agent-bom
AI supply chain attacks are emerging faster than teams can audit — this scanner maps the full blast radius of agent dependencies including MCP servers, conta…
Open security scanner for AI supply chain: agents, MCP, containers, cloud, GPU, and runtime with blast-radius analysis.
- Scan MCP server dependencies for known vulnerabilities
- Generate software bill of materials for AI agent stacks
- Map blast radius of compromised components across deployments
AI supply chain attacks are emerging faster than teams can audit — this scanner maps the full blast radius of agent dependencies including MCP servers, containers, and GPU runtimes, filling a critical gap in enterprise AI security posture.
Security teams and CISOs responsible for AI deployments who need to inventory and scan the full dependency tree of agent-based systems.
https://github.com/msaad00/agent-bom
By msaad00
How to Get It
claude plugins install msaad00/agent-bom
Tip: Paste this into a Claude Code conversation. Verify command matches your Claude Code version.
Trust Signals Auto-scanned
Community Pulse Active
Discussed on Hacker News, Reddit
- assisti agente secreto ontem e durante o filme várias pessoas saíram da sala do — Reddit · 284 pts
- O Agente Secreto (2025) Que filme bom senhoras e senhores — Reddit · 132 pts
- Oi gente tudo bom queria mostrar as artes do Gartic que agente fez (o mambo fez — Reddit · 9 pts
3 mentions across 1 sources
Reviewer notes
Auto-scanned review. These are observations, not a security certification.
Scored from trust signals (evidence-eval-v1): 10 GitHub stars; 5 contributors; last commit 37d ago; license Apache-2.0.
How to evaluate tools before deploying →
Data shown here comes from public APIs and automated scanning. Reviewer notes reflect one person's experience. This is not a security certification or legal recommendation. Always evaluate tools according to your own organization's policies.
Evaluation
Scored from trust signals (evidence-eval-v1): 10 GitHub stars; 5 contributors; last commit 37d ago; license Apache-2.0.