Snyk Agent Scan

active

Best overall agent security scanner. 1,929 stars. Scans AI agents, MCP servers, and skills for prompt injection, tool poisoning, toxic flows. Auto-discovers Claude, Cursor, Gemini CLI, Windsurf configs. Skill Inspector launched Feb 2026. Snyk+Vercel supply chain partnership.

Score 40

Where it wins

Scans AI agents, MCP servers, and skills — purpose-built for the agent security surface

Auto-discovers Claude, Cursor, Gemini CLI, Windsurf configurations

Skill Inspector launched Feb 2026 — inspects individual skills/tools

Snyk+Vercel supply chain partnership — extending trust chain

Enterprise trust — Snyk brand carries weight in security-conscious orgs

1,929 stars — strong early adoption

Where to be skeptical

Commercial — requires Snyk platform

Relatively new category — agent security scanning is still maturing

Editorial verdict

#1 agent/MCP security scanner. Scans AI agents, MCP servers, and skills for prompt injection, tool poisoning, and toxic flows. Auto-discovers Claude, Cursor, Gemini CLI, Windsurf configs. Skill Inspector (Feb 2026) + Vercel supply chain partnership. Enterprise trust.

Source

Found via SkillPack? ★ Star us on GitHub

Security

#02of 10

Enterprise agent/MCP security scanning — scans your agents, skills, and MCP servers for prompt injection, tool poisoning, toxic flows

CodeQL (via GitHub MCP Server)

GitHub-native SAST via CodeQL, accessible through the official GitHub MCP Server. Copilot Autofix generates fixes from CodeQL alerts. GitHub Security Lab Taskflow Agent found ~30 real CVEs. Zero extra setup for GitHub users.

TruffleHog

18K+ stars. 800+ secret types. Unique credential verification — confirms if leaked creds are still active. Scans S3, Docker, Slack — not just git. No official MCP but community integrations exist.

Gitleaks

24.4K stars — most-starred secret scanner. 150+ patterns. Fastest pre-commit scanner. The community default for pre-commit secret detection. No official MCP.

Tencent AI-Infra-Guard

Most comprehensive OSS AI red teaming tool. 3,264 stars. Full-stack: ClawScan, Agent Scan, Skills Scan, MCP scan, jailbreak eval. 43 AI framework components, 589 CVEs cataloged. v4.0 released.

Public evidence

strong2026-03

Snyk Agent Scan: 1,929 stars, auto-discovers agent configs, Skill Inspector launched Feb 2026

Leading agent security scanner. Auto-discovers Claude, Cursor, Gemini CLI, Windsurf configs. Skill Inspector (Feb 2026) scans individual skills. Snyk+Vercel partnership extends supply chain trust.

1,929 GitHub stars + product launchSnyk

moderate2026-02

Snyk+Vercel supply chain partnership for agent security

Supply chain partnership extending agent security to Vercel deployment pipeline. Enterprise validation of agent security scanning as a category.

Partnership announcementSnyk + Vercel

Raw GitHub source

GitHub README could not be fetched right now.