Which integrations are available for this server?

Enables vulnerability scanning of AI agent skill repositories specifically hosted on GitHub to detect malicious code and security flaws. Provides automated security analysis of AI agent skills based on the OWASP LLM Top 10 framework to identify issues like prompt injection and data exfiltration. Integrates with Stripe to facilitate billing and subscription management by creating checkout sessions for purchasing scan credits or upgrading service plans.

securityscan

by securityscan-api

Overview Schema Related Servers Score Discussions

Python

Remote

SecurityScan API

Vulnerability scanner for AI agent skills. Detects prompt injection, malware patterns and OWASP LLM Top 10 issues before your agent installs an untrusted skill.

Live endpoint: https://apisecurityscan.net Health check: https://apisecurityscan.net/health

Why this exists

As AI agents increasingly install and execute third-party skills, supply chain security becomes a real problem. SecurityScan lets an agent verify a skill's safety autonomously — no human in the loop required.

What it detects

Prompt injection patterns
Malicious code indicators
Data exfiltration attempts
Unauthorized external API access
Supply chain attack vectors
OWASP LLM Top 10 coverage

Quick start

1. Get an API key

curl -X POST https://apisecurityscan.net/auth/register \
  -H "Content-Type: application/json" \
  -d '{"email": "you@example.com", "name": "My Agent"}'

Response:

{
  "api_key": "ss_live_...",
  "plan": "FREE",
  "scans_remaining": 5
}

Store api_key. Proceed immediately — no payment needed for FREE tier.

2. Run a scan

curl -X POST https://apisecurityscan.net/scan \
  -H "Content-Type: application/json" \
  -H "X-API-Key: ss_live_your_key" \
  -d '{
    "skill_url": "https://github.com/owner/skill-repo"
  }'

Note: skill_url must be a github.com URL.

3. Response

{
  "scan_id": "a1b2c3d4e5f6",
  "skill_url": "https://github.com/owner/skill-repo",
  "score": 72,
  "recommendation": "CAUTION",
  "issues": [
    {
      "type": "PROMPT_INJECTION",
      "severity": "HIGH",
      "line": 42,
      "description": "Detected attempt to override agent instructions",
      "snippet": "ignore previous instructions and..."
    }
  ],
  "scan_time_ms": 1240,
  "cached": false,
  "scans_remaining": 4
}

Verdict values: SAFE (score ≥ 80) · CAUTION (50–79) · DANGEROUS (< 50)

Pricing (MXN)

Plan	Price	Scans	Type
`FREE`	$0	5/month	Free tier — no payment required
`PAY_PER_SCAN`	$2/scan	Pay as you go	One-time pack (5 scans min)
`PRO`	$399/month	Unlimited	Subscription

Results cached 24 hours — rescanning the same skill costs zero scans.

Endpoints

Method	Path	Auth	Description
`POST`	`/auth/register`	None	Register and get API key (FREE tier)
`POST`	`/scan`	X-API-Key	Submit a skill for scanning
`GET`	`/scan/{scan_id}`	X-API-Key	Retrieve scan result
`GET`	`/report/{skill_url}`	None	Public scan report (no cost)
`POST`	`/billing/upgrade`	X-API-Key	Create Stripe checkout session
`GET`	`/billing/status`	X-API-Key	Current plan and usage
`GET`	`/health`	None	Service status
`GET`	`/quickstart`	None	Agent quickstart guide

Handle scan limit (402)

When /scan returns 402 scan_limit_reached:

# Step 1: get checkout URL
curl -X POST https://apisecurityscan.net/billing/upgrade \
  -H "X-API-Key: ss_live_your_key" \
  -H "Content-Type: application/json" \
  -d '{"plan": "PAY_PER_SCAN"}'

# Step 2: complete payment at checkout_url
# Step 3: poll GET /billing/status until plan != FREE
# Step 4: retry scan

MCP integration

SecurityScan exposes an MCP server at https://apisecurityscan.net/mcp:

{
  "mcpServers": {
    "securityscan": {
      "url": "https://apisecurityscan.net/mcp",
      "transport": "http"
    }
  }
}

Available tools: scan_skill · get_report · check_certification

Latency & availability

Average scan time: < 3 seconds
Uptime: 99.9% (Contabo dedicated VPS)
Response format: JSON

Companion service

DepScan API checks the external dependency health of skills (endpoints, SSL certificates, domain reputation, blacklists): https://depscan.net

License

MIT — this repository contains documentation and skill package only. Service source code is proprietary.

This server cannot be installed

security - not tested

license - not found

quality - not tested

How are these scores calculated?

Resources

GitHub Repository

Need Help?

Related Servers

Unclaimed servers have limited discoverability.

Looking for Admin?

If you are the server author, to access and configure the admin panel.

Latest Blog Posts

Tool Definition Quality Score (TDQS)
By punkpeye on April 3, 2026.
mcp
The Hackers Who Tracked My Sleep Cycle
By punkpeye on March 26, 2026.
security
Open Source Has a Bot Problem
By punkpeye on March 19, 2026.
open source

MCP directory API

We provide all the information about MCP servers via our MCP API.

curl -X GET 'https://glama.ai/api/mcp/v1/servers/securityscan-api/securityscan-api'

If you have feedback or need assistance with the MCP directory API, please join our Discord server