MCP-Scan: A Security scanner for AI agents, MCP servers and agent skills (github.com)

MCP-Scan has been launched as a comprehensive security scanning tool designed for identifying threats in AI agent components, including prompt injections, malware, and vulnerabilities across various configurations. The latest release (version 0.4) introduces the capability to scan agent skills, significantly enhancing its utility in managing the growing ecosystem of AI agent skills while maintaining an inventory of installed components like harnesses and MCP servers. This is crucial for developers and organizations using AI, as it helps secure their systems against sophisticated attack vectors. The tool enables both static and dynamic analysis, allowing users to conduct thorough scans of their environments or monitor MCP (Model Context Protocol) traffic in real time. Key features include the auto-discovery of configurations, detection of sensitive data handling issues, and customizable guardrailing policies to enforce security protocols during tool execution. The introduction of MCP-Scan marks a vital step in addressing the emerging security challenges in AI applications, providing the AI/ML community with vital tools to safeguard their systems and maintain trust in their AI deployments.