VeridicusScan MCP Analyst
Use this skill only for the VeridicusScan MCP surface, not for changing the app code itself.
VeridicusScan is a local-first scanner and runtime-defense tool. This skill is for analyst tasks such as scanning websites, files, prompts, job-application artifacts, and agent-runtime flows through the MCP bridge.
Preconditions
- Confirm a VeridicusScan MCP server is available in the client.
- If it is not available, say so briefly and ask the user to connect the local bridge first.
- Prefer the MCP server over shelling out to app internals when both can do the task.
- Expect one active MCP session at a time. If
open_session returns session_limit_reached, tell the user another active session is still open.
High-value use cases
- Scan a public website or candidate portfolio URL before an AI agent reads it.
- Scan a local PDF, DOCX, image, or exported text artifact before model handoff.
- Triage prompt snippets or extracted page text with
scan_text. - Validate agent-memory and tool-approval flows with the runtime-defense methods.
Core workflow
- Start with
health or list_methods if availability is unclear. - Open a session with
open_session. - Run the smallest relevant scan method:
scan_url for live public HTTPS websitesscan_file for local filesscan_text for prompts, snippets, and extracted content
- Pull the report or scan result details the user actually needs.
- If
scan_file returns default_context_mode = "sanitized_only", prefer safe_context for downstream use and make clear that report surfaces are redacted by design. - If
scan_url returns non_public_network_url, explain that VeridicusScan intentionally blocks loopback, private-network, .local, .localhost, and resolved internal targets.
- Summarize:
- risk band
- risk score
- default context mode when present
- findings count
- top findings with short evidence summaries
- coverage limits or partial-scan notes
- Close the session when done unless the user is actively continuing a multi-step analysis.
Reporting rules
- Be explicit about whether a result is a likely true positive, likely false positive, or uncertain.
- If the scan is partial, explain exactly what was not covered and why that matters.
- If a result is redacted or
sanitized_only, say that explicitly instead of implying raw evidence is available. - Distinguish structural signals from semantic injection signals.
- For benign sites, do not overclaim. Say when a hit looks like tracking, accessibility, anti-bot, or app-shell markup rather than malicious prompt injection.
- Include exact MCP error codes when they change the user outcome, for example
non_public_network_url or session_limit_reached.
Runtime-defense workflow
Use these methods when the user is evaluating agent safety rather than content scanning:
ingest_memory for A1 memory ingestionretrieve_memory for A2 retrieval validationselective_disclosure and evaluate_selective_disclosure for disclosure quality and privacy checksscope_tools before planning or executionguard_plan before approving a plangate_action before approving a specific tool action
Always preserve the returned tool scope and pass the authoritative scope back into guard_plan and gate_action. Do not invent or forge scope values.
Recommended ordering for tool-governance tasks:
open_sessionscope_toolsguard_plangate_actionclose_session
Output style
- Keep summaries short and operational.
- Put findings first.
- Include exact method names when explaining how a result was obtained.
- If the user asks for verification, say which MCP method(s) you used.
- Prefer language that is useful to operators, for example security, IT, recruiting, or compliance teams, instead of purely academic scanner jargon.
References
- Read references/mcp-methods.md for the method map and sequencing guidance.
- Public workflow example for recruiting and job-application intake:
AI job application screening
- Public technical workflow example for MCP sessions and runtime guardrails:
Local MCP automation for AI agents