Agent BOM

Name: Agent BOM
Availability: InStock
Author: msaad00

by msaad00

Open security scanner for AI supply chains, mapping vulnerabilities from packages to MCP servers and agent tools.

0 stars

2 views

Works in:CursorCodexWindsurf

Exposes:Tools

View on GitHub Docs

What it does

Provides a comprehensive security scanner for the AI supply chain. It analyzes the "blast radius" of vulnerabilities by mapping how a CVE in a package affects an MCP server, which in turn affects the AI agent and the credentials or tools it has access to.

Tools

agents: Discovers and scans local AI agents and MCP servers.
image: Scans container images for OS and package CVEs.
iac: Audits Infrastructure-as-Code (Dockerfile, k8s) for misconfigurations.
proxy: Acts as a security proxy to inspect live MCP traffic.
secrets: Scans source code for hardcoded secrets and PII.

Installation

Use the following configuration in your claude_desktop_config.json:

{
  "mcpServers": {
    "agent-bom": {
      "command": "uvx",
      "args": ["agent-bom", "mcp", "server"]
    }
  }
}

Supported hosts

Confirmed for Claude Desktop, Claude Code, Cursor, Codex, and Windsurf.

Quick install

pip install agent-bom

Information

Pricing: free
Published: 4/15/2026
stars

Related Apps

Choose your AI client and follow the steps below.

Cursor

Add the uvx agent-bom mcp server configuration to settings.

Claude Desktop

{"mcpServers": {"agent-bom": {"command": "uvx", "args": ["agent-bom", "mcp", "server"]}}}