# Install snyk-agent-scan with Homebrew

Constrain, log and scan your MCP connections for security vulnerabilities. Version 0.5.12 via Homebrew; verified 2026-06-24.

## Install

```sh
sudo av install brew:snyk-agent-scan
```

Additional install commands:

### macOS

- Homebrew (100%):

```sh
brew install snyk-agent-scan
```

  Evidence: local Homebrew formula metadata

## Package facts

- **Package key:** brew:snyk-agent-scan
- **Package manager:** Homebrew
- **Package manager page:** <https://formulae.brew.sh/formula/snyk-agent-scan>
- **Version:** 0.5.12
- **Source summary:** Constrain, log and scan your MCP connections for security vulnerabilities
- **Homepage:** <https://github.com/snyk/agent-scan>
- **Repository:** <https://github.com/snyk/agent-scan>
- **Upstream docs:** <https://github.com/snyk/agent-scan#readme>
- **License:** Apache-2.0
- **Source archive:** <https://files.pythonhosted.org/packages/12/29/7e0b0f90353d02b73a254580d7b2e760f3ecfe3bcbf364b28593d15163eb/snyk_agent_scan-0.5.12.tar.gz>
- **Last updated:** 2026-06-24T14:11:04Z
- **Generated:** 2026-07-08T07:18:31+00:00

## Executables

- snyk-agent-scan (cli)
- snyk-agent-scan (alias)

## Dependencies

- certifi
- cryptography
- libyaml
- pydantic
- python@3.14
- rpds-py

## Install behavior

- Post-install hook: not defined
- Bottle: available on arm64_linux, arm64_sequoia, arm64_sonoma, arm64_tahoe, sonoma, x86_64_linux

## Freshness

- Page generated: 2026-07-08
- Package-manager version: 0.5.12
- Package-manager updated: 2026-06-24
- Local data: ok
- Upstream repository: https://github.com/snyk/agent-scan
- info: No cached GitHub release or tag data was available.
## Project history and usage

Snyk Agent Scan is Snyk's CLI for discovering and scanning local AI agent components, MCP servers, skills, and related configuration for security risks. It reflects the new package-manager problem of executable agent ecosystems: installed tools are no longer just binaries, they are prompts, skills, MCP configs, and commands that may run during inspection.

### Project history

The public GitHub repository was created in 2025. Its README describes Agent Scan as a tool for inventorying installed agent components and scanning for prompt injections, sensitive data handling, malware payloads hidden in natural language, tool poisoning, toxic flows, and vulnerabilities in agent skills.

The README notes that CLI output is experimental and that Agent Scan 0.4 was published with a technical report on emerging threats in the agent skill ecosystem, indicating a young tool aimed at a fast-changing area.

### Adoption history

Official usage examples install and run the tool with `uvx snyk-agent-scan@latest`, while the input records a Homebrew formula. The supported-agent matrix includes mainstream developer agents such as Claude, Cursor, Windsurf, Gemini CLI, VS Code, Codex, Amazon Q, and others.

### How it is used

Users can run a full machine scan, scan a specific MCP configuration file, scan one skill file, or scan a directory of skills. The README warns that scanning MCP configurations may execute commands defined in those configs, so the CLI includes interactive consent and a deliberately named flag for trusted non-interactive runs.

### Why package nerds care

Package nerds care because Agent Scan treats local agent configuration as supply chain surface. It scans the places modern developer tools install behavior, including project, user, system, extension, and plugin scopes, making it relevant to anyone packaging or auditing AI-enabled command-line environments.

### Timeline

- 2025: Public GitHub repository created.
- 2025: README documents scanning for MCP servers, agent tools, and skills.
- 2026: Repository metadata shows active maintenance.

### Related projects

- Related ecosystems include MCP servers, Codex skills, Claude skills, Cursor/Windsurf/Gemini agent configurations, and Snyk's broader developer security tooling.

### Sources

- <https://github.com/snyk/agent-scan>
- <https://github.com/snyk/agent-scan#readme>
- source_facts.package-manager


## Security Notes

No matching local secret-handling manifest was found for snyk-agent-scan. Nucleus package metadata is still published here so future coverage has a stable package URL.


## Source Database Details

- **Source Database:** Homebrew formula API
- **Tap:** homebrew/core
- **Full Name:** snyk-agent-scan
- **Version Scheme:** 0
- **Revision:** 0
- **Bottle Stable Root URL:** <https://ghcr.io/v2/homebrew/core>
- **Deprecated:** no
- **Disabled:** no
- **Keg Only:** no
- **URL Keys:** stable


## Related links

- [Source-control packages](https://www.automicvault.com/pkg/source-control-tools/) - Belongs to a source-control command family.
- [MCP tool packages](https://www.automicvault.com/pkg/mcp-tools/) - Mentions MCP or Model Context Protocol.
- [Terminal utility packages](https://www.automicvault.com/pkg/terminal-utilities/) - Matched terminal and command-line workflow metadata.
- [Networking and protocol packages](https://www.automicvault.com/pkg/networking-protocol-tools/) - Matched network, protocol, or remote-service metadata.
- [python@3.14](https://www.automicvault.com/pkg/brew/python-3-14/) - Runtime dependency declared by Homebrew.
- [cargo-audit](https://www.automicvault.com/pkg/brew/cargo-audit/) - Shares av.db curated category or tags: cli, security, vulnerability-scanning.
- [clair](https://www.automicvault.com/pkg/brew/clair/) - Shares av.db curated category or tags: cli, security, vulnerability-scanning.
- [dependency-check](https://www.automicvault.com/pkg/brew/dependency-check/) - Shares av.db curated category or tags: cli, security, vulnerability-scanning.
- [flawfinder](https://www.automicvault.com/pkg/brew/flawfinder/) - Shares av.db curated category or tags: cli, security, vulnerability-scanning.
- [govulncheck](https://www.automicvault.com/pkg/brew/govulncheck/) - Shares av.db curated category or tags: cli, security, vulnerability-scanning.
- [kics](https://www.automicvault.com/pkg/brew/kics/) - Shares av.db curated category or tags: cli, security, vulnerability-scanning.
- [pip-audit](https://www.automicvault.com/pkg/brew/pip-audit/) - Shares av.db curated category or tags: cli, security, vulnerability-scanning.
- [snyk-cli](https://www.automicvault.com/pkg/brew/snyk-cli/) - Shares av.db curated category or tags: cli, security, vulnerability-scanning.
- [cycode](https://www.automicvault.com/pkg/brew/cycode/) - Both packages touch the same language runtime or ecosystem. Shared terms: certifi, cli, cryptography, libyaml, pydantic.
- [vunnel](https://www.automicvault.com/pkg/brew/vunnel/) - Both packages touch the same language runtime or ecosystem. Shared terms: certifi, cli, libyaml, python, python-3-14.
- [recon-ng](https://www.automicvault.com/pkg/brew/recon-ng/) - Both packages touch the same language runtime or ecosystem. Shared terms: certifi, cli, libyaml, python, python-3-14.

## Combined YAML source

View the package source record on GitHub. [combined/snyk-agent-scan.yml](https://github.com/automic-vault/db/blob/main/combined/snyk-agent-scan.yml)


## Sources

- Nucleus package database
- Geiger risk classifier
- package-page enrichment
- curated package history
- package version freshness
- av.db category and tag curation
- package relationship graph
- cross-ecosystem install command graph
