AgentVerus Server
FreeNot checkedSecurity scanning for AI agent skills exposed as MCP tools, enabling skill analysis from ClawHub, GitHub, skills.sh, or raw URLs.
About
Security scanning for AI agent skills exposed as MCP tools, enabling skill analysis from ClawHub, GitHub, skills.sh, or raw URLs.
README
Security scanning for AI agent skills, exposed as MCP tools. Scan skills from ClawHub, GitHub, skills.sh, or raw URLs — directly from your AI agent.
164 tests · 6 analyzers · ASST taxonomy · Hosted trust_check commerce
Quick Start
Add to your agent's MCP configuration:
Published package: agentverus-scanner-mcp
If you want the hosted commercial tools (list_offers, trust_check), set:
AGENTVERUS_API_KEYfor authenticated calls tohttps://agentverus.ai/api/v1/trust/checkAGENTVERUS_BASE_URLonly if you need a non-production AgentVerus base URL
Claude Desktop / Cursor / Windsurf
{
"mcpServers": {
"agentverus": {
"command": "npx",
"args": ["-y", "agentverus-scanner-mcp"]
}
}
}
OpenClaw
{
"mcp": {
"agentverus": {
"command": "npx",
"args": ["-y", "agentverus-scanner-mcp"]
}
}
}
Tools
check_skill
Check a skill by name or identifier. Resolves ClawHub slugs, GitHub repos, and skills.sh paths automatically.
check_skill({ source: "web-search" })
check_skill({ source: "vercel-labs/agent-skills/react-best-practices" })
list_offers
Fetch the machine-readable AgentVerus offer catalog.
list_offers({})
trust_check
Call the hosted AgentVerus Trust Check SKU. Requires AGENTVERUS_API_KEY.
trust_check({ url: "https://raw.githubusercontent.com/owner/repo/main/SKILL.md" })
trust_check({ skillId: "11111111-1111-1111-1111-111111111111" })
scan_url
Scan a skill from any URL — GitHub, ClawHub, skills.sh, or raw SKILL.md.
scan_url({ url: "https://github.com/owner/repo" })
scan_skill
Scan skill content directly (pass the raw SKILL.md text).
scan_skill({ content: "---\nname: my-skill\n---\n# My Skill\n..." })
explain_finding
Get a detailed explanation of any ASST security category.
explain_finding({ id: "ASST-06" })
Resources
agentverus://taxonomy— Full ASST taxonomy (11 categories)agentverus://offers— Hosted offer catalog and billing metadataagentverus://about— Scanner info and capabilities
What It Scans For
The scanner checks for 11 categories of agent-specific security risks:
| ID | Category | Examples |
|---|---|---|
| ASST-01 | Instruction Injection | Hidden directives in HTML comments |
| ASST-02 | Data Exfiltration | Unauthorized outbound data transfers |
| ASST-03 | Privilege Escalation | Excessive permission requests |
| ASST-04 | Dependency Hijacking | Compromised URLs, curl|sh patterns |
| ASST-05 | Credential Harvesting | Reading env vars + network sends |
| ASST-06 | Prompt Injection Relay | Unvalidated external content processing |
| ASST-07 | Unverified Package | Unknown/unscanned dependencies |
| ASST-08 | Obfuscation | Encoded payloads, minified scripts |
| ASST-09 | Missing Safety Boundaries | No scope limits or error handling |
| ASST-10 | Persistence Abuse | Exploitable state storage |
| ASST-11 | Trigger Manipulation | Overly broad activation patterns |
Trust Badges
| Badge | Score | Meaning |
|---|---|---|
| 🟢 Certified | 95-100 | No significant security concerns |
| 🟡 Conditional | 85-94 | Minor concerns, review recommended |
| 🟠 Suspicious | 60-84 | Significant concerns, manual review required |
| 🔴 Rejected | 0-59 | Critical security issues found |
Links
- AgentVerus — AI agent security platform
- MCP Server on npm — This MCP server package
- Scanner on npm — The underlying scanner
- ASST Taxonomy — Full security taxonomy
License
MIT
Install AgentVerus Server in Claude Desktop, Claude Code & Cursor
unyly install agentverus-mcp-serverInstalls into Claude Desktop, Claude Code, Cursor & VS Code — handles npx, uvx and build-from-source repos for you.
First time? Get the CLI: curl -fsSL https://unyly.org/install | sh
Or configure manually
Run in your terminal:
claude mcp add agentverus-mcp-server -- npx -y agentverus-scanner-mcpFAQ
Is AgentVerus Server MCP free?
Yes, AgentVerus Server MCP is free — one-click install via Unyly at no cost.
Does AgentVerus Server need an API key?
No, AgentVerus Server runs without API keys or environment variables.
Is AgentVerus Server hosted or self-hosted?
A hosted option is available: Unyly runs the server in the cloud, no local setup required.
How do I install AgentVerus Server in Claude Desktop, Claude Code or Cursor?
Open AgentVerus Server on unyly.org, pick your client tab (Claude Desktop, Claude Code, Cursor) and press Install — the config is generated automatically, no JSON editing.
Related MCPs
GitHub
PRs, issues, code search, CI status
by GitHubFilesystem
Secure file operations with configurable access controls.
Memory
Knowledge graph-based persistent memory system.
Template MCP Server
A CLI tool to create a new Model Context Protocol server project with TypeScript support, dual transport options, and an extensible structure
by mcpdotdirectCompare AgentVerus Server with
Not sure what to pick?
Find your stack in 60 seconds
Author?
Embed badge for your README
Browse similar
All development MCPs
