AgentVerus MCP Server
Security scanning for AI agent skills, exposed as MCP tools. Scan skills from ClawHub, GitHub, skills.sh, or raw URLs — directly from your AI agent.
164 tests · 6 analyzers · ASST taxonomy · Hosted trust_check commerce
Quick Start
Add to your agent's MCP configuration:
Published package: agentverus-scanner-mcp
If you want the hosted commercial tools (list_offers, trust_check), set:
AGENTVERUS_API_KEYfor authenticated calls tohttps://agentverus.ai/api/v1/trust/checkAGENTVERUS_BASE_URLonly if you need a non-production AgentVerus base URL
Claude Desktop / Cursor / Windsurf
{
"mcpServers": {
"agentverus": {
"command": "npx",
"args": ["-y", "agentverus-scanner-mcp"]
}
}
}OpenClaw
{
"mcp": {
"agentverus": {
"command": "npx",
"args": ["-y", "agentverus-scanner-mcp"]
}
}
}Tools
check_skill
Check a skill by name or identifier. Resolves ClawHub slugs, GitHub repos, and skills.sh paths automatically.
check_skill({ source: "web-search" })
check_skill({ source: "vercel-labs/agent-skills/react-best-practices" })list_offers
Fetch the machine-readable AgentVerus offer catalog.
list_offers({})trust_check
Call the hosted AgentVerus Trust Check SKU. Requires AGENTVERUS_API_KEY.
trust_check({ url: "https://raw.githubusercontent.com/owner/repo/main/SKILL.md" })
trust_check({ skillId: "11111111-1111-1111-1111-111111111111" })scan_url
Scan a skill from any URL — GitHub, ClawHub, skills.sh, or raw SKILL.md.
scan_url({ url: "https://github.com/owner/repo" })scan_skill
Scan skill content directly (pass the raw SKILL.md text).
scan_skill({ content: "---\nname: my-skill\n---\n# My Skill\n..." })explain_finding
Get a detailed explanation of any ASST security category.
explain_finding({ id: "ASST-06" })Resources
agentverus://taxonomy— Full ASST taxonomy (11 categories)agentverus://offers— Hosted offer catalog and billing metadataagentverus://about— Scanner info and capabilities
What It Scans For
The scanner checks for 11 categories of agent-specific security risks:
| ID | Category | Examples | |----|----------|----------| | ASST-01 | Instruction Injection | Hidden directives in HTML comments | | ASST-02 | Data Exfiltration | Unauthorized outbound data transfers | | ASST-03 | Privilege Escalation | Excessive permission requests | | ASST-04 | Dependency Hijacking | Compromised URLs, curl\|sh patterns | | ASST-05 | Credential Harvesting | Reading env vars + network sends | | ASST-06 | Prompt Injection Relay | Unvalidated external content processing | | ASST-07 | Unverified Package | Unknown/unscanned dependencies | | ASST-08 | Obfuscation | Encoded payloads, minified scripts | | ASST-09 | Missing Safety Boundaries | No scope limits or error handling | | ASST-10 | Persistence Abuse | Exploitable state storage | | ASST-11 | Trigger Manipulation | Overly broad activation patterns |
Trust Badges
| Badge | Score | Meaning | |-------|-------|---------| | 🟢 Certified | 95-100 | No significant security concerns | | 🟡 Conditional | 85-94 | Minor concerns, review recommended | | 🟠 Suspicious | 60-84 | Significant concerns, manual review required | | 🔴 Rejected | 0-59 | Critical security issues found |
Links
- AgentVerus — AI agent security platform
- MCP Server on npm — This MCP server package
- Scanner on npm — The underlying scanner
- ASST Taxonomy — Full security taxonomy
License
MIT
