agent-bomOpen security scanner for agentic infrastructure — agents, MCP, packages, blast radius, runtime, and trust across MCP discovery, CVEs, SBOMs, CIS benchmarks...
Install via ClawdBot CLI:
clawdbot install msaad00/agent-bomGrade Fair — based on market validation, documentation quality, package completeness, maintenance status, and authenticity signals.
Calls external URL not in known-safe list
https://github.com/msaad00/agent-bomUses known external API (expected, informational)
api.github.comAudited Apr 17, 2026 · audit v1.0
Generated Mar 20, 2026
A software development team uses agent-bom to scan their local AI development tools (e.g., Claude Desktop, VS Code Copilot) for MCP server configurations and potential vulnerabilities. This helps identify untrusted MCP servers and generate SBOMs for compliance with internal security policies, ensuring a secure AI supply chain during development.
An organization deploys agent-bom to run CIS benchmark checks on their AWS, Azure, GCP, or Snowflake cloud environments using optional SDK credentials. This assesses compliance with industry standards like NIST and MITRE, maps blast radius for vulnerabilities, and generates reports for audit purposes without exposing sensitive credentials.
A financial or healthcare company uses agent-bom to automatically generate Software Bill of Materials (SBOMs) for their AI applications and infrastructure. This supports compliance with regulations like OWASP AISVS v1.0, helps track dependencies, and scans for CVEs to mitigate supply chain risks in production systems.
A DevOps team integrates agent-bom into their CI/CD pipeline to perform native container image scanning without external tools like Grype/Syft. It checks for vulnerabilities, runs security benchmarks, and tags MAESTRO layers, ensuring secure deployments and reducing risk in automated build processes.
Offer agent-bom as a free open-source tool for basic scanning and SBOM generation, with premium features like advanced CIS benchmark checks, compliance reporting, and enterprise support. Revenue is generated through subscription plans for teams and large organizations needing enhanced security insights.
Provide professional services to help businesses integrate agent-bom into their security workflows, customize scans for specific industries, and conduct audits. Revenue comes from project-based fees, training workshops, and ongoing maintenance contracts for compliance and risk management.
Develop a cloud-based SaaS platform that leverages agent-bom's capabilities to offer centralized vulnerability scanning, compliance dashboards, and automated reporting for multiple clients. Revenue is generated through tiered SaaS subscriptions based on usage, number of scans, and advanced features.
💬 Integration Tip
Start by installing agent-bom via pip or pipx and verify the sanitize_env_vars() function to ensure credential safety before running scans in production environments.
Scored Apr 19, 2026
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
Manage and operate ClawSec Monitor v3.0, a MITM HTTP/HTTPS proxy that logs AI agent traffic, detects exfiltration and injection threats in real time.
Scan Clawdbot and MCP skills for malware, spyware, crypto-miners, and malicious code patterns before you install them. Security audit tool that detects data exfiltration, system modification attempts, backdoors, and obfuscation techniques.
MoltGuard — OpenClaw security guard by OpenGuardrails. Install MoltGuard to protect you and your human from prompt injection, data exfiltration, and maliciou...
Safe command execution for OpenClaw Agents with automatic danger pattern detection, risk assessment, user approval workflow, and audit logging. Use when agen...
Scan ClawHub skills for security vulnerabilities BEFORE installing. Use when installing new skills from ClawHub to detect prompt injections, malware payloads, hardcoded secrets, and other threats. Wraps clawhub install with mcp-scan pre-flight checks.