Server Configuration
Describes the environment variables required to run the server.
| Name | Required | Description | Default |
|---|---|---|---|
No arguments | |||
Capabilities
Features and capabilities supported by this server
| Capability | Details |
|---|---|
| tools | {} |
Tools
Functions exposed to the LLM to take actions
| Name | Description |
|---|---|
| inkog_scan | Security co-pilot for AI agent development. Scans for prompt injection, infinite loops, token bombing, SQL injection via LLM, and missing guardrails. Supports LangChain, CrewAI, LangGraph, AutoGen, n8n, and 20+ agent frameworks. Use this whenever building, reviewing, or deploying AI agents to catch security issues before they reach production. |
| inkog_deep_scan | Inkog Deep scan for AI agents. Uses advanced analysis to detect complex vulnerabilities, logic flaws, and security issues that pattern-based scanning may miss. Requires the Inkog Deep role. IMPORTANT: Deep scans typically take around 10 minutes — inform the user before starting and let them know the scan is running. |
| inkog_verify_governance | Validate that AGENTS.md declarations match actual code behavior. Detects governance mismatches like 'read-only declared but code writes data' or 'human approval required but no approval gates in code'. Essential for EU AI Act Article 14 compliance. Use this whenever an AI agent project has an AGENTS.md file, or to verify governance compliance before deployment. |
| inkog_compliance_report | Generate a compliance report for EU AI Act, NIST AI RMF, ISO 42001, or OWASP LLM Top 10. Analyzes agent code and maps findings to regulatory requirements. Use this when preparing AI agents for regulatory compliance or audit. |
| inkog_explain_finding | Get detailed explanation and remediation guidance for a security finding or pattern. Includes what the issue is, why it's dangerous, step-by-step fixes, and code examples. Use this after scanning to understand how to fix security findings. |
| inkog_audit_mcp_server | Security audit any MCP server from the registry or GitHub. Analyzes tool permissions, data flow risks, input validation, and potential vulnerabilities. Use this before installing any new MCP server to verify it is safe. |
| inkog_generate_mlbom | Generate a Machine Learning Bill of Materials (MLBOM) for AI agents. Lists all models, tools, data sources, frameworks, and dependencies. Supports CycloneDX and SPDX formats. Use this when documenting AI agent dependencies for supply chain compliance. |
| inkog_audit_a2a | Audit Agent-to-Agent (A2A) communications in multi-agent systems. Detects infinite delegation loops, privilege escalation, data leakage between agents, and unauthorized handoffs. Supports Google A2A protocol, CrewAI, LangGraph, and AutoGen. Use this when building or reviewing multi-agent systems to detect delegation vulnerabilities. |
| inkog_skill_scan | Scan SKILL.md packages and agent tool definitions for security vulnerabilities. Detects tool poisoning, command injection, data exfiltration, prompt injection, excessive permissions, obfuscation, supply chain risks, and more. Maps findings to OWASP Agentic Top 10 and OWASP MCP Top 10. Set deep=true for AI-powered deep analysis (~10 min, catches novel threats). For MCP server scanning, use inkog_mcp_scan instead. |
| inkog_mcp_scan | Scan MCP servers from registry or by repository URL for security vulnerabilities. Detects tool poisoning, command injection, data exfiltration, prompt injection, excessive permissions, obfuscation, supply chain risks, and more. Maps findings to OWASP Agentic Top 10 and OWASP MCP Top 10. Set deep=true for AI-powered deep analysis (~10 min, catches novel threats). For skill package scanning, use inkog_skill_scan instead. |
Prompts
Interactive templates invoked by user choice
| Name | Description |
|---|---|
No prompts | |
Resources
Contextual data attached and managed by the client
| Name | Description |
|---|---|
No resources | |