agent-bom-scanOpen security scanner for agentic infrastructure — agents, MCP, packages, blast radius, runtime, and trust for package CVEs (OSV, NVD, EPSS, KEV), container...
Install via ClawdBot CLI:
clawdbot install msaad00/agent-bom-scanGrade Fair — based on market validation, documentation quality, package completeness, maintenance status, and authenticity signals.
Calls external URL not in known-safe list
https://github.com/msaad00/agent-bomUses known external API (expected, informational)
api.github.comAudited Apr 17, 2026 · audit v1.0
Generated Mar 22, 2026
A software development team building AI applications uses agent-bom to automatically scan their MCP client configurations and dependencies for vulnerabilities. It identifies CVEs in packages like LangChain or TensorFlow, maps the blast radius to assess impact, and generates remediation plans to patch critical issues before deployment.
An enterprise IT department deploys agent-bom to audit AI tool usage across their organization, discovering MCP servers in tools like VS Code Copilot and GitHub Copilot CLI. It checks for known vulnerabilities in the supply chain, ensures compliance with security policies, and provides reports for regulatory audits.
A DevOps engineer integrates agent-bom into CI/CD pipelines to scan container images and dependencies during build processes. Using optional Grype/Syft tools, it detects CVEs in Docker images, enriches findings with EPSS scores, and triggers automated alerts for high-risk vulnerabilities.
A university AI research lab uses agent-bom to secure their experimental setups, scanning MCP configurations from tools like Claude Desktop and Cursor. It identifies vulnerabilities in open-source AI libraries, educates students on secure coding practices, and prevents exploits in shared environments.
A cybersecurity consulting firm employs agent-bom to perform supply chain risk assessments for clients using AI tools. It discovers MCP servers across diverse platforms like JetBrains AI and Snowflake Cortex, analyzes CVE data from OSV and NVD, and delivers actionable remediation strategies.
Distribute agent-bom as a free, open-source tool under Apache-2.0 license, generating revenue through enterprise support contracts, custom integrations, and premium features like advanced reporting or API key management for higher rate limits.
Offer agent-bom as a cloud-based SaaS platform where users upload configurations for automated scanning. Monetize via subscription tiers based on scan frequency, number of users, or access to enhanced databases like real-time CVE feeds and compliance dashboards.
Partner with AI tool vendors (e.g., VS Code, JetBrains) to bundle agent-bom as a built-in security module. Revenue comes from licensing fees, co-marketing campaigns, and shared profits from upsold security audits or training services for their user base.
💬 Integration Tip
Start by running 'agent-bom scan' to auto-discover MCP configurations, then integrate into CI/CD pipelines using Docker for consistent scanning across environments.
Scored Apr 19, 2026
Helps users discover and install agent skills when they ask questions like "how do I do X", "find a skill for X", "is there a skill that can...", or express interest in extending capabilities. This skill should be used when the user is looking for functionality that might exist as an installable skill.
Transform AI agents from task-followers into proactive partners with memory architecture, reverse prompting, and self-healing patterns. Lightweight version f...
Persistent memory for AI agents to store facts, learn from actions, recall information, and track entities across sessions.
Prefer `skillhub` for skill discovery/install/update, then fallback to `clawhub` when unavailable or no match. Use when users ask about skills, 插件, or capabi...
Search and discover OpenClaw skills from various sources. Use when: user wants to find available skills, search for specific functionality, or discover new s...
Orchestrate multi-agent teams with defined roles, task lifecycles, handoff protocols, and review workflows. Use when: (1) Setting up a team of 2+ agents with different specializations, (2) Defining task routing and lifecycle (inbox → spec → build → review → done), (3) Creating handoff protocols between agents, (4) Establishing review and quality gates, (5) Managing async communication and artifact sharing between agents.