Automic VaultAutomic Vault

brew

Install snyk-agent-scan with Homebrew

Constrain, log and scan your MCP connections for security vulnerabilities. Version 0.5.12 via Homebrew; verified 2026-06-24.

install

Additional install commands

macOS

Homebrewverified · 100%
brew install snyk-agent-scan

local Homebrew formula metadata

overview

Package summary

Constrain, log and scan your MCP connections for security vulnerabilities

Commands and aliases

  • snyk-agent-scan

history

Project history and usage

Snyk Agent Scan is Snyk's CLI for discovering and scanning local AI agent components, MCP servers, skills, and related configuration for security risks. It reflects the new package-manager problem of executable agent ecosystems: installed tools are no longer just binaries, they are prompts, skills, MCP configs, and commands that may run during inspection.

Project history

The public GitHub repository was created in 2025. Its README describes Agent Scan as a tool for inventorying installed agent components and scanning for prompt injections, sensitive data handling, malware payloads hidden in natural language, tool poisoning, toxic flows, and vulnerabilities in agent skills.

The README notes that CLI output is experimental and that Agent Scan 0.4 was published with a technical report on emerging threats in the agent skill ecosystem, indicating a young tool aimed at a fast-changing area.

Adoption history

Official usage examples install and run the tool with `uvx snyk-agent-scan@latest`, while the input records a Homebrew formula. The supported-agent matrix includes mainstream developer agents such as Claude, Cursor, Windsurf, Gemini CLI, VS Code, Codex, Amazon Q, and others.

How it is used

Users can run a full machine scan, scan a specific MCP configuration file, scan one skill file, or scan a directory of skills. The README warns that scanning MCP configurations may execute commands defined in those configs, so the CLI includes interactive consent and a deliberately named flag for trusted non-interactive runs.

Why package nerds care

Package nerds care because Agent Scan treats local agent configuration as supply chain surface. It scans the places modern developer tools install behavior, including project, user, system, extension, and plugin scopes, making it relevant to anyone packaging or auditing AI-enabled command-line environments.

Timeline

  • 2025: Public GitHub repository created.
  • 2025: README documents scanning for MCP servers, agent tools, and skills.
  • 2026: Repository metadata shows active maintenance.

Related projects

  • Related ecosystems include MCP servers, Codex skills, Claude skills, Cursor/Windsurf/Gemini agent configurations, and Snyk's broader developer security tooling.

security posture

No protected-tool coverage found yet

No matching local secret-handling manifest was found for snyk-agent-scan. Nucleus package metadata is still published here so future coverage has a stable package URL.

Install behavior

  • No Homebrew post-install hook is recorded in formula metadata.
  • Homebrew bottle metadata is available for 6 platform targets.
  • Installs with 6 runtime dependencies.

Recommended review

Before unattended agent use, check whether the tool reads plaintext credentials, writes remote state, publishes artifacts, or shells out to plugins.

executables

Installed executables

CommandKindExposureNote
snyk-agent-scancliglobal executable

freshness

Version and freshness

These signals separate page generation age, package-manager activity, and upstream release comparison. Version lag is warned only when an evidence URL and comparable versions are present.

page generated2026-07-08
manager version0.5.12
manager updated2026-06-24
local dataok
upstreamnot checked
latest detectednot detected

https://github.com/snyk/agent-scan

install metadata

Package metadata

Package keybrew:snyk-agent-scan
Version0.5.12
Package managerHomebrew
Package manager pagehttps://formulae.brew.sh/formula/snyk-agent-scan
Homepagehttps://github.com/snyk/agent-scan
Repositoryhttps://github.com/snyk/agent-scan
Upstream docshttps://github.com/snyk/agent-scan#readme
LicenseApache-2.0
Source archivehttps://files.pythonhosted.org/packages/12/29/7e0b0f90353d02b73a254580d7b2e760f3ecfe3bcbf364b28593d15163eb/snyk_agent_scan-0.5.12.tar.gz
Last updated2026-06-24T14:11:04Z
Pulseupdated
Dependenciescertifi, cryptography, libyaml, pydantic, python@3.14, rpds-py
Bottleavailable (on arm64_linux, arm64_sequoia, arm64_sonoma, arm64_tahoe, sonoma, x86_64_linux)
Homebrew post-installnot defined
Servicenone declared

registry facts

Source database details

Source DatabaseHomebrew formula API
Taphomebrew/core
Full Namesnyk-agent-scan
Version Scheme0
Revision0
Bottle Stable Root URLhttps://ghcr.io/v2/homebrew/core
Deprecatedno
Disabledno
Keg Onlyno
URL Keys
  • stable

source trail

Generated from repository data

This page is generated by av-web from the private package SQLite artifact built by scripts/generate-pkg-sqlite.py.

Used sources

  • Geiger risk classifier
  • Nucleus package database
  • av.db category and tag curation
  • cross-ecosystem install command graph
  • curated package history
  • package relationship graph
  • package version freshness
  • package-page enrichment