inkog

Overview Schema Related Servers Score Discussions

inkog_scan

Scan AI agent code for security vulnerabilities including prompt injection, infinite loops, token bombing, and missing guardrails to prevent issues before production deployment.

Instructions

Security co-pilot for AI agent development. Scans for prompt injection, infinite loops, token bombing, SQL injection via LLM, and missing guardrails. Supports LangChain, CrewAI, LangGraph, AutoGen, n8n, and 20+ agent frameworks. Use this whenever building, reviewing, or deploying AI agents to catch security issues before they reach production.

Input Schema

TableJSON Schema

Name	Required	Description	Default
`path`	Yes	File or directory path to scan
`agent_name`	No	Agent name for dashboard identification (auto-detected from path if not provided)
`policy`	No	Security policy: low-noise (proven vulnerabilities only), balanced (default), comprehensive (all findings), governance (Article 14 focused), eu-ai-act (compliance mode)	balanced
`output`	No	Output format: summary (default), detailed (full findings), sarif (for CI/CD)	summary
`filter`	No	File filtering: auto (detect agent repos, adapt filtering), agent-only (aggressive filtering), all (no filtering)	auto

Implementation Reference

src/tools/scan.ts:184-413 (handler)

The scanHandler function executes the logic for the 'inkog_scan' tool, which involves parsing arguments, reading the directory, interacting with the Inkog API, and formatting the security findings for the user.

async function scanHandler(rawArgs: Record<string, unknown>): Promise<ToolResult> {
  // Validate arguments
  const parseResult = ScanArgsSchema.safeParse(rawArgs);
  if (!parseResult.success) {
    return {
      content: [
        {
          type: 'text',
          text: `Invalid arguments: ${parseResult.error.message}`,
        },
      ],
      isError: true,
    };
  }

  const args: ScanArgs = parseResult.data;

  try {
    // Read files from path with intelligent filtering
    const readResult = readDirectory(args.path, {
      filterMode: args.filter as FilterMode,
    });

    if (readResult.files.length === 0) {
      // Provide helpful message based on filtering
      const filteringNote =
        args.filter === 'auto' && readResult.metadata?.agentDetection?.isAgentRepo
          ? `\n\nNote: Agent repo detected (${readResult.metadata.agentDetection.confidence} confidence). ` +
            `Try --filter=all to scan all files including tests/docs.`
          : '';

      return {
        content: [
          {
            type: 'text',
            text: `No scannable files found in: ${args.path}\n\nSupported file types: .py, .js, .ts, .go, .java, .rb, .yaml, .json, .md${filteringNote}`,
          },
        ],
      };
    }

    // Get relative paths for cleaner output
    const files = getRelativePaths(readResult.files, args.path);

    // Derive agent name from path if not explicitly provided
    const agentName = args.agent_name ?? path.basename(args.path).replace(/\.[^.]+$/, '') ?? undefined;

    // Call Inkog API
    const client = getClient();
    const scanOptions: { policy?: SecurityPolicy; output?: 'summary' | 'detailed' | 'sarif'; agentName?: string } = {
      policy: args.policy,
      output: args.output,
    };
    if (agentName) {
      scanOptions.agentName = agentName;
    }
    const response = await client.scan(files, scanOptions);

    // Format output based on requested format
    if (args.output === 'sarif') {
      // Return raw SARIF for CI/CD integration
      return {
        content: [
          {
            type: 'text',
            text: JSON.stringify(response, null, 2),
          },
        ],
      };
    }

    // Build human-readable output
    const findings = response.findings ?? [];
    // Always count from findings array for consistency with CLI output.
    // Server summary.total may include governance findings that were filtered
    // by policy, causing MCP vs CLI count mismatch.
    let output = formatSummaryFromCounts(
      findings.length,
      findings.filter((f) => f.severity === 'CRITICAL').length,
      findings.filter((f) => f.severity === 'HIGH').length,
      findings.filter((f) => f.severity === 'MEDIUM').length,
      findings.filter((f) => f.severity === 'LOW').length,
      response.risk_score,
      response.files_scanned,
      args.policy
    );

    // Add filtering info if agent repo detected (SARIF already returned above)
    const agentInfo = readResult.metadata?.agentDetection;
    if (agentInfo?.isAgentRepo) {
      const frameworks = agentInfo.frameworks.length > 0 ? agentInfo.frameworks.join(', ') : 'unknown';
      output += `Agent repo detected (${agentInfo.confidence} confidence)\n`;
      output += `   Frameworks: ${frameworks}\n`;
      if (agentInfo.hasGovernance) {
        output += `   AGENTS.md: present\n`;
      }
      if (readResult.metadata?.binaryFilesSkipped || readResult.metadata?.patternFilesSkipped) {
        const totalSkipped = (readResult.metadata.binaryFilesSkipped ?? 0) + (readResult.metadata.patternFilesSkipped ?? 0);
        output += `   Optimized: ${totalSkipped} files skipped (${readResult.metadata.binaryFilesSkipped ?? 0} binary, ${readResult.metadata.patternFilesSkipped ?? 0} filtered)\n`;
      }
      output += '\n';
    }

    // Add findings
    if (findings.length > 0) {
      output += '━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━\n\n';

      // Group by tier
      const vulnerabilities = findings.filter((f) => f.risk_tier === 'vulnerability');
      const riskPatterns = findings.filter((f) => f.risk_tier === 'risk_pattern');
      const hardening = findings.filter((f) => f.risk_tier === 'hardening');

      if (vulnerabilities.length > 0) {
        output += '🔴 EXPLOITABLE VULNERABILITIES:\n\n';
        for (const finding of vulnerabilities) {
          output += formatFinding(finding, args.output === 'detailed') + '\n\n';
        }
      }

      if (riskPatterns.length > 0) {
        output += '🟠 RISK PATTERNS:\n\n';
        for (const finding of riskPatterns) {
          output += formatFinding(finding, args.output === 'detailed') + '\n\n';
        }
      }

      if (hardening.length > 0 && args.policy === 'comprehensive') {
        output += '🟡 HARDENING RECOMMENDATIONS:\n\n';
        for (const finding of hardening) {
          output += formatFinding(finding, args.output === 'detailed') + '\n\n';
        }
      }
    }

    // Add action instruction when remediation code is available
    const hasRemediationCode = findings.some((f) => f.remediation_code !== undefined);
    if (hasRemediationCode) {
      output += '━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━\n\n';
      output += '🤖 ACTION: The findings above include framework-specific code fixes. ';
      output += 'Use the provided remediation code to suggest or apply patches to the affected files.\n\n';
    }

    // Add governance summary if available
    const governance = response.governance;
    if (governance) {
      output += '━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━\n\n';
      output += '🏛️  GOVERNANCE STATUS\n\n';
      output += `   Governance Score: ${governance.score}/100\n`;
      output += `   Overall Status: ${formatGovernanceStatus(governance.overall_status)}\n`;

      if (governance.declared_capabilities && governance.declared_capabilities.length > 0) {
        const valid = governance.declared_capabilities.filter((c) => c.status === 'valid').length;
        const violated = governance.declared_capabilities.filter((c) => c.status === 'violated').length;
        output += `   Capabilities: ${valid} valid, ${violated} violated\n`;
      }

      if (governance.mismatches && governance.mismatches.length > 0) {
        output += `   ⚠️  Mismatches detected: ${governance.mismatches.length}\n`;
      }
    }

    return {
      content: [
        {
          type: 'text',
          text: output,
        },
      ],
    };
  } catch (error) {
    if (error instanceof InkogAuthError) {
      return {
        content: [
          {
            type: 'text',
            text: '🔐 API Key Required\n\nTo use Inkog, you need an API key.\n\n1. Sign up for free at https://app.inkog.io\n2. Set your API key: export INKOG_API_KEY=sk_live_...\n3. Try again!',
          },
        ],
        isError: true,
      };
    }

    if (error instanceof InkogRateLimitError) {
      return {
        content: [
          {
            type: 'text',
            text: `⏱️ Rate Limited\n\nToo many requests. Please retry after ${error.retryAfter} seconds.`,
          },
        ],
        isError: true,
      };
    }

    if (error instanceof InkogNetworkError) {
      return {
        content: [
          {
            type: 'text',
            text: `Network error: ${error.message}\n\nPlease check your internet connection and try again.`,
          },
        ],
        isError: true,
      };
    }

    if (error instanceof InkogApiError) {
      return {
        content: [
          {
            type: 'text',
            text: `API error: ${error.message}${error.details ? `\n\nDetails: ${JSON.stringify(error.details)}` : ''}`,
          },
        ],
        isError: true,
      };
    }

    const message = error instanceof Error ? error.message : 'Unknown error occurred';
    return {
      content: [
        {
          type: 'text',
          text: `Error: ${message}`,
        },
      ],
      isError: true,
    };
  }
}

src/tools/scan.ts:33-58 (schema)

The Zod schema for validating the input arguments passed to the 'inkog_scan' tool.

const ScanArgsSchema = z.object({
  path: z.string().describe('File or directory path to scan'),
  agent_name: z
    .string()
    .optional()
    .describe('Agent name for dashboard identification (auto-detected from path if not provided)'),
  policy: z
    .enum(['low-noise', 'balanced', 'comprehensive', 'governance', 'eu-ai-act'])
    .optional()
    .default('balanced')
    .describe(
      'Security policy: low-noise (proven vulnerabilities only), balanced (default), comprehensive (all findings), governance (Article 14 focused), eu-ai-act (compliance mode)'
    ),
  output: z
    .enum(['summary', 'detailed', 'sarif'])
    .optional()
    .default('summary')
    .describe('Output format: summary (default), detailed (full findings), sarif (for CI/CD)'),
  filter: z
    .enum(['auto', 'agent-only', 'all'])
    .optional()
    .default('auto')
    .describe(
      'File filtering mode: auto (detect agent repos and adapt filtering), agent-only (aggressive filtering for known agent repos), all (no filtering, scan all files)'
    ),
});

src/tools/scan.ts:419-461 (registration)

The ToolDefinition object for 'inkog_scan', which maps the tool name, description, schema, and its execution handler.

export const scanTool: ToolDefinition = {
  tool: {
    name: 'inkog_scan',
    description:
      'Security co-pilot for AI agent development. Scans for prompt injection, infinite loops, token bombing, SQL injection via LLM, and missing guardrails. Supports LangChain, CrewAI, LangGraph, AutoGen, n8n, and 20+ agent frameworks. Use this whenever building, reviewing, or deploying AI agents to catch security issues before they reach production.',
    inputSchema: {
      type: 'object',
      properties: {
        path: {
          type: 'string',
          description: 'File or directory path to scan',
        },
        agent_name: {
          type: 'string',
          description: 'Agent name for dashboard identification (auto-detected from path if not provided)',
        },
        policy: {
          type: 'string',
          enum: ['low-noise', 'balanced', 'comprehensive', 'governance', 'eu-ai-act'],
          default: 'balanced',
          description:
            'Security policy: low-noise (proven vulnerabilities only), balanced (default), comprehensive (all findings), governance (Article 14 focused), eu-ai-act (compliance mode)',
        },
        output: {
          type: 'string',
          enum: ['summary', 'detailed', 'sarif'],
          default: 'summary',
          description:
            'Output format: summary (default), detailed (full findings), sarif (for CI/CD)',
        },
        filter: {
          type: 'string',
          enum: ['auto', 'agent-only', 'all'],
          default: 'auto',
          description:
            'File filtering: auto (detect agent repos, adapt filtering), agent-only (aggressive filtering), all (no filtering)',
        },
      },
      required: ['path'],
    },
  },
  handler: scanHandler,
};

Tool Definition Quality

A4/5.0

Behavior3/5

Does the description disclose side effects, auth requirements, rate limits, or destructive behavior?

With no annotations provided, the description carries the full burden of behavioral disclosure. It mentions the tool is a 'security co-pilot' that 'scans' and 'catches security issues,' which implies a read-only analysis function. However, it doesn't disclose important behavioral traits like whether it modifies files, requires authentication, has rate limits, or what happens on errors. The description adds some context about supported frameworks but lacks operational details.

Agents need to know what a tool does to the world before calling it. Descriptions should go beyond structured annotations to explain consequences.

Conciseness4/5

Is the description appropriately sized, front-loaded, and free of redundancy?

The description is appropriately sized with two sentences that each serve distinct purposes: the first defines the tool's capabilities and scope, the second provides usage guidance. It's front-loaded with the core functionality and avoids unnecessary repetition. Minor improvement could be made by slightly tightening the framework list.

Shorter descriptions cost fewer tokens and are easier for agents to parse. Every sentence should earn its place.

Completeness3/5

Given the tool's complexity, does the description cover enough for an agent to succeed on first attempt?

Given the tool's complexity (security scanning with 5 parameters) and no output schema, the description provides adequate context about what the tool does and when to use it. However, without annotations or output schema, it lacks details about behavioral characteristics and return values. The description is complete enough for basic understanding but leaves operational aspects unspecified.

Complex tools with many parameters or behaviors need more documentation. Simple tools need less. This dimension scales expectations accordingly.

Parameters3/5

Does the description clarify parameter syntax, constraints, interactions, or defaults beyond what the schema provides?

Schema description coverage is 100%, so the schema already documents all parameters thoroughly. The description doesn't add any parameter-specific information beyond what's in the schema. According to scoring rules, when schema coverage is high (>80%), the baseline is 3 even with no param info in the description.

Input schemas describe structure but not intent. Descriptions should explain non-obvious parameter relationships and valid value ranges.

Purpose5/5

Does the description clearly state what the tool does and how it differs from similar tools?

The description clearly states the tool's purpose as a security scanner for AI agent development, listing specific vulnerabilities it detects (prompt injection, infinite loops, etc.) and frameworks it supports. It distinguishes itself from siblings by focusing on scanning rather than auditing, compliance reporting, or deep scanning.

Agents choose between tools based on descriptions. A clear purpose with a specific verb and resource helps agents select the right tool.

Usage Guidelines5/5

Does the description explain when to use this tool, when not to, or what alternatives exist?

The description explicitly states when to use this tool: 'whenever building, reviewing, or deploying AI agents to catch security issues before they reach production.' This provides clear context for usage without needing to specify exclusions, as the purpose naturally implies it's for security scanning during development phases.

Agents often have multiple tools that could apply. Explicit usage guidance like "use X instead of Y when Z" prevents misuse.

Install Server

Other Tools

Latest Blog Posts

Tool Definition Quality Score (TDQS)
By punkpeye on April 3, 2026.
mcp
The Hackers Who Tracked My Sleep Cycle
By punkpeye on March 26, 2026.
security
Open Source Has a Bot Problem
By punkpeye on March 19, 2026.
open source

MCP directory API

We provide all the information about MCP servers via our MCP API.

curl -X GET 'https://glama.ai/api/mcp/v1/servers/inkog-io/inkog'

If you have feedback or need assistance with the MCP directory API, please join our Discord server