Agent Security Scanner
Run MCP-driven scans on AI agents and tool-calling stacks before launch to catch prompt leaks, hijacking, and injection risks.
Overview
agentvuln is an MCP server for the Ship phase that scans AI agents for tool-calling vulnerabilities including prompt leaks, hijacking, and injections.
What is this MCP server?
- Scans AI agents for tool-calling vulnerability classes
- Covers prompt leaks, hijacking, injections, and related issues
- PyPI package agentvuln v0.4.2 with stdio MCP transport
- Positioned as Agent Security Scanner in registry metadata
- Fits pre-launch review of custom MCP and agent workflows
- Version 0.4.2
- Transport: stdio
- Registry title: Agent Security Scanner
What problem does it solve?
Custom agents with tools ship with injection and hijack paths that traditional security tools never evaluate.
Who is it for?
Indie builders launching MCP-heavy agents who need a structured scan of tool-calling and prompt-boundary risks.
Skip if: Projects with no LLM agents or tools, where only conventional web or dependency scanning is relevant.
What do I get? / Deliverables
You get an agent-focused vulnerability report to fix before launch instead of discovering leaks in production.
- Agent security scan results via MCP
- Visibility into prompt leak, hijacking, and injection classes
- Actionable findings for ship-phase remediation
Recommended MCP Servers
Journey fit
How it compares
Agent and tool-calling security scanner MCP, not a general OWASP web pentest suite.
Common Questions / FAQ
Who is agentvuln for?
Solo developers and small teams shipping AI agents with tools who want MCP-accessible checks for prompt and tool abuse patterns.
When should I use agentvuln?
Run it in the ship phase after your agent and MCP tools are wired but before you publish, onboard customers, or enable autonomous actions.
How do I add agentvuln to my agent?
Install the PyPI package agentvuln, add the stdio MCP server to Claude Code or your client config, and invoke scans against your agent setup per the project docs.