MCP App StoreMCP App StoreAgent BOM Monitor provides fleet-wide visibility into agents and AI infrastructure. It collects local scan state to compute trust scores, lists agents and health status, and can run a local dashboard for continuous monitoring. The tool is read-only by default and focuses on visibility and risk surfacing rather than automated remediation.
Use this skill when you need to assess the health and trustworthiness of your agent ecosystem, perform periodic fleet syncs, or run a local dashboard for audits and investigative work. It's useful for security engineers, platform teams, and operators maintaining multiple agents or services.
agent-bom fleet sync to refresh state, agent-bom fleet list to view trust scores, and agent-bom serve to open the dashboard locally.Designed to be used alongside OpenClaw / local operator agents and works on macOS, Linux, and Windows. It requires Python 3.11+ and is oriented toward security and ops workflows.
Agent BOM Monitor provides fleet monitoring, trust score tracking, and a local dashboard for AI agent infrastructure. No bundled scripts — relies entirely on the external `agent-bom` CLI tool installed via pipx. SKILL.md is well-structured with comprehensive frontmatter and clear guardrails, but the examples use pseudo-function syntax inconsistent with the bash commands.
agent-bom (pipx package, not installed)No scripts to execute. Skill is essentially a wrapper that instructs the agent to use an external CLI tool. Frontmatter metadata is thorough (credential_policy, data_flow, telemetry=false, privilege_escalation=false). Clean security posture — localhost-only dashboard, no data exfiltration, read-only fleet monitoring. Niche but legitimate use case for multi-agent ops teams.
Reverse Engineer
Provides step-by-step guidance and best practices for binary reverse engineering: static analysis, dynamic tracing, disassembly, and documentation workflows for
Sandbox0 Integration
Guidance and templates for integrating Sandbox0 sandboxing into AI agents — CLI/SDK patterns, templates, volumes, network policy, and deployment choices.
CTF Write-up Generator
Generate a concise, reproducible submission-style CTF writeup with a one-path solution script, metadata, and a short checklist for fast verification.
Azure External Attack Surface Management
Provides expert guidance for Azure External Attack Surface Management (EASM): quotas, configuration, integrations, and exporting inventory to analytics platform
Node.js Best Practices
Guidelines and decision-making for Node.js architecture, runtime, async patterns, security, validation, and testing to inform framework and system choices.
radar — Smart Contract AST & Security Analysis
Multi-framework AST generator and static analysis tool for smart contracts (Rust/Anchor/Stylus and Solidity/Foundry) with a template DSL for writing detection r
Bash Pro
Defensive, production-grade Bash scripting patterns and CI/CD best practices: strict mode, safe argument parsing, testing with Bats, and tooling (ShellCheck/shf
Analyzing Ransomware Leak Site Intelligence
Collect and analyze ransomware data-leak site (DLS) posts to extract victim, group, sector and geographic trends for threat intelligence and proactive defense.