agent-bom

Name: agent-bom Review
Item: agent-bom
Rating: 3.0
Author: Aaron Matthews

Skill Security Early

Open security scanner for AI supply chain: agents, MCP, containers, cloud, GPU, and runtime with blast-radius analysis.

Scan MCP server dependencies for known vulnerabilities
Generate software bill of materials for AI agent stacks
Map blast radius of compromised components across deployments

10 starsApache-2.0 (commercial OK)FreeQuick setup

Fair rating — This tool is functional but has notable gaps. Review the evaluation notes below before deploying.

Why it matters

AI supply chain attacks are emerging faster than teams can audit — this scanner maps the full blast radius of agent dependencies including MCP servers, containers, and GPU runtimes, filling a critical gap in enterprise AI security posture.

Best for

Security teams and CISOs responsible for AI deployments who need to inventory and scan the full dependency tree of agent-based systems.

Works in

Claude Code Claude Cowork Claude Chat

Source

https://github.com/msaad00/agent-bom

By msaad00

How to Get It

Option 1: Claude Desktop App (Code Mode)Click the + button next to the prompt box → Plugins → Add plugin. Search and click Install. Skills work in Claude Code only.

Option 2: Paste into Claude CodeCopy the command below and paste it into your conversation. Claude will install it.

Command

claude plugins install msaad00/agent-bom

Tip: Paste this into a Claude Code conversation. Verify command matches your Claude Code version.

CostFree

Trust Signals Automated Scan

Stars10Contributors5Last updated2026-04-13LicenseApache-2.0 (OK for commercial use)Known CVEsNone found

Data & Access

Data processingPrompts sent to Anthropic API. Enterprise/Team plans exclude training.

Community Pulse Active

Discussed on Hacker News, Reddit

Megathread: FBI Director Comey fired — Reddit · 55998 pts
Megathread: Donald Trump Jr. Releases Correspondence from Russian Lawyer — Reddit · 44281 pts
US Airforce supporting Max Verstappen during Vietnam GP with ‘Agent Orange’. — Reddit · 27964 pts

21 mentions across 2 sources

Reviewer notes

Automated Scan review. These are observations, not a security certification.

Auto-evaluated from staging triage

How to evaluate tools before deploying →

Data shown here comes from public APIs and automated scanning. Reviewer notes reflect one person's experience. This is not a security certification or legal recommendation. Always evaluate tools according to your own organization's policies.

Evaluation Scores

Evaluation

Ease of Use

3/5

Versatility

3/5

Reliability

3/5

Security

3/5

Overall score3.00 / 5.00 EarlyEvaluatedApr 2026

← Back to Claude Tool Reviews