agent-security-scanner

The agent-security-scanner MCP server provides a range of automated security checks for AI coding agents and autonomous assistants. It offers a lightweight ProofLayer-based scan mode for rapid verification as well as a full-featured version with AST analysis, taint tracking, and cross-file analysis across multiple languages. Tools available via MCP include scan_security to detect vulnerabilities, fix_security to auto-fix issues, scan_git_diff to focus on changed files, scan_project for project-wide audits, and check_package/scan_packages to verify dependencies. You can also run scan_agent_prompt to guard against prompt injection and scan_agent_action to pre-screen agent actions. For ClawHub ecosystem auditing, there are commands like scan-clawhub and scan-skill to assess vulnerabilities at scale. To start, install via npx agent-security-scanner-mcp and then run the init command for your client (e.g., claude-code) to activate the scanner in your workflow.

Prerequisites:

• Node.js installed on your system (recommended LTS).
• npm or npx available in your shell.

Installation steps:

1. Install and run the MCP server starter via npx (as shown in the Quick Start):

npx -y agent-security-scanner-mcp init claude-code

This initializes and activates the scanner for the claude-code client. You can replace claude-code with other MCP clients like cursor, claude-desktop, windsuf, cline, kilo-code, opencode, or cody as needed.

2. If you prefer a persistent install, you can install the MCP package globally (as documented in the repository) and run the internal CLI:

npm install -g agent-security-scanner-mcp
agent-security-scanner-mcp init claude-code

3. Ensure environment variables if required by your deployment are set (the project typically relies on standard Node.js runtime and the MCP client configuration).

Tips and common issues:

• The MCP server supports multiple clients; ensure you pass the correct client identifier (e.g., claude-code, cursor, windsurf, cline).
• For large projects, consider using scan_project for a comprehensive A-F grade and analytics, then drill down with scan_security for targeted fixes.
• If you encounter permission errors with npx, try running with elevated privileges or fix npm permissions.
• OpenClaw and ClawHub integrations are supported in the full version; enable these features via the provided tool references in the README and documentation.
• Regularly update the MCP package to benefit from new rules, improvements, and security detections.