Snyk Agent Scan

by Snyk

Snyk's security scanner for AI agents, MCP servers, and agent skills. Scans MCP server manifests and agent skill files for known security risks. 2,366 GitHub stars and 81 commits on main in the last 30 days.

★ 2,366·6 tools·Released OCT 2025·Apache-2.0

npx -y @snyk/agent-scan

“Snyk's security scanner for AI agents, MCP servers, and agent skills. Scans MCP server manifests and agent skill files for known security risks. 2,366 stars and 81 commits on main in the last 30 days.”
Reviewed by M. Nouriel · MAY 2026

// Connect

INSTALL THIS SERVER

Requires authenticationSNYK_TOKEN environment variable. Generate at https://app.snyk.io/account.

{
  "mcpServers": {
    "snyk-agent-scan": {
      "command": "npx",
      "args": [
        "-y",
        "@snyk/agent-scan"
      ],
      "env": {
        "SNYK_TOKEN": "YOUR_SNYK_TOKEN"
      }
    }
  }
}

PrereqNPM: `@snyk/agent-scan`. Generate SNYK_TOKEN at https://app.snyk.io/account. Path: ~/Library/Application Support/Claude/claude_desktop_config.json (macOS).

{
  "mcpServers": {
    "snyk-agent-scan": {
      "command": "npx",
      "args": [
        "-y",
        "@snyk/agent-scan"
      ],
      "env": {
        "SNYK_TOKEN": "YOUR_SNYK_TOKEN"
      }
    }
  }
}

{
  "mcpServers": {
    "snyk-agent-scan": {
      "command": "npx",
      "args": [
        "-y",
        "@snyk/agent-scan"
      ],
      "env": {
        "SNYK_TOKEN": "YOUR_SNYK_TOKEN"
      }
    }
  }
}

{
  "mcpServers": {
    "snyk-agent-scan": {
      "command": "npx",
      "args": [
        "-y",
        "@snyk/agent-scan"
      ],
      "env": {
        "SNYK_TOKEN": "YOUR_SNYK_TOKEN"
      }
    }
  }
}

{
  "mcpServers": {
    "snyk-agent-scan": {
      "command": "npx",
      "args": [
        "-y",
        "@snyk/agent-scan"
      ],
      "env": {
        "SNYK_TOKEN": "YOUR_SNYK_TOKEN"
      }
    }
  }
}

// Tools

6 TOOLS AVAILABLE

scan_mcp_server

Scan an MCP server manifest for security risks

Read

scan_agent_skill

Scan an agent skill file for prompt-injection and exfiltration risks

Read

list_findings

List recent scan findings with severity

Read

get_finding

Retrieve a specific finding with remediation guidance

Read

list_policies

List Snyk security policies applied to scans

Read

export_report

Export scan results as SARIF or JSON

Read

// Editorial Review

OUR ASSESSMENT

Strengths

Snyk official maintenance.
2,366 GitHub stars.
81 commits on main in the last 30 days.
Apache-2.0 license.
Purpose-built for MCP and agent skill security.
SARIF export integrates with standard CI security tooling.

Weaknesses

Snyk account required for full feature set; some scans need API access.
Findings are heuristic; manual security review still recommended for high-stakes deployments.
Coverage depends on Snyk's vulnerability database update cadence.

Security Notes

SNYK_TOKEN is account-scoped. Use a CI service-account token rather than personal credentials. Scan results may include sensitive context (file paths, environment variables); restrict access to scan reports to the security team.

Best For

Security teams reviewing third-party MCP servers before mounting them; CI flows that scan agent skills before deployment; auditors validating that agent stacks meet security policy.

// Technical

TECHNICAL DETAILS

Language

typescript

Transport

stdio

Clients

Claude DesktopClaude CodeCursorVS CodeWindsurf

License

Apache-2.0

GitHub

snyk/agent-scan · ★ 2,366

npm

@snyk/agent-scan

Last Release

@snyk/agent-scan (npm latest)MAY 9, 2026

First Released

OCT 1, 2025

// Adoption

ADOPTION METRICS

// GitHub Stars

2,366

// Reading this2,366 stars on snyk/agent-scan. 81 commits on main in the last 30 days.

// Popularity Rank

Globally · #1 in Security

// Reading thisPairs with Auth0, AWS IAM, AWS CloudTrail, HashiCorp Vault, Infisical, Okta, Prowler, Trivy, CrowdStrike Falcon in security. Snyk Agent Scan owns the MCP-specific scanning slot uniquely.

// How we found this server

SOURCES & VERIFICATION

We don't take any single directory's word for it. Before scoring, we cross-reference 5 public MCP sources, install the server ourselves against the clients we cover, and record when we last re-verified.

Discovered

Manual submission

First indexed MAY 9, 2026

Cross-referenced

5 directories

PulseMCP, MCP.so, Glama, Smithery, Official MCP Registry

Verified against

Claude Desktop, Cursor

Installed and tested across clients

Last re-checked

MAY 9, 2026

Weekly re-verification

// How other directories see it

The same server, 5 different lenses. We reconcile these signals into our editorial score, which is why our number sometimes diverges from a directory-aggregate star count.

Source	Their rating	Their star count	Their downloads	Last synced
AutomationSwitch This page	4.5editorial	2,366	—	MAY 9, 2026
PulseMCP	— unrated	unavailable	unavailable	MAY 9, 2026
MCP.so	— unrated	unavailable	unavailable	MAY 9, 2026
Glama	— unrated	unavailable	unavailable	MAY 9, 2026
Smithery	— unrated	unavailable	unavailable	MAY 9, 2026
Official MCP Registry	— unrated	unavailable	unavailable	MAY 9, 2026

// Counts are directory-reported; we don't adjust them. Discrepancies usually come from different snapshot times or star-caching.

// Alternatives

OTHER SECURITY MCP SERVERS

Vendor4.6

Prowler MCP

Prowler

Cloud Security Posture Management (CSPM) platform with 1000+ security checks across multiple cloud providers and 70+ compliance frameworks, exposed through MCP. Three deployment options: Prowler Cloud (recommended), local stdio, self-hosted HTTP. 13,717 stars, Apache-2.0.

8 tools★ 13,717

Official4.4

CrowdStrike Falcon MCP

CrowdStrike

Official CrowdStrike Falcon MCP server. Connect AI agents to CrowdStrike Falcon for automated security analysis and threat hunting. 148 stars and 8 commits on main in the last 30 days.

7 tools★ 148

Vendor4.3

Auth0 MCP Server

Auth0

Official Auth0 MCP server connecting Claude, Cursor, Windsurf, VS Code, and Gemini to Auth0 Management APIs. Create apps, deploy Actions, debug logs, and query users with natural-language commands. Read-only mode and tool-glob filtering supported. Beta software per Auth0.

8 tools★ 106

Official4.2

HashiCorp Vault MCP

HashiCorp

Official HashiCorp MCP for Vault: secrets, mounts, KV, and PKI management with stdio and Streamable HTTP transports. 9 commits on main in the last 30 days. MPL-2.0 with HashiCorp official-vendor signal.

9 tools★ 45

Official4.1

AWS IAM MCP

AWS Labs

Official AWS Labs MCP for IAM administration: users, roles, groups, policies, inline policies, access keys, and policy simulation. Read-only mode supported via --allow-write opt-in pattern. Apache-2.0 within awslabs/mcp monorepo.

7 tools★ 8,924

Official4

AWS CloudTrail MCP

AWS Labs

Official AWS Labs MCP for CloudTrail: 90 days of management events via lookup_events and Trino-compatible SQL queries against CloudTrail Lake Event Data Stores. 3 commits on the server path in the last 30 days. Pairs with the IAM MCP for security audit workflows.

5 tools★ 8,924

// Get in touch

DISCUSS YOUR
MCP REQUIREMENTS.

Evaluating a server, scoping an internal deployment, or working out whether MCP is the right fit at all. Start the conversation and we will point you at the right piece of the ecosystem.

Discuss Your MCP Requirements →

Snyk Agent Scan

INSTALL THIS SERVER

6 TOOLS AVAILABLE

OUR ASSESSMENT

TECHNICAL DETAILS

ADOPTION METRICS

SOURCES & VERIFICATION

OTHER SECURITY MCP SERVERS

Prowler MCP

CrowdStrike Falcon MCP

Auth0 MCP Server

HashiCorp Vault MCP

AWS IAM MCP

AWS CloudTrail MCP

DISCUSS YOURMCP REQUIREMENTS.

DISCUSS YOUR
MCP REQUIREMENTS.