Agent Bom

Name: Agent Bom
Author: msaad00

Verified

AI supply chain security scanner with 18 MCP tools. Auto-discovers 20 MCP clients, scans dependencies for CVEs (OSV/NVD/EPSS/CISA KEV), maps blast radius from vulnerabilities to exposed credentials and tools, runs CIS benchmarks, generates CycloneDX/SPDX SBOMs, and enforces compliance across OWASP LLM Top 10, MITRE ATLAS, NIST AI RMF, and EU AI Act.

by msaad00 10 Apache-2.0 Python Intermediate stdio

View on GitHub Install Guide

Install

Claude Code

claude mcp add agent-bom -- uvx agent-bom

Cursor

{
  "mcpServers": {
    "agent-bom": {
      "command": "uvx",
      "args": [
        "agent-bom"
      ]
    }
  }
}

VS Code

{
  "mcp": {
    "servers": {
      "agent-bom": {
        "command": "uvx",
        "args": [
          "agent-bom"
        ]
      }
    }
  }
}

Windsurf

{
  "mcpServers": {
    "agent-bom": {
      "command": "uvx",
      "args": [
        "agent-bom"
      ]
    }
  }
}

Claude Desktop

{
  "mcpServers": {
    "agent-bom": {
      "command": "uvx",
      "args": [
        "agent-bom"
      ]
    }
  }
}

Safety Report

57% Verified

Scanned yesterday

4 passed 3 warnings

Security

Authentication

details

Authentication detected: env_required, bearer_check, auth_header, jwt_verify, connection_string, oauth

Pass

CORS Policy

details

stdio transport — CORS not applicable

N/A

Rate Limiting

details

Rate limiting detected: rate_limit_middleware, throttle, requests_per

Pass

Known CVEs

details

2 known vulnerable deps (1 high)

Warning

Code Quality

Dependency Audit

details

2 known vulnerable deps (1 high)

Warning

Dangerous Patterns

details

Dangerous patterns detected: eval_call

Warning

License

details

License: Apache-2.0

Pass

Community

Maintenance Status

details

Last commit 1 days ago

Pass

Learn about our security methodology →

Compatibility

Claude CodeFull support

Tested

CursorFull support

Tested

VS CodeFull support via Copilot

Tested

WindsurfFull support

Tested

Claude DesktopFull support

Tested

Frequently Asked Questions

What is Agent Bom?

Is Agent Bom safe to use?

Yes, Agent Bom has passed our 8-point security audit and is rated Verified. All checks including authentication, dependency audit, and known CVE scan passed.

What are alternatives to Agent Bom?

Similar MCP servers include GhidraMCP, Ida Pro MCP, Beelzebub. Each serves a similar purpose but may differ in features, language, and compatibility.

Similar MCP Servers

GhidraMCP

Untested

by LaurieWired

A Model Context Protocol server for Ghidra that enables LLMs to autonomously reverse engineer applications. Provides tools for decompiling binaries, renaming methods and data, and listing methods, classes, imports, and exports.

security Java stdio

7.9k 27 tools

View

Ida Pro MCP

Caution

by mrexodia

MCP server for IDA Pro, allowing you to perform binary analysis with AI assistants. This plugin implement decompilation, disassembly and allows you to generate malware analysis reports automatically.

security Python stdio

6.4k 25 tools

View

Beelzebub

Verified

by mariocandela

Beelzebub is a honeypot framework that lets you build honeypot tools using MCP. Its purpose is to detect prompt injection or malicious agent behavior. The underlying idea is to provide the agent with tools it would never use in its normal work.

security Go stdio

1.9k

View