agent-security-scanner-mcp 4.4.3 → 4.4.6

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
package/README.md CHANGED
@@ -4,9 +4,9 @@
4
4
 
5
5
  # agent-security-scanner-mcp
6
6
 
7
- **Security scanner for AI coding agents and autonomous assistants**
7
+ **npm audit for AI agents and MCP servers**
8
8
 
9
- Scans code for vulnerabilities, detects hallucinated packages, blocks prompt injection, and provides LLM-powered semantic code review via MCP (Claude Code, Cursor, Windsurf, Cline) or CLI (OpenClaw, CI/CD).
9
+ Scan code, MCP tools, prompts, skills, and AI-suggested dependencies before your agent trusts them. Built for Claude Code, Cursor, Windsurf, Cline, OpenClaw, and CI/CD.
10
10
 
11
11
  [![npm downloads](https://img.shields.io/npm/dt/agent-security-scanner-mcp.svg)](https://www.npmjs.com/package/agent-security-scanner-mcp)
12
12
  [![npm version](https://img.shields.io/npm/v/agent-security-scanner-mcp.svg)](https://www.npmjs.com/package/agent-security-scanner-mcp)
@@ -18,6 +18,41 @@ Scans code for vulnerabilities, detects hallucinated packages, blocks prompt inj
18
18
 
19
19
  ---
20
20
 
21
+ ## Start Here
22
+
23
+ Run the agent security smoke test on any repo:
24
+
25
+ ```bash
26
+ npx agent-security-scanner-mcp scan-project . --verbosity compact
27
+ ```
28
+
29
+ Install it into your AI coding client:
30
+
31
+ ```bash
32
+ npx agent-security-scanner-mcp init claude-code
33
+ ```
34
+
35
+ Replace `claude-code` with `cursor`, `claude-desktop`, `windsurf`, `cline`, `kilo-code`, `opencode`, or `cody`.
36
+
37
+ ### What To Run Before You Trust An Agent
38
+
39
+ ```bash
40
+ # Check the whole project and get an A-F security grade
41
+ npx agent-security-scanner-mcp scan-project . --verbosity compact
42
+
43
+ # Audit an MCP server before adding it to Claude/Cursor/Windsurf
44
+ npx agent-security-scanner-mcp scan-mcp ./path/to/mcp-server --verbosity compact
45
+
46
+ # Verify AI-suggested imports are real packages, not hallucinations
47
+ npx agent-security-scanner-mcp scan-packages ./src/app.ts npm --verbosity compact
48
+
49
+ # Add a local environment health check
50
+ npx agent-security-scanner-mcp doctor
51
+
52
+ # Add the scanner to your AI client
53
+ npx agent-security-scanner-mcp init claude-code
54
+ ```
55
+
21
56
  ## 🎯 Two Versions Available
22
57
 
23
58
  ### 🔥 ProofLayer (Lightweight) - **NEW!**
@@ -29,7 +29,7 @@
29
29
  },
30
30
  "devDependencies": {
31
31
  "@types/node": "^22.13.0",
32
- "tsx": "^4.19.0",
32
+ "tsx": "^4.22.4",
33
33
  "typescript": "^5.7.3",
34
34
  "vitest": "^4.1.0"
35
35
  }
@@ -1,7 +1,7 @@
1
1
  {
2
2
  "name": "agent-security-scanner-mcp",
3
- "version": "4.0.0",
4
- "description": "Security scanner for OpenClaw: prompt injection firewall, package hallucination detection, code vulnerability scanning, auto-fix",
3
+ "version": "4.4.6",
4
+ "description": "npm audit for AI agents and OpenClaw skills: prompt injection firewall, package hallucination detection, MCP/security scanning, and auto-fix",
5
5
  "author": "Sinewave AI",
6
6
  "license": "MIT",
7
7
  "openclaw": {
package/package.json CHANGED
@@ -1,8 +1,8 @@
1
1
  {
2
2
  "name": "agent-security-scanner-mcp",
3
- "version": "4.4.3",
3
+ "version": "4.4.6",
4
4
  "mcpName": "io.github.sinewaveai/agent-security-scanner-mcp",
5
- "description": "Security scanner MCP server for AI coding agents. Prompt injection firewall, package hallucination detection (4.3M+ packages), 1700+ vulnerability rules with AST & taint analysis, LLM-powered semantic code review, auto-fix. For Claude Code, Cursor, Windsurf, Cline, OpenClaw.",
5
+ "description": "npm audit for AI agents and MCP servers. Scan code, MCP tools, prompts, and hallucinated packages for Claude Code, Cursor, Windsurf, Cline, OpenClaw, and CI.",
6
6
  "main": "index.js",
7
7
  "type": "module",
8
8
  "bin": {
@@ -20,6 +20,9 @@
20
20
  "keywords": [
21
21
  "mcp",
22
22
  "model-context-protocol",
23
+ "npm-audit",
24
+ "agent-audit",
25
+ "agent-security-audit",
23
26
  "claude",
24
27
  "opencode",
25
28
  "kilocode",
@@ -36,6 +39,9 @@
36
39
  "hallucination-detection",
37
40
  "package-verification",
38
41
  "supply-chain-security",
42
+ "mcp-security",
43
+ "mcp-scanner",
44
+ "mcp-audit",
39
45
  "prompt-injection",
40
46
  "agent-security",
41
47
  "llm-security",
@@ -75,7 +81,7 @@
75
81
  "dependencies": {
76
82
  "@modelcontextprotocol/sdk": "^1.25.3",
77
83
  "bloom-filters": "^3.0.4",
78
- "tar": "^7.5.9",
84
+ "tar": "^7.5.16",
79
85
  "zod": "^4.3.6"
80
86
  },
81
87
  "files": [
package/server.json CHANGED
@@ -1,8 +1,8 @@
1
1
  {
2
2
  "$schema": "https://static.modelcontextprotocol.io/schemas/2025-12-11/server.schema.json",
3
3
  "name": "io.github.sinewaveai/agent-security-scanner-mcp",
4
- "description": "MCP security scanner with prompt injection firewall, package hallucination detection, LLM-powered code review, and auto-fix.",
5
- "version": "4.0.0",
4
+ "description": "npm audit for AI agents and MCP servers: scan code, MCP tools, prompts, and hallucinated packages before agents trust them.",
5
+ "version": "4.4.6",
6
6
  "transport": "stdio",
7
7
  "registry": "npm"
8
8
  }
@@ -0,0 +1,31 @@
1
+ name: Agent Security Scan
2
+
3
+ on:
4
+ pull_request:
5
+ push:
6
+ branches: [main]
7
+ schedule:
8
+ - cron: "0 9 * * 1"
9
+
10
+ permissions:
11
+ contents: read
12
+ security-events: write
13
+ pull-requests: write
14
+
15
+ jobs:
16
+ agent-security:
17
+ name: Scan AI agent, MCP, and supply-chain risk
18
+ runs-on: ubuntu-latest
19
+
20
+ steps:
21
+ - uses: actions/checkout@v4
22
+ with:
23
+ fetch-depth: 0
24
+
25
+ - uses: sinewaveai/agent-security-scanner-mcp/.github/actions/security-scan@main
26
+ with:
27
+ severity_threshold: warning
28
+ scan_packages: "true"
29
+ scan_diff_only: "true"
30
+ upload_sarif: "true"
31
+