Back to Apps

Agent BOM
by msaad00
Open security scanner for AI supply chains, mapping vulnerabilities from packages to MCP servers and agent tools.
0 stars
Works in:CursorCodexWindsurf
Exposes:Tools
What it does
Provides a comprehensive security scanner for the AI supply chain. It analyzes the "blast radius" of vulnerabilities by mapping how a CVE in a package affects an MCP server, which in turn affects the AI agent and the credentials or tools it has access to.
Tools
agents: Discovers and scans local AI agents and MCP servers.image: Scans container images for OS and package CVEs.iac: Audits Infrastructure-as-Code (Dockerfile, k8s) for misconfigurations.proxy: Acts as a security proxy to inspect live MCP traffic.secrets: Scans source code for hardcoded secrets and PII.
Installation
Use the following configuration in your claude_desktop_config.json:
{
"mcpServers": {
"agent-bom": {
"command": "uvx",
"args": ["agent-bom", "mcp", "server"]
}
}
}
Supported hosts
Confirmed for Claude Desktop, Claude Code, Cursor, Codex, and Windsurf.
Quick install
pip install agent-bomInformation
- Pricing
- free
- Published
- 4/15/2026
- stars
- 0
Categories
Choose your AI client and follow the steps below.
Cursor
Add the uvx agent-bom mcp server configuration to settings.Claude Desktop
{"mcpServers": {"agent-bom": {"command": "uvx", "args": ["agent-bom", "mcp", "server"]}}}





