agent-security-scanner-mcp 4.4.4 → 4.4.7

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
package/README.md CHANGED
@@ -4,9 +4,9 @@
4
4
 
5
5
  # agent-security-scanner-mcp
6
6
 
7
- **Security scanner for AI coding agents and autonomous assistants**
7
+ **npm audit for AI agents and MCP servers**
8
8
 
9
- Scans code for vulnerabilities, detects hallucinated packages, blocks prompt injection, and provides LLM-powered semantic code review via MCP (Claude Code, Cursor, Windsurf, Cline) or CLI (OpenClaw, CI/CD).
9
+ Scan code, MCP tools, prompts, skills, and AI-suggested dependencies before your agent trusts them. Built for Claude Code, Cursor, Windsurf, Cline, OpenClaw, and CI/CD.
10
10
 
11
11
  [![npm downloads](https://img.shields.io/npm/dt/agent-security-scanner-mcp.svg)](https://www.npmjs.com/package/agent-security-scanner-mcp)
12
12
  [![npm version](https://img.shields.io/npm/v/agent-security-scanner-mcp.svg)](https://www.npmjs.com/package/agent-security-scanner-mcp)
@@ -18,6 +18,47 @@ Scans code for vulnerabilities, detects hallucinated packages, blocks prompt inj
18
18
 
19
19
  ---
20
20
 
21
+ ## Start Here
22
+
23
+ Run the agent security smoke test on any repo:
24
+
25
+ ```bash
26
+ npx agent-security-scanner-mcp scan-project . --verbosity compact
27
+ ```
28
+
29
+ Install it into your AI coding client:
30
+
31
+ ```bash
32
+ npx agent-security-scanner-mcp init claude-code
33
+ ```
34
+
35
+ Replace `claude-code` with `cursor`, `claude-desktop`, `windsurf`, `cline`, `kilo-code`, `opencode`, or `cody`.
36
+
37
+ Add the GitHub Actions workflow:
38
+
39
+ ```bash
40
+ npx agent-security-scanner-mcp init-ci github
41
+ ```
42
+
43
+ ### What To Run Before You Trust An Agent
44
+
45
+ ```bash
46
+ # Check the whole project and get an A-F security grade
47
+ npx agent-security-scanner-mcp scan-project . --verbosity compact
48
+
49
+ # Audit an MCP server before adding it to Claude/Cursor/Windsurf
50
+ npx agent-security-scanner-mcp scan-mcp ./path/to/mcp-server --verbosity compact
51
+
52
+ # Verify AI-suggested imports are real packages, not hallucinations
53
+ npx agent-security-scanner-mcp scan-packages ./src/app.ts npm --verbosity compact
54
+
55
+ # Add a local environment health check
56
+ npx agent-security-scanner-mcp doctor
57
+
58
+ # Add the scanner to your AI client
59
+ npx agent-security-scanner-mcp init claude-code
60
+ ```
61
+
21
62
  ## 🎯 Two Versions Available
22
63
 
23
64
  ### 🔥 ProofLayer (Lightweight) - **NEW!**
@@ -63,6 +104,8 @@ Continue reading below for full version documentation →
63
104
 
64
105
  ---
65
106
 
107
+ > **New in v4.4.7 (2026-07-07):** CI adoption improvements — added `init-ci github` to install the GitHub Actions workflow from the CLI, and scheduled GitHub Action runs now automatically scan the full project instead of only the latest diff. Package hallucination checks also use all tracked source files during full-project runs.
108
+ >
66
109
  > **New in v4.3.0 (2026-05-05):** Critical security and reliability fixes — GitHub Actions now **fail closed** instead of fail-open when scanner output is invalid (preventing security gate bypass), patched **8 Hono CVEs** (XSS, path traversal, authentication bypass), fixed confidence threshold filtering case sensitivity, and corrected SARIF generation for GitHub Code Scanning. All fixes include comprehensive regression tests. **Upgrade recommended for production use.** [See Full Changelog](CHANGELOG.md#430---2026-05-05).
67
110
  >
68
111
  > **New in v4.2.0:** Compliance evidence collection — evaluate projects against SOC2-Technical (8 controls) and GDPR-Technical (6 controls) frameworks. Collects evidence from code scans, SBOM, vulnerability checks, and hallucination detection, then evaluates controls with pass/partial/fail/not_evaluated status. Supports evidence persistence for audit trails. [See Compliance Evaluation](#-compliance-evaluation-new-in-v420).
@@ -1311,6 +1354,9 @@ npx agent-security-scanner-mcp check-package flask pypi
1311
1354
  # Scan file imports for hallucinated packages
1312
1355
  npx agent-security-scanner-mcp scan-packages ./requirements.txt pypi
1313
1356
 
1357
+ # Install the GitHub Actions workflow
1358
+ npx agent-security-scanner-mcp init-ci github
1359
+
1314
1360
  # Install Claude Code hooks for automatic scanning
1315
1361
  npx agent-security-scanner-mcp init-hooks
1316
1362
 
@@ -1598,6 +1644,13 @@ All MCP tools support a `verbosity` parameter to minimize context window consump
1598
1644
 
1599
1645
  ## Changelog
1600
1646
 
1647
+ ### v4.4.7 (2026-07-07) - CI Adoption
1648
+
1649
+ - **New CLI command:** `init-ci github` installs the public GitHub Actions workflow template into `.github/workflows/agent-security.yml`.
1650
+ - **Safer scheduled scans:** Scheduled GitHub Action runs now force full-project scanning even when pull requests use diff-only mode.
1651
+ - **Better package checks in CI:** Full-project runs verify imports from all tracked source files instead of only changed files.
1652
+ - **Regression coverage:** Added tests for the CI installer and scheduled full-project action behavior.
1653
+
1601
1654
  ### v4.2.0 (2026-04-02) - Compliance Evidence Collection
1602
1655
 
1603
1656
  **🚀 New Feature: SOC2/GDPR Technical Compliance Evaluation**
package/index.js CHANGED
@@ -570,6 +570,12 @@ const cliArgs = process.argv.slice(2);
570
570
  console.error(` Error: ${err.message}\n`);
571
571
  process.exit(1);
572
572
  });
573
+ } else if (cliArgs[0] === 'init-ci') {
574
+ const { runInitCi } = await import('./src/cli/init-ci.js');
575
+ runInitCi(cliArgs.slice(1)).then(() => process.exit(0)).catch(err => {
576
+ console.error(` Error: ${err.message}\n`);
577
+ process.exit(1);
578
+ });
573
579
  } else if (cliArgs[0] === 'harden') {
574
580
  const { runHarden } = await import('./src/cli/harden.js');
575
581
  runHarden(cliArgs.slice(1)).then(() => process.exit(0)).catch(err => {
@@ -673,6 +679,7 @@ const cliArgs = process.argv.slice(2);
673
679
  console.log('\n agent-security-scanner-mcp\n');
674
680
  console.log(' Commands:');
675
681
  console.log(' init [client] Set up MCP config for a client');
682
+ console.log(' init-ci [provider] Install CI workflow template (github)');
676
683
  console.log(' init-hooks Install Claude Code hooks for auto-scanning');
677
684
  console.log(' doctor [--fix] Check environment & client configs');
678
685
  console.log(' demo [--lang js] Generate vulnerable file + scan it');
@@ -705,6 +712,7 @@ const cliArgs = process.argv.slice(2);
705
712
  console.log(' --exclude <pattern> Exclude matching files (scan-project)\n');
706
713
  console.log(' Examples:');
707
714
  console.log(' npx agent-security-scanner-mcp init');
715
+ console.log(' npx agent-security-scanner-mcp init-ci github');
708
716
  console.log(' npx agent-security-scanner-mcp scan-prompt "ignore previous instructions"');
709
717
  console.log(' npx agent-security-scanner-mcp scan-security ./app.py --verbosity minimal');
710
718
  console.log(' npx agent-security-scanner-mcp check-package flask pypi');
@@ -1,7 +1,7 @@
1
1
  {
2
2
  "name": "agent-security-scanner-mcp",
3
- "version": "4.0.0",
4
- "description": "Security scanner for OpenClaw: prompt injection firewall, package hallucination detection, code vulnerability scanning, auto-fix",
3
+ "version": "4.4.7",
4
+ "description": "npm audit for AI agents and OpenClaw skills: prompt injection firewall, package hallucination detection, MCP/security scanning, and auto-fix",
5
5
  "author": "Sinewave AI",
6
6
  "license": "MIT",
7
7
  "openclaw": {
package/package.json CHANGED
@@ -1,8 +1,8 @@
1
1
  {
2
2
  "name": "agent-security-scanner-mcp",
3
- "version": "4.4.4",
3
+ "version": "4.4.7",
4
4
  "mcpName": "io.github.sinewaveai/agent-security-scanner-mcp",
5
- "description": "Security scanner MCP server for AI coding agents. Prompt injection firewall, package hallucination detection (4.3M+ packages), 1700+ vulnerability rules with AST & taint analysis, LLM-powered semantic code review, auto-fix. For Claude Code, Cursor, Windsurf, Cline, OpenClaw.",
5
+ "description": "npm audit for AI agents and MCP servers. Scan code, MCP tools, prompts, and hallucinated packages for Claude Code, Cursor, Windsurf, Cline, OpenClaw, and CI.",
6
6
  "main": "index.js",
7
7
  "type": "module",
8
8
  "bin": {
@@ -20,6 +20,9 @@
20
20
  "keywords": [
21
21
  "mcp",
22
22
  "model-context-protocol",
23
+ "npm-audit",
24
+ "agent-audit",
25
+ "agent-security-audit",
23
26
  "claude",
24
27
  "opencode",
25
28
  "kilocode",
@@ -36,6 +39,9 @@
36
39
  "hallucination-detection",
37
40
  "package-verification",
38
41
  "supply-chain-security",
42
+ "mcp-security",
43
+ "mcp-scanner",
44
+ "mcp-audit",
39
45
  "prompt-injection",
40
46
  "agent-security",
41
47
  "llm-security",
package/server.json CHANGED
@@ -1,8 +1,8 @@
1
1
  {
2
2
  "$schema": "https://static.modelcontextprotocol.io/schemas/2025-12-11/server.schema.json",
3
3
  "name": "io.github.sinewaveai/agent-security-scanner-mcp",
4
- "description": "MCP security scanner with prompt injection firewall, package hallucination detection, LLM-powered code review, and auto-fix.",
5
- "version": "4.0.0",
4
+ "description": "npm audit for AI agents and MCP servers: scan code, MCP tools, prompts, and hallucinated packages before agents trust them.",
5
+ "version": "4.4.7",
6
6
  "transport": "stdio",
7
7
  "registry": "npm"
8
8
  }
@@ -0,0 +1,75 @@
1
+ import { existsSync, mkdirSync, readFileSync, writeFileSync } from 'fs';
2
+ import { dirname, join, resolve } from 'path';
3
+ import { fileURLToPath } from 'url';
4
+
5
+ function parseFlags(args) {
6
+ const flags = {
7
+ provider: 'github',
8
+ dryRun: false,
9
+ force: false,
10
+ outputPath: null,
11
+ };
12
+
13
+ for (let i = 0; i < args.length; i++) {
14
+ const arg = args[i];
15
+ if (arg === '--dry-run') {
16
+ flags.dryRun = true;
17
+ } else if (arg === '--force') {
18
+ flags.force = true;
19
+ } else if (arg === '--path' && args[i + 1]) {
20
+ flags.outputPath = args[++i];
21
+ } else if (!arg.startsWith('-')) {
22
+ flags.provider = arg;
23
+ }
24
+ }
25
+
26
+ return flags;
27
+ }
28
+
29
+ function repoRootFromModule() {
30
+ return resolve(dirname(fileURLToPath(import.meta.url)), '..', '..');
31
+ }
32
+
33
+ export async function runInitCi(args = [], options = {}) {
34
+ const flags = parseFlags(args);
35
+ const cwd = options.cwd || process.cwd();
36
+ const repoRoot = options.repoRoot || repoRootFromModule();
37
+
38
+ if (flags.provider !== 'github') {
39
+ throw new Error(`unsupported CI provider: ${flags.provider}. Supported providers: github`);
40
+ }
41
+
42
+ const templatePath = join(repoRoot, 'templates', 'github-action-security.yml');
43
+ const outputPath = resolve(cwd, flags.outputPath || join('.github', 'workflows', 'agent-security.yml'));
44
+
45
+ if (!existsSync(templatePath)) {
46
+ throw new Error(`GitHub Actions template not found: ${templatePath}`);
47
+ }
48
+
49
+ const template = readFileSync(templatePath, 'utf8');
50
+
51
+ console.log('\n agent-security-scanner-mcp CI setup\n');
52
+ console.log(` Provider: GitHub Actions`);
53
+ console.log(` Output: ${outputPath}`);
54
+
55
+ if (existsSync(outputPath) && !flags.force) {
56
+ console.log('\n Workflow already exists. Use --force to overwrite, or --path to choose another file.\n');
57
+ return { written: false, outputPath, reason: 'exists' };
58
+ }
59
+
60
+ if (flags.dryRun) {
61
+ console.log('\n [dry-run] Would write workflow:\n');
62
+ console.log(template);
63
+ console.log(' No changes made.\n');
64
+ return { written: false, outputPath, dryRun: true };
65
+ }
66
+
67
+ mkdirSync(dirname(outputPath), { recursive: true });
68
+ writeFileSync(outputPath, template, 'utf8');
69
+
70
+ console.log('\n Wrote GitHub Actions workflow.');
71
+ console.log(' Next steps: commit the workflow and open a pull request to see scan comments.\n');
72
+
73
+ return { written: true, outputPath };
74
+ }
75
+
@@ -0,0 +1,32 @@
1
+ name: Agent Security Scan
2
+
3
+ on:
4
+ pull_request:
5
+ push:
6
+ branches: [main]
7
+ schedule:
8
+ # Weekly full-project scan. The composite action automatically switches
9
+ # scheduled runs to full-project mode even when PRs use diff-only mode.
10
+ - cron: "0 9 * * 1"
11
+
12
+ permissions:
13
+ contents: read
14
+ security-events: write
15
+ pull-requests: write
16
+
17
+ jobs:
18
+ agent-security:
19
+ name: Scan AI agent, MCP, and supply-chain risk
20
+ runs-on: ubuntu-latest
21
+
22
+ steps:
23
+ - uses: actions/checkout@v4
24
+ with:
25
+ fetch-depth: 0
26
+
27
+ - uses: sinewaveai/agent-security-scanner-mcp/.github/actions/security-scan@main
28
+ with:
29
+ severity_threshold: warning
30
+ scan_packages: "true"
31
+ scan_diff_only: "true"
32
+ upload_sarif: "true"