Run any Skill in Manus with one click

$pwd:

agent-bom-scan

Name: Agent Bom Scan
Author: msaad00

// Open security scanner for agentic infrastructure — agents, MCP, packages, blast radius, runtime, and trust for package CVEs (OSV, NVD, EPSS, KEV), container images, provenance, filesystems, and SBOMs. Use when: "check package", "scan image", "verify", "is this safe", "scan dependencies", "CVE lookup", "blast radius".

Run Skill in Manus

$ git log --oneline --stat

stars:19

forks:6

updated:May 6, 2026 at 05:50

SKILL.md

readonly

package.json

"author": "msaad00"

"repository": "msaad00/agent-bom"

View GitHub Repository

$ install --globalskills.sh

$ download --local

Run Skill in Manus

[HINT] Download the complete skill directory including SKILL.md and all related files

Run any Skill with one click

name	agent-bom-scan
description	Open security scanner for agentic infrastructure — agents, MCP, packages, blast radius, runtime, and trust for package CVEs (OSV, NVD, EPSS, KEV), container images, provenance, filesystems, and SBOMs. Use when: "check package", "scan image", "verify", "is this safe", "scan dependencies", "CVE lookup", "blast radius".
version	0.86.3
license	Apache-2.0
compatibility	Requires Python 3.11+. Install via pipx or pip. Native container image scanning — no external scanner required. No API keys required for basic operation.
metadata	{"author":"msaad00","homepage":"https://github.com/msaad00/agent-bom","source":"https://github.com/msaad00/agent-bom","pypi":"https://pypi.org/project/agent-bom/","scorecard":"https://securityscorecards.dev/viewer/?uri=github.com/msaad00/agent-bom","tests":7239,"install":{"pipx":"agent-bom","pip":"agent-bom","docker":"ghcr.io/msaad00/agent-bom:0.86.3"},"openclaw":{"requires":{"bins":[],"env":[],"credentials":"none"},"credential_policy":"Zero credentials required. Optional env vars below increase rate limits. They are never auto-discovered, inferred, or transmitted.","optional_env":[],"optional_bins":["semgrep","kubectl"],"emoji":"🛡","homepage":"https://github.com/msaad00/agent-bom","source":"https://github.com/msaad00/agent-bom","license":"Apache-2.0","os":["darwin","linux","windows"],"credential_handling":"Env var values are NEVER extracted from config files. sanitize_env_vars() replaces all env values with *REDACTED* BEFORE any config data is processed or stored. Only structural data (server names, commands, URLs) passes through. Source: https://github.com/msaad00/agent-bom/blob/main/src/agent_bom/security.py#L159","data_flow":"All scanning is local-first. Only public package names and CVE IDs are sent to vulnerability databases (OSV, NVD, EPSS, GitHub Advisories). No credentials, config file contents, or scan results leave the machine.","file_reads":["~/Library/Application Support/Claude/claude_desktop_config.json","~/.config/Claude/claude_desktop_config.json","~/.claude/settings.json","~/.claude.json","~/.cursor/mcp.json","~/Library/Application Support/Cursor/User/globalStorage/cursor.mcp/mcp.json","~/.windsurf/mcp.json","~/Library/Application Support/Code/User/globalStorage/saoudrizwan.claude-dev/settings/cline_mcp_settings.json","~/Library/Application Support/Code/User/mcp.json","~/.codex/config.toml","~/.gemini/settings.json","~/.config/goose/config.yaml","~/.continue/config.json","~/.config/zed/settings.json","~/Library/Application Support/Code/User/globalStorage/rooveterinaryinc.roo-cline/settings/cline_mcp_settings.json","~/Library/Application Support/Code/User/globalStorage/amazonwebservices.amazon-q-vscode/mcp.json","~/Library/Application Support/JetBrains/*/mcp.json","~/.config/github-copilot/intellij/mcp.json","~/.junie/mcp/mcp.json","~/.copilot/mcp-config.json","~/.tabnine/mcp_servers.json","~/.snowflake/cortex/mcp.json","~/.snowflake/cortex/settings.json","~/.snowflake/cortex/permissions.json","~/.snowflake/cortex/hooks.json","~/.snowflake/connections.toml","~/.snowflake/config.toml",".mcp.json",".vscode/mcp.json",".cursor/mcp.json","user-provided SBOM files (CycloneDX/SPDX JSON)"],"file_writes":[],"network_endpoints":[{"url":"https://api.osv.dev/v1","purpose":"OSV vulnerability database — batch CVE lookup for packages","auth":false},{"url":"https://services.nvd.nist.gov/rest/json/cves/2.0","purpose":"NVD CVSS v4 enrichment — optional API key increases rate limit","auth":false},{"url":"https://api.first.org/data/v1/epss","purpose":"EPSS exploit probability scores","auth":false},{"url":"https://api.github.com/advisories","purpose":"GitHub Security Advisories — supplemental CVE lookup","auth":false}],"telemetry":false,"persistence":false,"privilege_escalation":false,"always":false,"autonomous_invocation":"restricted"}}

agent-bom-scan — AI Supply Chain Vulnerability Scanner

Checks packages for CVEs, scans container images natively, verifies package provenance via Sigstore, scans filesystems, and generates SBOMs.

Install

pipx install agent-bom
agent-bom agents             # discover agents and scan dependencies
agent-bom check langchain==0.1.0  # check a specific package with version
agent-bom image nginx:1.25   # scan container image (native)
agent-bom fs .               # scan filesystem packages
agent-bom sbom .             # generate SBOM
agent-bom verify agent-bom   # verify Sigstore provenance
agent-bom where              # show all discovery paths

As an MCP Server

{
  "mcpServers": {
    "agent-bom": {
      "command": "uvx",
      "args": ["agent-bom", "mcp", "server"]
    }
  }
}

When to Use

"check package" / "is this package safe"
"scan image" / "scan container"
"verify" / "check provenance"
"is this safe" / "CVE lookup"
"scan dependencies"
"blast radius"
"generate SBOM"

Tools (8)

Tool	Description
`check`	Check a package for CVEs (OSV, NVD, EPSS, KEV)
`scan`	Full discovery + vulnerability scan pipeline
`blast_radius`	Map CVE impact chain across agents, servers, credentials
`remediate`	Prioritized remediation plan for vulnerabilities
`verify`	Package integrity + SLSA provenance check
`diff`	Compare two scan reports (new/resolved/persistent)
`where`	Show MCP client config discovery paths
`inventory`	List discovered agents, servers, packages

Examples

# Check a package before installing
check(package="langchain", version="0.1.0", ecosystem="pypi")

# Map blast radius of a CVE
blast_radius(cve_id="CVE-2024-21538")

# Full scan
scan()

# Verify package provenance
verify(package="agent-bom")

Agentic Workflows

Use tool chains, not isolated calls, when the user asks for a decision:

User intent	Recommended sequence	Output
"Is this MCP safe to install?"	`registry_lookup` -> `check` -> `blast_radius` when a package/version is known	concise allow/warn/block recommendation with evidence
"Gate this PR"	`scan` with SARIF output and fail on high/critical findings	SARIF for code scanning plus non-zero gate result
"Audit my fleet inventory"	validate inventory -> `scan`/`agents` with JSON output -> `context_graph`	findings plus graph-ready JSON
"What changed since last run?"	current scan -> `diff` against prior JSON	new/resolved/persistent findings
"What should I fix first?"	`scan` -> `blast_radius` -> `remediate` plan	prioritized plan only; no file writes

Pick output by consumer: SARIF for CI, JSON for automation/graph, HTML or Markdown for human review, CycloneDX/SPDX for SBOM consumers.

For CLI gates, prefer:

agent-bom agents --format sarif --output agent-bom.sarif --fail-on-severity high

Guardrails

Show CVEs even when NVD analysis is pending or severity is unknown — a CVE ID is still a real finding.
Treat UNKNOWN severity as unresolved, not benign — it means data is not yet available.
Do not modify any files, install packages, or change system configuration.
Only public package names and CVE IDs leave the machine for vulnerability database lookups.
Ask before scanning paths outside the user's home directory.

Privacy & Data Handling

# Step 1: Install
pip install agent-bom

# Step 2: Review redaction logic BEFORE scanning
# sanitize_env_vars() replaces ALL env var values with ***REDACTED***
# BEFORE any config data is processed or stored:
# https://github.com/msaad00/agent-bom/blob/main/src/agent_bom/security.py#L159

# Step 3: Verify package provenance (Sigstore)
agent-bom verify agent-bom

# Step 4: Only then run scans
agent-bom agents

Verification

Source: github.com/msaad00/agent-bom (Apache-2.0)
Sigstore signed: agent-bom verify agent-bom@0.86.3
7,100+ tests with CodeQL + OpenSSF Scorecard
No telemetry: Zero tracking, zero analytics

name	agent-bom-scan
description	Open security scanner for agentic infrastructure — agents, MCP, packages, blast radius, runtime, and trust for package CVEs (OSV, NVD, EPSS, KEV), container images, provenance, filesystems, and SBOMs. Use when: "check package", "scan image", "verify", "is this safe", "scan dependencies", "CVE lookup", "blast radius".
version	0.86.3
license	Apache-2.0
compatibility	Requires Python 3.11+. Install via pipx or pip. Native container image scanning — no external scanner required. No API keys required for basic operation.
metadata	{"author":"msaad00","homepage":"https://github.com/msaad00/agent-bom","source":"https://github.com/msaad00/agent-bom","pypi":"https://pypi.org/project/agent-bom/","scorecard":"https://securityscorecards.dev/viewer/?uri=github.com/msaad00/agent-bom","tests":7239,"install":{"pipx":"agent-bom","pip":"agent-bom","docker":"ghcr.io/msaad00/agent-bom:0.86.3"},"openclaw":{"requires":{"bins":[],"env":[],"credentials":"none"},"credential_policy":"Zero credentials required. Optional env vars below increase rate limits. They are never auto-discovered, inferred, or transmitted.","optional_env":[],"optional_bins":["semgrep","kubectl"],"emoji":"🛡","homepage":"https://github.com/msaad00/agent-bom","source":"https://github.com/msaad00/agent-bom","license":"Apache-2.0","os":["darwin","linux","windows"],"credential_handling":"Env var values are NEVER extracted from config files. sanitize_env_vars() replaces all env values with *REDACTED* BEFORE any config data is processed or stored. Only structural data (server names, commands, URLs) passes through. Source: https://github.com/msaad00/agent-bom/blob/main/src/agent_bom/security.py#L159","data_flow":"All scanning is local-first. Only public package names and CVE IDs are sent to vulnerability databases (OSV, NVD, EPSS, GitHub Advisories). No credentials, config file contents, or scan results leave the machine.","file_reads":["~/Library/Application Support/Claude/claude_desktop_config.json","~/.config/Claude/claude_desktop_config.json","~/.claude/settings.json","~/.claude.json","~/.cursor/mcp.json","~/Library/Application Support/Cursor/User/globalStorage/cursor.mcp/mcp.json","~/.windsurf/mcp.json","~/Library/Application Support/Code/User/globalStorage/saoudrizwan.claude-dev/settings/cline_mcp_settings.json","~/Library/Application Support/Code/User/mcp.json","~/.codex/config.toml","~/.gemini/settings.json","~/.config/goose/config.yaml","~/.continue/config.json","~/.config/zed/settings.json","~/Library/Application Support/Code/User/globalStorage/rooveterinaryinc.roo-cline/settings/cline_mcp_settings.json","~/Library/Application Support/Code/User/globalStorage/amazonwebservices.amazon-q-vscode/mcp.json","~/Library/Application Support/JetBrains/*/mcp.json","~/.config/github-copilot/intellij/mcp.json","~/.junie/mcp/mcp.json","~/.copilot/mcp-config.json","~/.tabnine/mcp_servers.json","~/.snowflake/cortex/mcp.json","~/.snowflake/cortex/settings.json","~/.snowflake/cortex/permissions.json","~/.snowflake/cortex/hooks.json","~/.snowflake/connections.toml","~/.snowflake/config.toml",".mcp.json",".vscode/mcp.json",".cursor/mcp.json","user-provided SBOM files (CycloneDX/SPDX JSON)"],"file_writes":[],"network_endpoints":[{"url":"https://api.osv.dev/v1","purpose":"OSV vulnerability database — batch CVE lookup for packages","auth":false},{"url":"https://services.nvd.nist.gov/rest/json/cves/2.0","purpose":"NVD CVSS v4 enrichment — optional API key increases rate limit","auth":false},{"url":"https://api.first.org/data/v1/epss","purpose":"EPSS exploit probability scores","auth":false},{"url":"https://api.github.com/advisories","purpose":"GitHub Security Advisories — supplemental CVE lookup","auth":false}],"telemetry":false,"persistence":false,"privilege_escalation":false,"always":false,"autonomous_invocation":"restricted"}}