Look up MCP servers in the 427+ server security metadata registry, assess skill
file trust, and run pre-install marketplace checks.
pipx install agent-bom
agent-bom mcp scan @modelcontextprotocol/server-brave-search --ecosystem npm
agent-bom mcp scan @modelcontextprotocol/server-filesystem --ecosystem npm
| Tool | Description |
|---|---|
| ------ | ------------- |
registry_lookup | Look up MCP server in 427+ server security metadata registry |
marketplace_check | Pre-install trust check with registry cross-reference |
fleet_scan | Batch registry lookup + risk scoring for MCP server inventories |
skill_scan | Scan instruction files for package refs, trust, and findings |
skill_verify | Verify Sigstore provenance for instruction files |
skill_trust | Assess skill file trust level (5-category analysis) |
code_scan | SAST scanning via Semgrep with CWE-based compliance mapping |
# Look up a server in the registry
registry_lookup(server_name="brave-search")
# Pre-install trust check
marketplace_check(package="@modelcontextprotocol/server-filesystem")
# Scan instruction files and then assess a specific skill file
skill_scan(path=".")
skill_trust(skill_path="./SKILL.md")
# Batch risk scoring
fleet_scan(servers=["brave-search", "github", "slack"])
| Resource | Description |
|---|---|
| ---------- | ------------- |
registry://servers | Browse 427+ MCP server security metadata registry |
Registry data is bundled in the package — lookups are in-memory string
matches with zero network calls. Skill trust analysis parses content passed
as a string argument (no file system access needed).
共 12 个版本