AgentVerus MCP Server
OfficialScans AI agent skills from GitHub repositories, automatically resolving GitHub repo slugs and URLs for security analysis.
Click on "Install Server".
Wait a few minutes for the server to deploy. Once ready, it will show a "Started" state.
In the chat, type
@followed by the MCP server name and your instructions, e.g., "@AgentVerus MCP ServerCheck the 'web-search' skill for security issues"
That's it! The server will respond to your query, and you can continue using it as needed.
Here is a step-by-step guide with screenshots.
AgentVerus MCP Server
Security scanning for AI agent skills, exposed as MCP tools. Scan skills from ClawHub, GitHub, skills.sh, or raw URLs — directly from your AI agent.
164 tests · 6 analyzers · ASST taxonomy · Hosted trust_check commerce
Quick Start
Add to your agent's MCP configuration:
Published package: agentverus-scanner-mcp
If you want the hosted commercial tools (list_offers, trust_check), set:
AGENTVERUS_API_KEYfor authenticated calls tohttps://agentverus.ai/api/v1/trust/checkAGENTVERUS_BASE_URLonly if you need a non-production AgentVerus base URL
Claude Desktop / Cursor / Windsurf
{
"mcpServers": {
"agentverus": {
"command": "npx",
"args": ["-y", "agentverus-scanner-mcp"]
}
}
}OpenClaw
{
"mcp": {
"agentverus": {
"command": "npx",
"args": ["-y", "agentverus-scanner-mcp"]
}
}
}Related MCP server: securityscan
Tools
check_skill
Check a skill by name or identifier. Resolves ClawHub slugs, GitHub repos, and skills.sh paths automatically.
check_skill({ source: "web-search" })
check_skill({ source: "vercel-labs/agent-skills/react-best-practices" })list_offers
Fetch the machine-readable AgentVerus offer catalog.
list_offers({})trust_check
Call the hosted AgentVerus Trust Check SKU. Requires AGENTVERUS_API_KEY.
trust_check({ url: "https://raw.githubusercontent.com/owner/repo/main/SKILL.md" })
trust_check({ skillId: "11111111-1111-1111-1111-111111111111" })scan_url
Scan a skill from any URL — GitHub, ClawHub, skills.sh, or raw SKILL.md.
scan_url({ url: "https://github.com/owner/repo" })scan_skill
Scan skill content directly (pass the raw SKILL.md text).
scan_skill({ content: "---\nname: my-skill\n---\n# My Skill\n..." })explain_finding
Get a detailed explanation of any ASST security category.
explain_finding({ id: "ASST-06" })Resources
agentverus://taxonomy— Full ASST taxonomy (11 categories)agentverus://offers— Hosted offer catalog and billing metadataagentverus://about— Scanner info and capabilities
What It Scans For
The scanner checks for 11 categories of agent-specific security risks:
ID | Category | Examples |
ASST-01 | Instruction Injection | Hidden directives in HTML comments |
ASST-02 | Data Exfiltration | Unauthorized outbound data transfers |
ASST-03 | Privilege Escalation | Excessive permission requests |
ASST-04 | Dependency Hijacking | Compromised URLs, |
ASST-05 | Credential Harvesting | Reading env vars + network sends |
ASST-06 | Prompt Injection Relay | Unvalidated external content processing |
ASST-07 | Unverified Package | Unknown/unscanned dependencies |
ASST-08 | Obfuscation | Encoded payloads, minified scripts |
ASST-09 | Missing Safety Boundaries | No scope limits or error handling |
ASST-10 | Persistence Abuse | Exploitable state storage |
ASST-11 | Trigger Manipulation | Overly broad activation patterns |
Trust Badges
Badge | Score | Meaning |
🟢 Certified | 95-100 | No significant security concerns |
🟡 Conditional | 85-94 | Minor concerns, review recommended |
🟠 Suspicious | 60-84 | Significant concerns, manual review required |
🔴 Rejected | 0-59 | Critical security issues found |
Links
AgentVerus — AI agent security platform
MCP Server on npm — This MCP server package
Scanner on npm — The underlying scanner
ASST Taxonomy — Full security taxonomy
License
MIT
This server cannot be installed
Maintenance
Resources
Unclaimed servers have limited discoverability.
Looking for Admin?
If you are the server author, to access and configure the admin panel.
Latest Blog Posts
- Your AI Chatbot Just Exposed Your CEO's Salary to an InternBy Om-Shree-0709 on .Agent IdentityMCP SecurityOAuth Delegation
- Why MCP Servers Need Execution Sandboxing (And Why Your Current Stack Isn't Enough)By Om-Shree-0709 on .Agentic AiPrompt InjectionWebAssembly
MCP directory API
We provide all the information about MCP servers via our MCP API.
curl -X GET 'https://glama.ai/api/mcp/v1/servers/agentverus/mcp-server'
If you have feedback or need assistance with the MCP directory API, please join our Discord server