source: github.com/msaad00/agent-bom (Apache-2.0)
6,040+ tests with CodeQL + OpenSSF Scorecard
No telemetry: Zero tracking, zero analytics

Source Transparency

This detail page is rendered from real SKILL.md content. Trust labels are metadata-based hints, not a safety guarantee.

Open Registry Record Open in ClawHub

Related Skills

Related by shared tags or category signals.

Security

Rune — Skill Mesh

Performs adversarial red-team analysis on approved plans to identify edge cases, security risks, scalability issues, error paths, and integration risks befor...

Registry SourceRecently Updated

00nhadaututtheky

Security

Clawexchange

Agent Exchange — Infrastructure for the agent economy. Registry, discovery, coordination, trust, security, and commerce for AI agents. 116 API endpoints. Fre...

Registry SourceRecently Updated

1.5K2tiborera

Security

Cybersecurity

Handle cybersecurity triage, threat modeling, secure reviews, and incident reporting with strict authorization and evidence discipline.

Registry SourceRecently Updated

00Profile unavailable

Security

Skill Scanner

Security checks for installing skills, packages, or plugins. Use BEFORE any `npm install`, `openclaw plugins install`, `clawhub install`, or similar install...

Registry SourceRecently Updated

00Profile unavailable