Show HN: Security Scanner for Agent Skills and MCP (github.com)

A new security tool called Agent Scan 0.4 has been announced, designed to help users identify vulnerabilities and prompt injections within their AI agent environments, including MCP servers and agent skills. This tool enables the scanning of installed agent components on various platforms, automatically discovering configurations and scanning for over 15 distinct security risks. A major update in this release is its enhanced focus on scanning agent skills, critical for maintaining security in the rapidly evolving agent skill ecosystem. The significance of Agent Scan lies in its ability to protect users from emerging threats in AI, particularly the risks associated with untrusted or poorly configured agent components. Importantly, the scanning process executes commands from MCP configurations to analyze security vulnerabilities, which necessitates user consent before each command is run. Users are advised to operate scans within isolated environments to mitigate risks, underscoring the tool’s dual operation modes: manual scans for comprehensive security assessments and background monitoring for continuous oversight. The implementation of this tool represents a proactive measure for safeguarding AI systems against potential threats and reinforces the importance of security in the AI/ML community.