Schema | agent-bom

agent-bom

Overview Schema Related Servers Score Discussions

Server Configuration

Describes the environment variables required to run the server.

Name	Required	Description	Default
No arguments

Capabilities

Features and capabilities supported by this server

Capability	Details
`tools`	{ "listChanged": false }
`prompts`	{ "listChanged": false }
`resources`	{ "subscribe": false, "listChanged": false }
`experimental`	{}

Tools

Functions exposed to the LLM to take actions

Name	Description
scanA	Run a full AI supply chain security scan. `Discovers local MCP configurations (Claude Desktop, Cursor, Windsurf, VS Code Copilot, OpenClaw, etc.), extracts package dependencies, queries OSV.dev for CVEs, assesses config security (credential exposure, tool access), computes blast radius, and returns structured results. Returns: JSON with the complete AI-BOM report including agents, packages, vulnerabilities, blast radius, and remediation guidance.`
checkA	Check a specific package for known CVEs before installing. Queries OSV.dev for vulnerabilities in the given package. Use this before installing an MCP server or dependency to verify it is safe. Args: package: Package name with optional version, e.g. "express@4.18.2", "@modelcontextprotocol/server-filesystem@2025.1.14", or just "requests" (resolves @latest). ecosystem: Package ecosystem — "npm", "pypi", "go", "cargo", "maven", "nuget", "rubygems", "composer", "swift", "pub", "hex", "conda", "deb", "apk", or "rpm". Defaults to "npm". Returns: JSON with package, version, ecosystem, vulnerability count, and vulnerability details (id, severity, cvss, fix version, summary).
intel_lookupA	Look up one advisory from the local threat-intel database.
intel_matchA	Match package inventory coordinates to local threat-intel advisories.
intel_sourcesA	Return canonical threat-intel sources and local feed-run freshness.
intel_daily_briefA	Return a local analyst threat brief from governed intel sources.
blast_radiusA	Look up the blast radius of a specific CVE across your AI agent setup. `Scans local MCP configurations, finds the specified CVE, and returns the full attack chain: which packages are affected, which MCP servers use those packages, which agents connect to those servers, and what credentials and tools are exposed. Args: cve_id: The CVE identifier (e.g. "CVE-2024-1234" or "GHSA-xxxx"). Returns: JSON with blast radius details including risk_score, affected_servers, affected_agents, exposed_credentials, and exposed_tools. Returns found=false if CVE not found.`
exposure_pathsA	Return ranked ExposurePath JSON for headless security agents. `This is the agent-native graph surface: Claude, Cursor, Codex, Windsurf, Cortex, and other MCP clients can request the same investigation objects used by the dashboard without scraping UI state.`
should_i_deployB	Return an agent-native deploy gate decision from graph risk.
policy_checkA	Evaluate a security policy against current scan results. `Runs a scan, then evaluates the provided policy rules against the findings. Policies can gate on severity thresholds, CISA KEV status, AI risk flags, credential exposure, and denied packages. Args: policy_json: JSON string containing policy rules. Example: {"rules": [{"id": "no-critical", "severity_gte": "critical", "action": "fail"}, {"id": "no-kev", "kev": true, "action": "fail"}]} Returns: JSON with passed (bool), violations list, failure_count, and warning_count.`
registry_lookupA	Query the agent-bom MCP server threat intelligence registry. Look up risk level, known tools, credential requirements, and verification status for known MCP servers. The registry contains 109+ servers with security metadata. Args: server_name: MCP server name to look up (e.g. "filesystem", "@modelcontextprotocol/server-github"). package_name: Package name to search for (e.g. "mcp-server-sqlite"). At least one of server_name or package_name is required. Returns: JSON with registry entry: risk_level, verified, tools, credential_env_vars, risk_justification. Returns found=false if not found.
generate_sbomA	Generate a Software Bill of Materials (SBOM) for your AI agent setup. `Discovers AI agents and MCP servers, extracts all package dependencies, and generates a standards-compliant SBOM. Args: format: SBOM format — "cyclonedx" (CycloneDX 1.6) or "spdx" (SPDX 3.0). config_path: Path to a specific MCP config directory. If not provided, auto-discovers all local agent configs. Returns: JSON string containing the SBOM in the requested format.`
complianceA	Get OWASP LLM Top 10 / OWASP MCP Top 10 / MITRE ATLAS / NIST AI RMF compliance posture. Scans local MCP configurations, maps findings to 47 security controls across four AI security frameworks, and returns per-control pass/warning/fail status with an overall compliance score. Args: config_path: Path to a specific MCP config directory. If not provided, auto-discovers all local agent configs. image: Docker image reference to scan (e.g. "nginx:1.25"). Returns: JSON with overall_score (0-100), overall_status (pass/warning/fail), and per-control details for OWASP LLM Top 10 (10 controls), OWASP MCP Top 10 (10 controls), MITRE ATLAS (13 techniques), and NIST AI RMF (14 subcategories).
remediateA	Generate a remediation plan for vulnerabilities in your AI agent setup. Scans for vulnerabilities, then generates actionable fix commands for each affected package (npm install, pip install), credential scope reduction guidance, and reports on unfixable vulnerabilities. Args: config_path: Path to a specific MCP config directory. If not provided, auto-discovers all local agent configs. image: Docker image reference to scan (e.g. "nginx:1.25"). Returns: JSON with package_fixes (upgrade commands by ecosystem), credential_fixes (scope reduction steps), and unfixable items.
verifyA	Verify package integrity and SLSA provenance against registries. `Checks SHA-256/SRI hashes against npm/PyPI registries and looks up SLSA build provenance attestations to confirm the package was built from its claimed source repository. Returns: JSON with integrity verification (hash match, expected vs actual) and provenance status (SLSA level, source repo, build trigger).`
skill_scanA	Scan skill and instruction files for trust, findings, and provenance.
skill_verifyA	Verify Sigstore provenance for skill and instruction files.
skill_trustA	Assess the trust level of a SKILL.md file using ClawHub-style categories.
whereA	Show all MCP discovery paths and which config files exist.
inventoryA	List all discovered MCP configurations and servers without CVE scanning.
tool_risk_assessmentB	Score live-introspected MCP tool capabilities and server risk.
diffA	Compare a fresh scan against a baseline to find new and resolved vulns. `Runs a new scan, then diffs it against the provided baseline (or the latest saved report). Shows new vulnerabilities, resolved ones, and changes in the package inventory. Returns: JSON with new findings, resolved findings, new/removed packages, and a human-readable summary.`
marketplace_checkA	Pre-install trust check for an MCP server package. `Queries the package registry (npm or PyPI) for metadata and cross-references against the agent-bom MCP threat intelligence registry. Returns trust signals including download count, CVE status, and registry verification. Args: package: Package name to check. ecosystem: 'npm' or 'pypi'. Defaults to 'npm'. Returns: JSON with name, version, ecosystem, cve_count, download_count, registry_verified, and trust_signals.`
code_scanA	Run SAST (Static Application Security Testing) on source code via Semgrep. Scans for security flaws: SQL injection, XSS, command injection, hardcoded credentials, insecure deserialization, path traversal, etc. Returns findings with CWE classifications and severity levels. Requires ``semgrep`` on PATH (``pip install semgrep``).
context_graphA	Build an agent context graph with lateral movement analysis. `Models reachability between agents, servers, credentials, tools, and vulnerabilities. Answers: "If agent X is compromised, what else becomes reachable?" Returns: JSON with nodes, edges, lateral_paths, interaction_risks, and stats.`
graph_exportA	Export the agent dependency graph in graph-native formats. Formats: - graphml — yEd, Gephi, NetworkX compatible with AIBOM-typed attributes - cypher — Neo4j import script with AIBOM node labels (AIAgent, MCPServer, Package, Vulnerability) - dot — Graphviz (pipe through ``dot -Tsvg``) - mermaid — embed in markdown, GitHub, Notion - json — machine-readable nodes/edges list Returns: Graph in the requested format as a string.
analytics_queryA	Query vulnerability trends, posture history, and runtime event summaries from ClickHouse. `Requires AGENT_BOM_CLICKHOUSE_URL to be set. Returns empty results if ClickHouse is not configured.`
cis_benchmarkA	Run CIS benchmark checks against a cloud account. Evaluates security posture against CIS Foundations Benchmarks: - AWS Foundations v3.0: 18 checks (IAM, Storage, Logging, Networking) - Snowflake v1.0: 12 checks (Auth, Network, Data Protection, Monitoring, Access Control) - Azure Security Benchmark v3.0: 10 checks (IAM, Storage, Logging, Networking, Key Vault) - GCP Foundation v3.0: 8 checks (IAM, Logging, Networking, Storage) All checks are read-only. Failed checks include MITRE ATT&CK Enterprise technique mappings. Requires appropriate credentials for the chosen provider. Returns: JSON with per-check pass/fail results, evidence, severity, ATT&CK techniques, and pass rate.
fleet_scanA	Batch-scan a list of MCP server names against the security metadata registry. Designed for fleet inventory data (EDR, SIEM, CSV exports) where you have server names but not versions. Returns per-server risk assessment with registry match status, risk category, tools, credentials, known CVEs, and a verdict (known-high-risk, known-medium, known-low, unknown-unvetted). Risk levels are category-derived (filesystem=high, database=medium, search=low), not made-up threat scores. Every field is traceable to a source. Returns: JSON with summary (total, matched, unmatched, risk breakdown) and per-server details.
runtime_correlateA	Cross-reference vulnerability scan results with proxy runtime audit logs. Identifies which vulnerable tools were ACTUALLY CALLED in production, distinguishing confirmed attack surface from theoretical risk. Produces risk-amplified findings: a vulnerable tool that was called 100 times is higher priority than one never invoked. Also accepts an OTel trace file (``otel_trace``) to extract ML API call provenance: which models were called, token usage, and deprecation advisories. Requires a proxy audit log (generated by running agent-bom proxy with the --log flag). Without an audit log, returns scan results only. Returns: JSON with correlated findings (CVE + tool call data + amplified risk), summary stats, uncalled vulnerable tools, and ml_api_calls provenance.
runtime_production_indexA	Return metadata-only runtime production posture for agent/tool traffic. Summarizes tool-call volume, block rate, policy decisions, authorization trace posture, alerts, active sources/sessions, freshness, and retention mode without returning prompts, raw arguments, responses, or credential values.
runtime_blueprintsA	Return canonical role/profile blueprints for runtime policy design.
runtime_blueprint_driftA	Compare current runtime traffic with an approved role/profile blueprint.
proxy_statusA	Return current MCP proxy metrics and alert summary, if a session is active.
proxy_alertsA	Return recent runtime proxy alerts without prompts, arguments, or responses.
gateway_statusA	Return gateway policy and inter-agent firewall runtime statistics.
shield_statusA	Return current Shield assessment for a session without changing enforcement state.
shield_startA	Start Shield enforcement for a session. Requires admin role, shield:write scope, and audit reason.
shield_unblockA	Unblock Shield enforcement for a session. Requires admin role, shield:write scope, and audit reason.
shield_break_glassA	Run Shield break-glass override. Requires admin role, shield:write scope, and audit reason.
firewall_checkA	Dry-run an inter-agent firewall decision without recording it to the control-plane tally.
audit_queryB	Read tenant-scoped control-plane audit records.
audit_integrityA	Verify control-plane and runtime audit chain integrity.
vector_db_scanA	Scan for running vector databases and assess their security posture.
aisvs_benchmarkA	Run AISVS v1.0 (AI Security Verification Standard) compliance checks.
gpu_infra_scanA	Discover GPU/AI compute infrastructure: containers, K8s nodes, and DCGM endpoints.
dataset_card_scanA	Scan a directory for ML dataset card metadata, provenance, and optionally PII/PHI content.
training_pipeline_scanA	Scan a directory for ML training pipeline lineage and provenance.
browser_extension_scanA	Scan installed browser extensions for dangerous permissions.
model_provenance_scanA	Check ML model provenance and supply chain metadata.
prompt_scanC	Scan prompt template files for injection risks and security issues.
model_file_scanA	Scan a directory for ML model files and assess serialization risks.
ai_inventory_scanA	Scan source code for AI component usage patterns.
license_compliance_scanB	Evaluate package licenses against compliance policy.
ingest_external_scanA	Ingest Trivy, Grype, or Syft JSON scan output and return packages with blast radius analysis.

Prompts

Interactive templates invoked by user choice

Name	Description
`quick-audit`	Run a complete security audit of your AI agent setup
`pre-install-check`	Check an MCP server package for vulnerabilities before installing
`compliance-report`	Generate OWASP/ATLAS/NIST compliance posture for your AI stack
`fleet-audit`	Audit an endpoint or cloud inventory file and return graph-ready findings
`incident-triage`	Prioritize a CVE or suspicious MCP finding using blast radius and runtime evidence
`remediation-plan`	Draft a human-reviewed remediation plan without modifying files

Resources

Contextual data attached and managed by the client

Name	Description
`registry_servers_resource`	Browse the MCP server security metadata registry (427+ servers). Returns the full registry with risk levels (category-derived), tools, credential env vars (heuristic-inferred), and verification status for every known MCP server.
`policy_template_resource`	Get a default security policy template for agent-bom. Returns a ready-to-use policy with common rules: block critical CVEs, flag CISA KEV entries, warn on unverified servers, and limit credential exposure.
`tool_metrics_resource`	Return bounded MCP tool execution metrics for observability.
`inventory_schema_resource`	Describe the canonical operator-pushed inventory contract.
`mcp_hardening_resource`	Return MCP hardening controls tuned for scans and proxy/gateway deployments.
`framework_controls_resource`	Summarize framework coverage and the evidence surfaces behind each claim.

Latest Blog Posts

Lightport: Open-Sourcing Glama's AI Gateway
By punkpeye on April 27, 2026.
open source
OpenAI
Tool Definition Quality Score (TDQS)
By punkpeye on April 3, 2026.
mcp
The Hackers Who Tracked My Sleep Cycle
By punkpeye on March 26, 2026.
security

MCP directory API

We provide all the information about MCP servers via our MCP API.

curl -X GET 'https://glama.ai/api/mcp/v1/servers/msaad00/agent-bom'

If you have feedback or need assistance with the MCP directory API, please join our Discord server