This MCP server scans code, git diffs, projects, MCP servers, and agent prompts/actions for security issues such as vulnerabilities, prompt injection, hallucinated packages, and supply-chain risks. It also supports SBOM generation/vulnerability checks and compliance evidence collection for frameworks like SOC2 and GDPR.
From the registry: Security layer for AI agents: blocks prompt injection, detects fake packages, scans vulnerabilities.

$ pip install pyyaml$ pip install tree-sitter tree-sitter-python tree-sitter-javascriptPlease install the `agent-security-scanner-mcp` MCP server into my current AI client (that's you).
Required prerequisites (do these first if not already done):
- **PyYAML** — Required for rule loading Run: `pip install pyyaml`
Optional prerequisites:
- tree-sitter (optional) — Enhanced AST detection Run: `pip install tree-sitter tree-sitter-python tree-sitter-javascript`
Canonical MCP server config (stdio transport):
- command: `npx`
- args: ["-y","agent-security-scanner-mcp"]
Note: Also provides `npx agent-security-scanner-mcp init <client>` to auto-configure config files.
Add this MCP server to my current client's config in the correct format for you. If you need secrets or credentials I haven't provided, ASK me — do not invent values or leave raw placeholders. After adding it, tell me how to verify the server is connected.ANTHROPIC_API_KEYrequiredAPI key required when using the Anthropic provider for the LLM-powered code review agent.OPENAI_API_KEYrequiredAPI key required when using the OpenAI provider for the LLM-powered code review agent.Dead code, security, secrets detection and code quality for Python, TypeScript, Go.