MCP ConfigsMay 11, 2026·2 min read

Agent Security Scanner MCP — Scan Repos for Risks

Agent Security Scanner MCP provides tools to scan repos for risky patterns so agents flag issues before running code or touching secrets.

Agent ready

Safe staging for this asset

This asset is staged first. The copied prompt tells the agent to inspect the staged files and ask before activating scripts, MCP config, or global config.

Stage only · 17/100Policy: stage
Agent surface
Any MCP/CLI agent
Kind
Mcp Config
Install
Stage only
Trust
Trust: Established
Entrypoint
Asset
Safe staging command
npx -y tokrepo@latest install ffad6664-623c-4275-8f78-3e0cce4c361e --target codex

Stages files first; activation requires review of the staged README and plan.

Intro

Agent Security Scanner MCP provides tools to scan repos for risky patterns so agents flag issues before running code or touching secrets.

  • Best for: Teams running coding agents who want a lightweight ‘preflight’ scan before executing anything
  • Works with: MCP clients + CI or local dev environments; use read-only scans before writes
  • Setup time: 15 minutes

Practical Notes

  • Setup time ~15 minutes (install + run server + connect client)
  • Gate condition: scan output must be machine-readable (JSON/structured fields) before you automate blocking
  • GitHub stars + forks (verified): see Source & Thanks

If your agent can run code, you need a safety gate. A practical pattern is: scan → decide → run. Keep scan tools deterministic and read-only, and log every decision. Even a simple ‘risk score’ plus a few hard blocks can prevent the most common failures.

FAQ

Q: Does this replace a full security review? A: No. It’s a fast preflight. Use it to catch obvious risks before agent execution.

Q: What should it block by default? A: Anything involving secrets, network exfil paths, or suspicious install scripts until reviewed.

Q: Where should I run it? A: In CI or a sandboxed environment; keep it read-only against your source tree.

🙏

Source & Thanks

Source: https://github.com/sinewaveai/agent-security-scanner-mcp > License: MIT > GitHub stars: 100 · forks: 10

Discussion

Sign in to join the discussion.
No comments yet. Be the first to share your thoughts.

Related Assets