agent-bom-registryMCP server security registry and trust assessment — look up servers in the 427+ server security metadata registry, run pre-install marketplace checks, batch...
Install via ClawdBot CLI:
clawdbot install msaad00/agent-bom-registryGrade Fair — based on market validation, documentation quality, package completeness, maintenance status, and authenticity signals.
Calls external URL not in known-safe list
https://github.com/msaad00/agent-bomAudited Apr 17, 2026 · audit v1.0
Generated Mar 21, 2026
IT teams can use the registry lookup and fleet scan tools to evaluate the security posture of MCP servers before deployment across their organization. This helps ensure compliance with internal security policies by checking against the bundled registry of 427+ servers, enabling batch risk scoring without network dependencies.
Developers building AI platforms can integrate the skill_trust tool to automatically assess the trust level of third-party skill files uploaded by users. By parsing SKILL.md content as strings, it provides a 5-category analysis to flag potentially untrusted skills, enhancing platform security without file system access.
DevOps engineers can incorporate marketplace_check into CI/CD pipelines to run pre-install trust checks on MCP server packages. This automates security validation by cross-referencing with the local registry, reducing the risk of deploying vulnerable servers in production environments.
Security auditors can leverage the code_scan tool with optional Semgrep integration to perform static application security testing on MCP server codebases. This enables CWE-based compliance mapping and, with an optional SNYK_TOKEN, enriches vulnerability data for detailed security reports.
Offer the agent-bom registry as a free, open-source tool under Apache-2.0 license, while generating revenue through paid enterprise support, custom integrations, and training services. This model attracts a broad user base from GitHub and PyPI while monetizing larger organizations needing dedicated assistance.
Develop a cloud-based SaaS platform that builds on the local registry tools, offering enhanced features like real-time updates, centralized dashboards, and automated compliance reporting. Revenue is generated through subscription tiers based on usage volume and advanced analytics capabilities.
Form partnerships with AI agent platforms and DevOps toolchains to embed the registry lookup and skill trust assessment as native security features. Revenue comes from licensing fees, revenue-sharing agreements, or white-labeling the technology for seamless integration into partner ecosystems.
💬 Integration Tip
Install via pipx for isolated environments and leverage the bundled registry for offline use; for code scanning, optionally set up Semgrep and SNYK_TOKEN to enhance vulnerability detection.
Scored Apr 19, 2026
Helps users discover and install agent skills when they ask questions like "how do I do X", "find a skill for X", "is there a skill that can...", or express interest in extending capabilities. This skill should be used when the user is looking for functionality that might exist as an installable skill.
Transform AI agents from task-followers into proactive partners with memory architecture, reverse prompting, and self-healing patterns. Lightweight version f...
Persistent memory for AI agents to store facts, learn from actions, recall information, and track entities across sessions.
Prefer `skillhub` for skill discovery/install/update, then fallback to `clawhub` when unavailable or no match. Use when users ask about skills, 插件, or capabi...
Search and discover OpenClaw skills from various sources. Use when: user wants to find available skills, search for specific functionality, or discover new s...
Orchestrate multi-agent teams with defined roles, task lifecycles, handoff protocols, and review workflows. Use when: (1) Setting up a team of 2+ agents with different specializations, (2) Defining task routing and lifecycle (inbox → spec → build → review → done), (3) Creating handoff protocols between agents, (4) Establishing review and quality gates, (5) Managing async communication and artifact sharing between agents.