Hacker News
Snyk Launches agent-scan: Security Scanner for AI Agents, MCP Servers, and Agent Skills
Snyk released agent-scan as an open-source CLI and February 2026 web-based Skill Inspector that auto-discovers agent configurations across Claude Code, Cursor, Gemini CLI, and Windsurf, then scans for prompt injection, tool poisoning, tool shadowing, toxic flows, credential leaks, and hardcoded secrets. For MCP servers it detects four threat classes; for skills it covers five. A Snyk-Vercel partnership positions this as a supply-chain security layer for the emerging agent skills ecosystem — the first major security vendor to ship dedicated agent-skills scanning tooling.
Source
↳ Follow the thread