Discovers MCP clients and servers across 22 AI tools, scans for CVEs, maps
blast radius, runs cloud CIS benchmarks, checks OWASP/NIST/MITRE compliance,
generates SBOMs, and assesses AI infrastructure against AISVS v1.0 and MAESTRO
framework layers.
pipx install agent-bom
agent-bom agents # auto-discover + scan
agent-bom check langchain==0.1.0 # check a specific package with version
agent-bom fs . # scan filesystem packages
agent-bom image nginx:1.25 # scan container image (native)
agent-bom cloud aws # AWS CIS benchmark
agent-bom iac infra/ # scan Terraform/CloudFormation
agent-bom where # show all discovery paths
{
"mcpServers": {
"agent-bom": {
"command": "uvx",
"args": ["agent-bom", "mcp", "server"]
}
}
}
| Sub-Skill | Purpose | Triggers |
|---|---|---|
| ----------- | --------- | --------- |
| discover | Find agents, MCP servers, configurations | "find agents", "what's configured", "mcp inventory" |
| scan | CVE scanning, image scanning, SBOM, provenance | "check package", "scan image", "verify", "blast radius" |
| scan-infra | IaC, cloud config, secrets scanning | "check terraform", "scan kubernetes", "find secrets" |
| enforce | Runtime policy enforcement, MCP proxy | "block risky calls", "apply policy", "proxy" |
| compliance | 14-framework compliance, SBOM generation | "compliance report", "NIST", "SOC 2", "OWASP" |
| monitor | Fleet monitoring, trust scores, lifecycle | "fleet", "watch agents", "trust scores" |
| analyze | Blast radius, attack paths, context graph | "blast radius", "threat intel", "attack path" |
| troubleshoot | Diagnostics, doctor, config validation | "doctor", "debug", "why failing", "validate config" |
| Tool | Description |
|---|---|
| ------ | ------------- |
scan | Full discovery + vulnerability scan pipeline |
check | Check a package for CVEs (OSV, NVD, EPSS, KEV) |
blast_radius | Map CVE impact chain across agents, servers, credentials |
remediate | Prioritized remediation plan for vulnerabilities |
verify | Package integrity + SLSA provenance check |
diff | Compare two scan reports (new/resolved/persistent) |
where | Show MCP client config discovery paths |
inventory | List discovered agents, servers, packages |
| Tool | Description |
|---|---|
| ------ | ------------- |
compliance | OWASP LLM/Agentic Top 10, EU AI Act, MITRE ATLAS, NIST AI RMF |
policy_check | Evaluate results against custom security policy (17 conditions) |
cis_benchmark | CIS benchmark checks (AWS, Azure v3.0, GCP v3.0, Snowflake) |
generate_sbom | Generate SBOM (CycloneDX or SPDX format) |
aisvs_benchmark | OWASP AISVS v1.0 compliance — 9 AI security checks |
| Tool | Description |
|---|---|
| ------ | ------------- |
registry_lookup | Look up MCP server in 427+ server security metadata registry |
marketplace_check | Pre-install trust check with registry cross-reference |
fleet_scan | Batch registry lookup + risk scoring for MCP server inventories |
skill_scan | Scan instruction files for package refs, trust, and findings |
skill_verify | Verify Sigstore provenance for instruction files |
skill_trust | Assess skill file trust level (5-category analysis) |
code_scan | SAST scanning via Semgrep with CWE-based compliance mapping |
| Tool | Description |
|---|---|
| ------ | ------------- |
context_graph | Agent context graph with lateral movement analysis |
analytics_query | Query vulnerability trends, posture history, and runtime events |
runtime_correlate | Cross-reference proxy audit JSONL with CVE findings, risk amplification |
vector_db_scan | Probe Qdrant/Weaviate/Chroma/Milvus for auth and exposure |
gpu_infra_scan | GPU container and K8s node inventory + unauthenticated DCGM probe (MAESTRO KC6) |
| Tool | Description |
|---|---|
| ------ | ------------- |
dataset_card_scan | Scan dataset cards for bias, licensing, and provenance issues |
training_pipeline_scan | Scan training pipeline configs for security risks |
browser_extension_scan | Scan browser extensions for risky permissions and AI domain access |
model_provenance_scan | Verify model provenance and supply chain integrity |
prompt_scan | Scan prompt templates for injection and data leakage risks |
model_file_scan | Scan model files for unsafe serialization (pickle, etc.) |
license_compliance_scan | Full SPDX license catalog scan with copyleft and network-copyleft detection |
ingest_external_scan | Import external scan results (CycloneDX/SPDX/JSON) and merge into agent-bom findings |
| Resource | Description |
|---|---|
| ---------- | ------------- |
registry://servers | Browse 427+ MCP server security metadata registry |
# Check a package before installing
check(package="@modelcontextprotocol/server-filesystem", ecosystem="npm")
# Map blast radius of a CVE
blast_radius(cve_id="CVE-2024-21538")
# Full agent discovery + scan
agents()
# Run CIS benchmark
cis_benchmark(provider="aws")
# Run AISVS v1.0 compliance
aisvs_benchmark()
# Scan vector databases for auth misconfigurations
vector_db_scan()
# Discover GPU containers, K8s GPU nodes, and unauthenticated DCGM endpoints
gpu_infra_scan()
# Scan instruction files and then inspect trust
skill_scan(path=".")
skill_trust(skill_path="./SKILL.md")
Always do:
unknown — a CVE ID with no details is still a real finding. Report what is known; mark severity as unknown explicitly.cis_benchmark) — these make live API calls to AWS/Azure/GCP using the user's credentials.UNKNOWN severity as unresolved, not benign — it means data is not yet available, not that the issue is minor.Never do:
agents() autonomously on sensitive environments without user confirmation. The autonomous_invocation policy is restricted.Stop and ask the user when:
CRITICAL CVEs — present findings and ask whether to generate a remediation plan.This skill installs agent-bom from PyPI. **Verify the redaction behavior
before running with any config files:**
# Step 1: Install
pip install agent-bom
# Step 2: Review redaction logic BEFORE scanning
# sanitize_env_vars() replaces ALL env var values with ***REDACTED***
# BEFORE any config data is processed or stored:
# https://github.com/msaad00/agent-bom/blob/main/src/agent_bom/security.py#L159
# Step 3: Review config parsing — only structural data extracted:
# https://github.com/msaad00/agent-bom/blob/main/src/agent_bom/discovery/__init__.py
# Step 4: Verify package provenance (Sigstore)
agent-bom verify agent-bom
# Step 5: Only then run scans
agent-bom agents
What is extracted: Server names, commands, args, and URLs from MCP client
config files across 22 AI tools. What is NOT extracted: Env var values are
replaced with REDACTED by sanitize_env_vars() before any processing.
Only public package names and CVE IDs are sent to vulnerability databases.
Cloud CIS checks use locally configured credentials and call only the cloud
provider's own APIs.
agent-bom verify agent-bom@0.76.4共 7 个版本