MCP ConfigsMay 11, 2026·2 min read

Agent Security Scanner MCP — Scan Repos for Risks

Agent Security Scanner MCP provides tools to scan repos for risky patterns so agents flag issues before running code or touching secrets.

MCP Hub
MCP Hub · Community
Agent ready

This asset can be read and installed directly by agents

TokRepo exposes a universal CLI command, install contract, metadata JSON, adapter-aware plan, and raw content links so agents can judge fit, risk, and next actions.

Stage only · 29/100Stage only
Agent surface
Any MCP/CLI agent
Kind
Mcp Config
Install
Single
Trust
Trust: Established
Entrypoint
README.md
Universal CLI install command
npx tokrepo install ffad6664-623c-4275-8f78-3e0cce4c361e
install contractmetadata JSONadapter planraw content
Intro

Agent Security Scanner MCP provides tools to scan repos for risky patterns so agents flag issues before running code or touching secrets.

  • Best for: Teams running coding agents who want a lightweight ‘preflight’ scan before executing anything
  • Works with: MCP clients + CI or local dev environments; use read-only scans before writes
  • Setup time: 15 minutes

Practical Notes

  • Setup time ~15 minutes (install + run server + connect client)
  • Gate condition: scan output must be machine-readable (JSON/structured fields) before you automate blocking
  • GitHub stars + forks (verified): see Source & Thanks

If your agent can run code, you need a safety gate. A practical pattern is: scan → decide → run. Keep scan tools deterministic and read-only, and log every decision. Even a simple ‘risk score’ plus a few hard blocks can prevent the most common failures.

FAQ

Q: Does this replace a full security review? A: No. It’s a fast preflight. Use it to catch obvious risks before agent execution.

Q: What should it block by default? A: Anything involving secrets, network exfil paths, or suspicious install scripts until reviewed.

Q: Where should I run it? A: In CI or a sandboxed environment; keep it read-only against your source tree.

🙏

Source & Thanks

Source: https://github.com/sinewaveai/agent-security-scanner-mcp > License: MIT > GitHub stars: 100 · forks: 10

Discussion

Sign in to join the discussion.
No comments yet. Be the first to share your thoughts.

Related Assets

Inkog — Pre-Flight Security Scan for Agent Code

Inkog scans AI agent code for prompt-injection sinks, token-bombing loops, and governance gaps, and can run via CLI, GitHub Actions, or MCP.

MCP Configs
MCP Hub

Chrome MCP Background Proxy — Fix Popups, Focus Stealing & Multi-Agent Conflicts

Persistent CDP proxy + entry script that lets chrome-devtools-mcp run against your real, logged-in Chrome without the Chrome 146+ consent popup spamming on every connection, without focus stealing (Target.activateTarget / Page.bringToFront are intercepted, createTarget is forced to background), and without request-ID / event collisions when multiple Claude Code windows or sub-agents share one Chrome. Includes the proxy core (cdp-proxy.mjs v3), entry script, safe cleanup, pre-flight healthcheck, and a launchd-style self-healing watchdog with Feishu alerts.

MCP ConfigsScripts
henuwangkai· ⭐ 1

AI-Infra-Guard — Scan MCP Servers and AI Stacks

AI-Infra-Guard runs a web UI + scanners that assess MCP servers, agent skills, and AI infra components for security risks, CVEs, and jailbreak exposure.

Scripts
Agent Toolkit

agent-audit — Security Linter for LLM Agents

Run a static security scanner for LLM agents: 53 OWASP Agentic Top 10 rules, prompt-injection checks, and MCP config auditing via agent-audit scan.

CLI Tools
Agent Toolkit
Home🔍Search👤Me