msaad00/agent-bom

Verified

Summary

AI supply chain security scanner with 18 MCP tools. Auto discovers 20 MCP clients, scans dependencies for CVEs (OSV/NVD/EPSS/CISA KEV), maps blast radius from vulnerabilities to exposed credentials and tools, runs CIS benchmarks, generates CycloneDX/SPDX SBOMs, and enforces compliance across OWASP LLM Top 10, MITRE ATLAS, NIST AI RMF, and EU AI Act.

Links

Repository

Safety: Local MCP servers can run code and access files on your machine depending on how you configure them. Remote servers may send data to third-party services and require credentials. Review the repository and requested permissions before installing.

Install instructions

Add to Cursor

Where to put this

Merge into the existing file if needed. Top-level key: mcpServers.

Global

Linux / macOS~/.cursor/mcp.json

Windows%USERPROFILE%\.cursor\mcp.json

Project

Linux / macOS<project_folder>/.cursor/mcp.json

Windows<project_folder>\.cursor\mcp.json

{
  "mcpServers": {
    "msaad00-agent-bom": {
      "command": "npx",
      "args": [
        "-y",
        "agent-bom"
      ]
    }
  }
}

Replace placeholder values with secrets from your environment. Confirm the package name in the repository README; the catalog uses a best-guess npx -y target when registry metadata is not available.

Transport

stdio

Metadata

Primary category: Cloud, Infra & Ops
Popularity (composite): 83.0 / 100
GitHub stars: 10
Tags: SecurityCloud, Infra & Opssupplychainsecurityscannerwithmcptools.auto