Schema | agent-bom

agent-bom

Overview Schema Related Servers Score Discussions

Server Configuration

Describes the environment variables required to run the server.

Name	Required	Description	Default
No arguments

Capabilities

Features and capabilities supported by this server

Capability	Details
`tools`	{ "listChanged": false }
`prompts`	{ "listChanged": false }
`resources`	{ "subscribe": false, "listChanged": false }
`experimental`	{}

Tools

Functions exposed to the LLM to take actions

Name	Description
scan	Run a full AI supply chain security scan. `Discovers local MCP configurations (Claude Desktop, Cursor, Windsurf, VS Code Copilot, OpenClaw, etc.), extracts package dependencies, queries OSV.dev for CVEs, assesses config security (credential exposure, tool access), computes blast radius, and returns structured results. Returns: JSON with the complete AI-BOM report including agents, packages, vulnerabilities, blast radius, and remediation guidance.`
check	Check a specific package for known CVEs before installing. Queries OSV.dev for vulnerabilities in the given package. Use this before installing an MCP server or dependency to verify it is safe. Args: package: Package name with optional version, e.g. "express@4.18.2", "@modelcontextprotocol/server-filesystem@2025.1.14", or just "requests" (resolves @latest). ecosystem: Package ecosystem — "npm", "pypi", "go", "cargo", "maven", "nuget", "rubygems", "composer", "swift", "pub", "hex", "conda", "deb", "apk", or "rpm". Defaults to "npm". Returns: JSON with package, version, ecosystem, vulnerability count, and vulnerability details (id, severity, cvss, fix version, summary).
intel_lookup	Look up one advisory from the local threat-intel database.
intel_match	Match package inventory coordinates to local threat-intel advisories.
intel_sources	Return canonical threat-intel sources and local feed-run freshness.
intel_daily_brief	Return a local analyst threat brief from governed intel sources.
blast_radius	Look up the blast radius of a specific CVE across your AI agent setup. `Scans local MCP configurations, finds the specified CVE, and returns the full attack chain: which packages are affected, which MCP servers use those packages, which agents connect to those servers, and what credentials and tools are exposed. Args: cve_id: The CVE identifier (e.g. "CVE-2024-1234" or "GHSA-xxxx"). Returns: JSON with blast radius details including risk_score, affected_servers, affected_agents, exposed_credentials, and exposed_tools. Returns found=false if CVE not found.`
exposure_paths	Return ranked ExposurePath JSON for headless security agents. `This is the agent-native graph surface: Claude, Cursor, Codex, Windsurf, Cortex, and other MCP clients can request the same investigation objects used by the dashboard without scraping UI state.`
should_i_deploy	Return an agent-native deploy gate decision from graph risk.
policy_check	Evaluate a security policy against current scan results. `Runs a scan, then evaluates the provided policy rules against the findings. Policies can gate on severity thresholds, CISA KEV status, AI risk flags, credential exposure, and denied packages. Args: policy_json: JSON string containing policy rules. Example: {"rules": [{"id": "no-critical", "severity_gte": "critical", "action": "fail"}, {"id": "no-kev", "kev": true, "action": "fail"}]} Returns: JSON with passed (bool), violations list, failure_count, and warning_count.`
registry_lookup	Query the agent-bom MCP server threat intelligence registry. Look up risk level, known tools, credential requirements, and verification status for known MCP servers. The registry contains 109+ servers with security metadata. Args: server_name: MCP server name to look up (e.g. "filesystem", "@modelcontextprotocol/server-github"). package_name: Package name to search for (e.g. "mcp-server-sqlite"). At least one of server_name or package_name is required. Returns: JSON with registry entry: risk_level, verified, tools, credential_env_vars, risk_justification. Returns found=false if not found.
generate_sbom	Generate a Software Bill of Materials (SBOM) for your AI agent setup. `Discovers AI agents and MCP servers, extracts all package dependencies, and generates a standards-compliant SBOM. Args: format: SBOM format — "cyclonedx" (CycloneDX 1.6) or "spdx" (SPDX 3.0). config_path: Path to a specific MCP config directory. If not provided, auto-discovers all local agent configs. Returns: JSON string containing the SBOM in the requested format.`
compliance	Get OWASP LLM Top 10 / OWASP MCP Top 10 / MITRE ATLAS / NIST AI RMF compliance posture. Scans local MCP configurations, maps findings to 47 security controls across four AI security frameworks, and returns per-control pass/warning/fail status with an overall compliance score. Args: config_path: Path to a specific MCP config directory. If not provided, auto-discovers all local agent configs. image: Docker image reference to scan (e.g. "nginx:1.25"). Returns: JSON with overall_score (0-100), overall_status (pass/warning/fail), and per-control details for OWASP LLM Top 10 (10 controls), OWASP MCP Top 10 (10 controls), MITRE ATLAS (13 techniques), and NIST AI RMF (14 subcategories).
remediate	Generate a remediation plan for vulnerabilities in your AI agent setup. Scans for vulnerabilities, then generates actionable fix commands for each affected package (npm install, pip install), credential scope reduction guidance, and reports on unfixable vulnerabilities. Args: config_path: Path to a specific MCP config directory. If not provided, auto-discovers all local agent configs. image: Docker image reference to scan (e.g. "nginx:1.25"). Returns: JSON with package_fixes (upgrade commands by ecosystem), credential_fixes (scope reduction steps), and unfixable items.
verify	Verify package integrity and SLSA provenance against registries. `Checks SHA-256/SRI hashes against npm/PyPI registries and looks up SLSA build provenance attestations to confirm the package was built from its claimed source repository. Returns: JSON with integrity verification (hash match, expected vs actual) and provenance status (SLSA level, source repo, build trigger).`
skill_scan	Scan skill and instruction files for trust, findings, and provenance.
skill_verify	Verify Sigstore provenance for skill and instruction files.
skill_trust	Assess the trust level of a SKILL.md file using ClawHub-style categories.
where	Show all MCP discovery paths and which config files exist.
inventory	List all discovered MCP configurations and servers without CVE scanning.
tool_risk_assessment	Score live-introspected MCP tool capabilities and server risk.
diff	Compare a fresh scan against a baseline to find new and resolved vulns. `Runs a new scan, then diffs it against the provided baseline (or the latest saved report). Shows new vulnerabilities, resolved ones, and changes in the package inventory. Returns: JSON with new findings, resolved findings, new/removed packages, and a human-readable summary.`
marketplace_check	Pre-install trust check for an MCP server package. `Queries the package registry (npm or PyPI) for metadata and cross-references against the agent-bom MCP threat intelligence registry. Returns trust signals including download count, CVE status, and registry verification. Args: package: Package name to check. ecosystem: 'npm' or 'pypi'. Defaults to 'npm'. Returns: JSON with name, version, ecosystem, cve_count, download_count, registry_verified, and trust_signals.`
code_scan	Run SAST (Static Application Security Testing) on source code via Semgrep. Scans for security flaws: SQL injection, XSS, command injection, hardcoded credentials, insecure deserialization, path traversal, etc. Returns findings with CWE classifications and severity levels. Requires ``semgrep`` on PATH (``pip install semgrep``).
context_graph	Build an agent context graph with lateral movement analysis. `Models reachability between agents, servers, credentials, tools, and vulnerabilities. Answers: "If agent X is compromised, what else becomes reachable?" Returns: JSON with nodes, edges, lateral_paths, interaction_risks, and stats.`
graph_export	Export the agent dependency graph in graph-native formats. Formats: - graphml — yEd, Gephi, NetworkX compatible with AIBOM-typed attributes - cypher — Neo4j import script with AIBOM node labels (AIAgent, MCPServer, Package, Vulnerability) - dot — Graphviz (pipe through ``dot -Tsvg``) - mermaid — embed in markdown, GitHub, Notion - json — machine-readable nodes/edges list Returns: Graph in the requested format as a string.
analytics_query	Query vulnerability trends, posture history, and runtime event summaries from ClickHouse. `Requires AGENT_BOM_CLICKHOUSE_URL to be set. Returns empty results if ClickHouse is not configured.`
cis_benchmark	Run CIS benchmark checks against a cloud account. Evaluates security posture against CIS Foundations Benchmarks: - AWS Foundations v3.0: 18 checks (IAM, Storage, Logging, Networking) - Snowflake v1.0: 12 checks (Auth, Network, Data Protection, Monitoring, Access Control) - Azure Security Benchmark v3.0: 10 checks (IAM, Storage, Logging, Networking, Key Vault) - GCP Foundation v3.0: 8 checks (IAM, Logging, Networking, Storage) All checks are read-only. Failed checks include MITRE ATT&CK Enterprise technique mappings. Requires appropriate credentials for the chosen provider. Returns: JSON with per-check pass/fail results, evidence, severity, ATT&CK techniques, and pass rate.
fleet_scan	Batch-scan a list of MCP server names against the security metadata registry. Designed for fleet inventory data (EDR, SIEM, CSV exports) where you have server names but not versions. Returns per-server risk assessment with registry match status, risk category, tools, credentials, known CVEs, and a verdict (known-high-risk, known-medium, known-low, unknown-unvetted). Risk levels are category-derived (filesystem=high, database=medium, search=low), not made-up threat scores. Every field is traceable to a source. Returns: JSON with summary (total, matched, unmatched, risk breakdown) and per-server details.
runtime_correlate	Cross-reference vulnerability scan results with proxy runtime audit logs. Identifies which vulnerable tools were ACTUALLY CALLED in production, distinguishing confirmed attack surface from theoretical risk. Produces risk-amplified findings: a vulnerable tool that was called 100 times is higher priority than one never invoked. Also accepts an OTel trace file (``otel_trace``) to extract ML API call provenance: which models were called, token usage, and deprecation advisories. Requires a proxy audit log (generated by running agent-bom proxy with the --log flag). Without an audit log, returns scan results only. Returns: JSON with correlated findings (CVE + tool call data + amplified risk), summary stats, uncalled vulnerable tools, and ml_api_calls provenance.
runtime_production_index	Return metadata-only runtime production posture for agent/tool traffic. Summarizes tool-call volume, block rate, policy decisions, authorization trace posture, alerts, active sources/sessions, freshness, and retention mode without returning prompts, raw arguments, responses, or credential values.
runtime_blueprints	Return canonical role/profile blueprints for runtime policy design.
runtime_blueprint_drift	Compare current runtime traffic with an approved role/profile blueprint.
proxy_status	Return current MCP proxy metrics and alert summary, if a session is active.
proxy_alerts	Return recent runtime proxy alerts without prompts, arguments, or responses.
gateway_status	Return gateway policy and inter-agent firewall runtime statistics.
shield_status	Return current Shield assessment for a session without changing enforcement state.
shield_start	Start Shield enforcement for a session. Requires admin role, shield:write scope, and audit reason.
shield_unblock	Unblock Shield enforcement for a session. Requires admin role, shield:write scope, and audit reason.
shield_break_glass	Run Shield break-glass override. Requires admin role, shield:write scope, and audit reason.
firewall_check	Dry-run an inter-agent firewall decision without recording it to the control-plane tally.
audit_query	Read tenant-scoped control-plane audit records.
audit_integrity	Verify control-plane and runtime audit chain integrity.
vector_db_scan	Scan for running vector databases and assess their security posture.
aisvs_benchmark	Run AISVS v1.0 (AI Security Verification Standard) compliance checks.
gpu_infra_scan	Discover GPU/AI compute infrastructure: containers, K8s nodes, and DCGM endpoints.
dataset_card_scan	Scan a directory for ML dataset card metadata, provenance, and optionally PII/PHI content.
training_pipeline_scan	Scan a directory for ML training pipeline lineage and provenance.
browser_extension_scan	Scan installed browser extensions for dangerous permissions.
model_provenance_scan	Check ML model provenance and supply chain metadata.
prompt_scan	Scan prompt template files for injection risks and security issues.
model_file_scan	Scan a directory for ML model files and assess serialization risks.
ai_inventory_scan	Scan source code for AI component usage patterns.
license_compliance_scan	Evaluate package licenses against compliance policy.
ingest_external_scan	Ingest Trivy, Grype, or Syft JSON scan output and return packages with blast radius analysis.

Prompts

Interactive templates invoked by user choice

Name	Description
`quick-audit`	Run a complete security audit of your AI agent setup
`pre-install-check`	Check an MCP server package for vulnerabilities before installing
`compliance-report`	Generate OWASP/ATLAS/NIST compliance posture for your AI stack
`fleet-audit`	Audit an endpoint or cloud inventory file and return graph-ready findings
`incident-triage`	Prioritize a CVE or suspicious MCP finding using blast radius and runtime evidence
`remediation-plan`	Draft a human-reviewed remediation plan without modifying files

Resources

Contextual data attached and managed by the client

Name	Description
`registry_servers_resource`	Browse the MCP server security metadata registry (427+ servers). Returns the full registry with risk levels (category-derived), tools, credential env vars (heuristic-inferred), and verification status for every known MCP server.
`policy_template_resource`	Get a default security policy template for agent-bom. Returns a ready-to-use policy with common rules: block critical CVEs, flag CISA KEV entries, warn on unverified servers, and limit credential exposure.
`tool_metrics_resource`	Return bounded MCP tool execution metrics for observability.
`inventory_schema_resource`	Describe the canonical operator-pushed inventory contract.
`mcp_hardening_resource`	Return MCP hardening controls tuned for scans and proxy/gateway deployments.
`framework_controls_resource`	Summarize framework coverage and the evidence surfaces behind each claim.

Server Configuration
Capabilities
Tools
Prompts
Resources

Latest Blog Posts

Lightport: Open-Sourcing Glama's AI Gateway
By punkpeye on April 27, 2026.
open source
OpenAI
Tool Definition Quality Score (TDQS)
By punkpeye on April 3, 2026.
mcp
The Hackers Who Tracked My Sleep Cycle
By punkpeye on March 26, 2026.
security

MCP directory API

We provide all the information about MCP servers via our MCP API.

curl -X GET 'https://glama.ai/api/mcp/v1/servers/msaad00/agent-bom'

If you have feedback or need assistance with the MCP directory API, please join our Discord server