/ Directory / Playground / Snyk Agent Scan
← All servers ↗ GitHub
● Official snyk 🔑 Needs your key

Snyk Agent Scan

by snyk · snyk/agent-scan

Snyk's first-party scanner aimed at agent supply chain: scans MCP servers, skills, and agent code for injection patterns, leaky tool descriptions, and known-bad dependencies.

Built on Snyk's vulnerability DB, this tool extends the usual SCA pass to AI-agent-specific risks: tool description prompt injection, skill SKILL.md poisoning, weak hook patterns, and dependency CVEs.

▶ Watch demo 📦 Install 💡 Use Cases

Why use it

Key features

Live Demo

What it looks like in practice

ready

Install

Pick your client

~/Library/Application Support/Claude/claude_desktop_config.json  · Windows: %APPDATA%\Claude\claude_desktop_config.json
{
  "mcpServers": {
    "snyk-agent-scan": {
      "command": "uvx",
      "args": [
        "snyk-agent-scan"
      ],
      "env": {
        "SNYK_TOKEN": "${SNYK_TOKEN}"
      }
    }
  }
}

Open Claude Desktop → Settings → Developer → Edit Config. Restart after saving.

~/.cursor/mcp.json · .cursor/mcp.json
{
  "mcpServers": {
    "snyk-agent-scan": {
      "command": "uvx",
      "args": [
        "snyk-agent-scan"
      ],
      "env": {
        "SNYK_TOKEN": "${SNYK_TOKEN}"
      }
    }
  }
}

Cursor uses the same mcpServers schema as Claude Desktop. Project config wins over global.

VS Code → Cline → MCP Servers → Edit
{
  "mcpServers": {
    "snyk-agent-scan": {
      "command": "uvx",
      "args": [
        "snyk-agent-scan"
      ],
      "env": {
        "SNYK_TOKEN": "${SNYK_TOKEN}"
      }
    }
  }
}

Click the MCP Servers icon in the Cline sidebar, then "Edit Configuration".

~/.codeium/windsurf/mcp_config.json
{
  "mcpServers": {
    "snyk-agent-scan": {
      "command": "uvx",
      "args": [
        "snyk-agent-scan"
      ],
      "env": {
        "SNYK_TOKEN": "${SNYK_TOKEN}"
      }
    }
  }
}

Same shape as Claude Desktop. Restart Windsurf to pick up changes.

~/.continue/config.json
{
  "mcpServers": [
    {
      "name": "snyk-agent-scan",
      "command": "uvx",
      "args": [
        "snyk-agent-scan"
      ]
    }
  ]
}

Continue uses an array of server objects rather than a map.

~/.config/zed/settings.json
{
  "context_servers": {
    "snyk-agent-scan": {
      "command": {
        "path": "uvx",
        "args": [
          "snyk-agent-scan"
        ]
      }
    }
  }
}

Add to context_servers. Zed hot-reloads on save.

claude mcp add snyk-agent-scan -- uvx snyk-agent-scan

One-liner. Verify with claude mcp list. Remove with claude mcp remove.

Use Cases

Real-world ways to use Snyk Agent Scan

Block risky agent changes in CI

👤 Developers ⏱ ~15 min intermediate

When to use: You ship a custom MCP / skill and want a Snyk gate on every PR.

Flow
  1. Wire up
    Add agent-scan step to CI with SNYK_TOKEN.✓ Copied
    → Step runs
  2. Triage
    High-severity findings fail the PR; review.✓ Copied
    → Clean baseline

Outcome: Agent supply chain has the same gate as your app code.

Combinations

Pair with other MCPs for X10 leverage

snyk-agent-scan + cisco-mcp-scanner

Layer behavioural probes (Cisco) with dep + lint (Snyk)

Combine snyk-agent-scan with cisco-mcp-scanner: Layer behavioural probes (Cisco) with dep + lint (Snyk)✓ Copied

Tools

What this MCP exposes

ToolInputsWhen to callCost
scanner CLI (see docs) Not exposed as MCP tools — CLI scanner 1 call

Cost & Limits

What this costs to run

API quota
Snyk free tier covers small repos; paid scales
Tokens per call
N/A
Monetary
Free tier; paid for org features
Tip
Run in CI on a fixed cadence, not every commit

Security

Permissions, secrets, blast radius

Minimum scopes: snyk:read
Credential storage: Snyk token in env
Data egress: snyk.io

Troubleshooting

Common errors and fixes

401

Token wrong or expired — regenerate in Snyk dashboard

Alternatives

Snyk Agent Scan vs others

AlternativeWhen to use it insteadTradeoff
cisco-mcp-scannerYou want behavioural probesNo SCA

More

Resources

📖 Read the official README on GitHub

🐙 Browse open issues

🔍 Browse all 400+ MCP servers and Skills