agent-bom-registryMCP server security registry and trust assessment — look up servers in the 427+ server security metadata registry, run pre-install marketplace checks, batch...
Install via ClawdBot CLI:
clawdbot install msaad00/agent-bom-registryGrade Fair — based on market validation, documentation quality, package completeness, maintenance status, and authenticity signals.
Calls external URL not in known-safe list
https://github.com/msaad00/agent-bomAudited Apr 17, 2026 · audit v1.0
Generated Mar 21, 2026
IT teams can use the registry lookup and fleet scan tools to evaluate the security posture of MCP servers before deployment across their organization. This helps ensure compliance with internal security policies by checking against the bundled registry of 427+ servers, enabling batch risk scoring without network dependencies.
Developers building AI platforms can integrate the skill_trust tool to automatically assess the trust level of third-party skill files uploaded by users. By parsing SKILL.md content as strings, it provides a 5-category analysis to flag potentially untrusted skills, enhancing platform security without file system access.
DevOps engineers can incorporate marketplace_check into CI/CD pipelines to run pre-install trust checks on MCP server packages. This automates security validation by cross-referencing with the local registry, reducing the risk of deploying vulnerable servers in production environments.
Security auditors can leverage the code_scan tool with optional Semgrep integration to perform static application security testing on MCP server codebases. This enables CWE-based compliance mapping and, with an optional SNYK_TOKEN, enriches vulnerability data for detailed security reports.
Offer the agent-bom registry as a free, open-source tool under Apache-2.0 license, while generating revenue through paid enterprise support, custom integrations, and training services. This model attracts a broad user base from GitHub and PyPI while monetizing larger organizations needing dedicated assistance.
Develop a cloud-based SaaS platform that builds on the local registry tools, offering enhanced features like real-time updates, centralized dashboards, and automated compliance reporting. Revenue is generated through subscription tiers based on usage volume and advanced analytics capabilities.
Form partnerships with AI agent platforms and DevOps toolchains to embed the registry lookup and skill trust assessment as native security features. Revenue comes from licensing fees, revenue-sharing agreements, or white-labeling the technology for seamless integration into partner ecosystems.
💬 Integration Tip
Install via pipx for isolated environments and leverage the bundled registry for offline use; for code scanning, optionally set up Semgrep and SNYK_TOKEN to enhance vulnerability detection.
Scored Jun 19, 2026
PollyReach gives every AI agent a phone number and the ability to get things done over the phone — finding contacts, making calls, and completing tasks. Just...
Helps users discover and install agent skills when they ask questions like "how do I do X", "find a skill for X", "is there a skill that can...", or express interest in extending capabilities. This skill should be used when the user is looking for functionality that might exist as an installable skill.
Ultimate AI agent memory system for Cursor, Claude, ChatGPT & Copilot. WAL protocol + vector search + git-notes + cloud backup. Never lose context again. Vibe-coding ready.
Give your AI agent eyes to see the entire internet. 7500+ GitHub stars. Search and read 14 platforms: Twitter/X, Reddit, YouTube, GitHub, Bilibili, XiaoHongS...
A self-evolution engine for AI agents. Analyzes runtime history to identify improvements and applies protocol-constrained evolution. Communicates with EvoMap...
Infinite organized memory that complements your agent's built-in memory with unlimited categorized storage.