{ "schemaVersion": "1.0", "item": { "slug": "agent-bom", "name": "agent-bom", "source": "tencent", "type": "skill", "category": "开发工具", "sourceUrl": "https://clawhub.ai/msaad00/agent-bom", "canonicalUrl": "https://clawhub.ai/msaad00/agent-bom", "targetPlatform": "OpenClaw" }, "install": { "downloadMode": "redirect", "downloadUrl": "/downloads/agent-bom", "sourceDownloadUrl": "https://wry-manatee-359.convex.site/api/v1/download?slug=agent-bom", "sourcePlatform": "tencent", "targetPlatform": "OpenClaw", "installMethod": "Manual import", "extraction": "Extract archive", "prerequisites": [ "OpenClaw" ], "packageFormat": "ZIP package", "includedAssets": [ "SKILL.md", "compliance/SKILL.md", "scan/SKILL.md", "registry/SKILL.md", "runtime/SKILL.md" ], "primaryDoc": "SKILL.md", "quickSetup": [ "Download the package from Yavira.", "Extract the archive and review SKILL.md first.", "Import or place the package into your OpenClaw setup." ], "agentAssist": { "summary": "Hand the extracted package to your coding agent with a concrete install brief instead of figuring it out manually.", "steps": [ "Download the package from Yavira.", "Extract it into a folder your agent can access.", "Paste one of the prompts below and point your agent at the extracted folder." ], "prompts": [ { "label": "New install", "body": "I downloaded a skill package from Yavira. Read SKILL.md from the extracted folder and install it by following the included instructions. Tell me what you changed and call out any manual steps you could not complete." }, { "label": "Upgrade existing", "body": "I downloaded an updated skill package from Yavira. Read SKILL.md from the extracted folder, compare it with my current installation, and upgrade it while preserving any custom configuration unless the package docs explicitly say otherwise. Summarize what changed and any follow-up checks I should run." } ] }, "sourceHealth": { "source": "tencent", "status": "healthy", "reason": "direct_download_ok", "recommendedAction": "download", "checkedAt": "2026-05-07T17:22:31.273Z", "expiresAt": "2026-05-14T17:22:31.273Z", "httpStatus": 200, "finalUrl": "https://wry-manatee-359.convex.site/api/v1/download?slug=afrexai-annual-report", "contentType": "application/zip", "probeMethod": "head", "details": { "probeUrl": "https://wry-manatee-359.convex.site/api/v1/download?slug=afrexai-annual-report", "contentDisposition": "attachment; filename=\"afrexai-annual-report-1.0.0.zip\"", "redirectLocation": null, "bodySnippet": null }, "scope": "source", "summary": "Source download looks usable.", "detail": "Yavira can redirect you to the upstream package for this source.", "primaryActionLabel": "Download for OpenClaw", "primaryActionHref": "/downloads/agent-bom" }, "validation": { "installChecklist": [ "Use the Yavira download entry.", "Review SKILL.md after the package is downloaded.", "Confirm the extracted package contains the expected setup assets." ], "postInstallChecks": [ "Confirm the extracted package includes the expected docs or setup files.", "Validate the skill or prompts are available in your target agent workspace.", "Capture any manual follow-up steps the agent could not complete." ] }, "downloadPageUrl": "https://openagent3.xyz/downloads/agent-bom", "agentPageUrl": "https://openagent3.xyz/skills/agent-bom/agent", "manifestUrl": "https://openagent3.xyz/skills/agent-bom/agent.json", "briefUrl": "https://openagent3.xyz/skills/agent-bom/agent.md" }, "agentAssist": { "summary": "Hand the extracted package to your coding agent with a concrete install brief instead of figuring it out manually.", "steps": [ "Download the package from Yavira.", "Extract it into a folder your agent can access.", "Paste one of the prompts below and point your agent at the extracted folder." ], "prompts": [ { "label": "New install", "body": "I downloaded a skill package from Yavira. Read SKILL.md from the extracted folder and install it by following the included instructions. Tell me what you changed and call out any manual steps you could not complete." }, { "label": "Upgrade existing", "body": "I downloaded an updated skill package from Yavira. Read SKILL.md from the extracted folder, compare it with my current installation, and upgrade it while preserving any custom configuration unless the package docs explicitly say otherwise. Summarize what changed and any follow-up checks I should run." } ] }, "documentation": { "source": "clawhub", "primaryDoc": "SKILL.md", "sections": [ { "title": "agent-bom — AI Agent Infrastructure Security Scanner", "body": "Discovers MCP clients and servers across 22 AI tools, scans for CVEs, maps\nblast radius, runs cloud CIS benchmarks, checks OWASP/NIST/MITRE compliance,\ngenerates SBOMs, and assesses AI infrastructure against AISVS v1.0 and MAESTRO\nframework layers." }, { "title": "Install", "body": "pipx install agent-bom\nagent-bom scan # auto-discover + scan\nagent-bom check langchain # check a specific package\nagent-bom fs . # scan filesystem packages\nagent-bom image nginx:1.25 # scan container image (native, no Syft)\nagent-bom cloud aws # AWS CIS benchmark\nagent-bom iac infra/ # scan Terraform/CloudFormation\nagent-bom where # show all discovery paths" }, { "title": "As an MCP Server", "body": "{\n \"mcpServers\": {\n \"agent-bom\": {\n \"command\": \"uvx\",\n \"args\": [\"agent-bom\", \"mcp\"]\n }\n }\n}" }, { "title": "Vulnerability Scanning", "body": "ToolDescriptionscanFull discovery + vulnerability scan pipelinecheckCheck a package for CVEs (OSV, NVD, EPSS, KEV)blast_radiusMap CVE impact chain across agents, servers, credentialsremediatePrioritized remediation plan for vulnerabilitiesverifyPackage integrity + SLSA provenance checkdiffCompare two scan reports (new/resolved/persistent)whereShow MCP client config discovery pathsinventoryList discovered agents, servers, packages" }, { "title": "Compliance & Policy", "body": "ToolDescriptioncomplianceOWASP LLM/Agentic Top 10, EU AI Act, MITRE ATLAS, NIST AI RMFpolicy_checkEvaluate results against custom security policy (17 conditions)cis_benchmarkCIS benchmark checks (AWS, Azure v3.0, GCP v3.0, Snowflake)generate_sbomGenerate SBOM (CycloneDX or SPDX format)aisvs_benchmarkOWASP AISVS v1.0 compliance — 9 AI security checks" }, { "title": "Registry & Trust", "body": "ToolDescriptionregistry_lookupLook up MCP server in 427+ server security metadata registrymarketplace_checkPre-install trust check with registry cross-referencefleet_scanBatch registry lookup + risk scoring for MCP server inventoriesskill_trustAssess skill file trust level (5-category analysis)code_scanSAST scanning via Semgrep with CWE-based compliance mapping" }, { "title": "Runtime & Analytics", "body": "ToolDescriptioncontext_graphAgent context graph with lateral movement analysisanalytics_queryQuery vulnerability trends, posture history, and runtime eventsruntime_correlateCross-reference proxy audit JSONL with CVE findings, risk amplificationvector_db_scanProbe Qdrant/Weaviate/Chroma/Milvus for auth and exposuregpu_infra_scanGPU container and K8s node inventory + unauthenticated DCGM probe (MAESTRO KC6)" }, { "title": "Specialized Scans", "body": "ToolDescriptiondataset_card_scanScan dataset cards for bias, licensing, and provenance issuestraining_pipeline_scanScan training pipeline configs for security risksbrowser_extension_scanScan browser extensions for risky permissions and AI domain accessmodel_provenance_scanVerify model provenance and supply chain integrityprompt_scanScan prompt templates for injection and data leakage risksmodel_file_scanScan model files for unsafe serialization (pickle, etc.)license_compliance_scanFull SPDX license catalog scan with copyleft and network-copyleft detectioningest_external_scanImport Trivy/Grype/Syft scan results and merge into agent-bom findings" }, { "title": "Resources", "body": "ResourceDescriptionregistry://serversBrowse 427+ MCP server security metadata registry" }, { "title": "Example Workflows", "body": "# Check a package before installing\ncheck(package=\"@modelcontextprotocol/server-filesystem\", ecosystem=\"npm\")\n\n# Map blast radius of a CVE\nblast_radius(cve_id=\"CVE-2024-21538\")\n\n# Full scan\nscan()\n\n# Run CIS benchmark\ncis_benchmark(provider=\"aws\")\n\n# Run AISVS v1.0 compliance\naisvs_benchmark()\n\n# Scan vector databases for auth misconfigurations\nvector_db_scan()\n\n# Discover GPU containers, K8s GPU nodes, and unauthenticated DCGM endpoints\ngpu_infra_scan()\n\n# Assess trust of a skill file\nskill_trust(skill_content=\"\")" }, { "title": "Guardrails", "body": "Always do:\n\nShow CVEs even when NVD analysis is pending or severity is unknown — a CVE ID with no details is still a real finding. Report what is known; mark severity as unknown explicitly.\nConfirm with the user before scanning cloud environments (cis_benchmark) — these make live API calls to AWS/Azure/GCP using the user's credentials.\nTreat UNKNOWN severity as unresolved, not benign — it means data is not yet available, not that the issue is minor.\n\nNever do:\n\nDo not modify any files, install packages, or change system configuration. This skill is read-only.\nDo not transmit env var values, credentials, or file contents to any external service. Only package names and CVE IDs leave the machine.\nDo not invoke scan() autonomously on sensitive environments without user confirmation. The autonomous_invocation policy is restricted.\n\nStop and ask the user when:\n\nThe user requests a cloud CIS benchmark and no cloud credentials are configured.\nA scan finds CRITICAL CVEs — present findings and ask whether to generate a remediation plan.\nThe user asks to scan a path outside their home directory." }, { "title": "Supported Frameworks (14)", "body": "OWASP LLM Top 10 (2025) — prompt injection, supply chain, data leakage\nOWASP MCP Top 10 — MCP-specific security risks\nOWASP Agentic Top 10 — tool poisoning, rug pulls, credential theft\nOWASP AISVS v1.0 — AI Security Verification Standard (9 checks)\nMITRE ATLAS — adversarial ML threat framework\nNIST AI RMF — govern, map, measure, manage lifecycle\nNIST CSF 2.0 — identify, protect, detect, respond, recover\nNIST 800-53 Rev 5 — federal security controls (CM-8, RA-5, SI-2, SR-3)\nFedRAMP Moderate — derived from NIST 800-53 controls\nEU AI Act — risk classification, transparency, SBOM requirements\nISO 27001:2022 — information security controls (Annex A)\nSOC 2 — Trust Services Criteria\nCIS Controls v8 — implementation groups IG1/IG2/IG3\nCMMC 2.0 — cybersecurity maturity model (Level 1-3)" }, { "title": "Privacy & Data Handling", "body": "This skill installs agent-bom from PyPI. Verify the redaction behavior\nbefore running with any config files:\n\n# Step 1: Install\npip install agent-bom\n\n# Step 2: Review redaction logic BEFORE scanning\n# sanitize_env_vars() replaces ALL env var values with ***REDACTED***\n# BEFORE any config data is processed or stored:\n# https://github.com/msaad00/agent-bom/blob/main/src/agent_bom/security.py#L159\n\n# Step 3: Review config parsing — only structural data extracted:\n# https://github.com/msaad00/agent-bom/blob/main/src/agent_bom/discovery/__init__.py\n\n# Step 4: Verify package provenance (Sigstore)\nagent-bom verify agent-bom\n\n# Step 5: Only then run scans\nagent-bom scan\n\nWhat is extracted: Server names, commands, args, and URLs from MCP client\nconfig files across 22 AI tools. What is NOT extracted: Env var values are\nreplaced with ***REDACTED*** by sanitize_env_vars() before any processing.\nOnly public package names and CVE IDs are sent to vulnerability databases.\nCloud CIS checks use locally configured credentials and call only the cloud\nprovider's own APIs." }, { "title": "Verification", "body": "Source: github.com/msaad00/agent-bom (Apache-2.0)\nSigstore signed: agent-bom verify agent-bom@0.71.0\n6,040+ tests with CodeQL + OpenSSF Scorecard\nNo telemetry: Zero tracking, zero analytics" } ], "body": "agent-bom — AI Agent Infrastructure Security Scanner\n\nDiscovers MCP clients and servers across 22 AI tools, scans for CVEs, maps blast radius, runs cloud CIS benchmarks, checks OWASP/NIST/MITRE compliance, generates SBOMs, and assesses AI infrastructure against AISVS v1.0 and MAESTRO framework layers.\n\nInstall\npipx install agent-bom\nagent-bom scan # auto-discover + scan\nagent-bom check langchain # check a specific package\nagent-bom fs . # scan filesystem packages\nagent-bom image nginx:1.25 # scan container image (native, no Syft)\nagent-bom cloud aws # AWS CIS benchmark\nagent-bom iac infra/ # scan Terraform/CloudFormation\nagent-bom where # show all discovery paths\n\nAs an MCP Server\n{\n \"mcpServers\": {\n \"agent-bom\": {\n \"command\": \"uvx\",\n \"args\": [\"agent-bom\", \"mcp\"]\n }\n }\n}\n\nTools (32)\nVulnerability Scanning\nTool\tDescription\nscan\tFull discovery + vulnerability scan pipeline\ncheck\tCheck a package for CVEs (OSV, NVD, EPSS, KEV)\nblast_radius\tMap CVE impact chain across agents, servers, credentials\nremediate\tPrioritized remediation plan for vulnerabilities\nverify\tPackage integrity + SLSA provenance check\ndiff\tCompare two scan reports (new/resolved/persistent)\nwhere\tShow MCP client config discovery paths\ninventory\tList discovered agents, servers, packages\nCompliance & Policy\nTool\tDescription\ncompliance\tOWASP LLM/Agentic Top 10, EU AI Act, MITRE ATLAS, NIST AI RMF\npolicy_check\tEvaluate results against custom security policy (17 conditions)\ncis_benchmark\tCIS benchmark checks (AWS, Azure v3.0, GCP v3.0, Snowflake)\ngenerate_sbom\tGenerate SBOM (CycloneDX or SPDX format)\naisvs_benchmark\tOWASP AISVS v1.0 compliance — 9 AI security checks\nRegistry & Trust\nTool\tDescription\nregistry_lookup\tLook up MCP server in 427+ server security metadata registry\nmarketplace_check\tPre-install trust check with registry cross-reference\nfleet_scan\tBatch registry lookup + risk scoring for MCP server inventories\nskill_trust\tAssess skill file trust level (5-category analysis)\ncode_scan\tSAST scanning via Semgrep with CWE-based compliance mapping\nRuntime & Analytics\nTool\tDescription\ncontext_graph\tAgent context graph with lateral movement analysis\nanalytics_query\tQuery vulnerability trends, posture history, and runtime events\nruntime_correlate\tCross-reference proxy audit JSONL with CVE findings, risk amplification\nvector_db_scan\tProbe Qdrant/Weaviate/Chroma/Milvus for auth and exposure\ngpu_infra_scan\tGPU container and K8s node inventory + unauthenticated DCGM probe (MAESTRO KC6)\nSpecialized Scans\nTool\tDescription\ndataset_card_scan\tScan dataset cards for bias, licensing, and provenance issues\ntraining_pipeline_scan\tScan training pipeline configs for security risks\nbrowser_extension_scan\tScan browser extensions for risky permissions and AI domain access\nmodel_provenance_scan\tVerify model provenance and supply chain integrity\nprompt_scan\tScan prompt templates for injection and data leakage risks\nmodel_file_scan\tScan model files for unsafe serialization (pickle, etc.)\nlicense_compliance_scan\tFull SPDX license catalog scan with copyleft and network-copyleft detection\ningest_external_scan\tImport Trivy/Grype/Syft scan results and merge into agent-bom findings\nResources\nResource\tDescription\nregistry://servers\tBrowse 427+ MCP server security metadata registry\nExample Workflows\n# Check a package before installing\ncheck(package=\"@modelcontextprotocol/server-filesystem\", ecosystem=\"npm\")\n\n# Map blast radius of a CVE\nblast_radius(cve_id=\"CVE-2024-21538\")\n\n# Full scan\nscan()\n\n# Run CIS benchmark\ncis_benchmark(provider=\"aws\")\n\n# Run AISVS v1.0 compliance\naisvs_benchmark()\n\n# Scan vector databases for auth misconfigurations\nvector_db_scan()\n\n# Discover GPU containers, K8s GPU nodes, and unauthenticated DCGM endpoints\ngpu_infra_scan()\n\n# Assess trust of a skill file\nskill_trust(skill_content=\"\")\n\nGuardrails\n\nAlways do:\n\nShow CVEs even when NVD analysis is pending or severity is unknown — a CVE ID with no details is still a real finding. Report what is known; mark severity as unknown explicitly.\nConfirm with the user before scanning cloud environments (cis_benchmark) — these make live API calls to AWS/Azure/GCP using the user's credentials.\nTreat UNKNOWN severity as unresolved, not benign — it means data is not yet available, not that the issue is minor.\n\nNever do:\n\nDo not modify any files, install packages, or change system configuration. This skill is read-only.\nDo not transmit env var values, credentials, or file contents to any external service. Only package names and CVE IDs leave the machine.\nDo not invoke scan() autonomously on sensitive environments without user confirmation. The autonomous_invocation policy is restricted.\n\nStop and ask the user when:\n\nThe user requests a cloud CIS benchmark and no cloud credentials are configured.\nA scan finds CRITICAL CVEs — present findings and ask whether to generate a remediation plan.\nThe user asks to scan a path outside their home directory.\nSupported Frameworks (14)\nOWASP LLM Top 10 (2025) — prompt injection, supply chain, data leakage\nOWASP MCP Top 10 — MCP-specific security risks\nOWASP Agentic Top 10 — tool poisoning, rug pulls, credential theft\nOWASP AISVS v1.0 — AI Security Verification Standard (9 checks)\nMITRE ATLAS — adversarial ML threat framework\nNIST AI RMF — govern, map, measure, manage lifecycle\nNIST CSF 2.0 — identify, protect, detect, respond, recover\nNIST 800-53 Rev 5 — federal security controls (CM-8, RA-5, SI-2, SR-3)\nFedRAMP Moderate — derived from NIST 800-53 controls\nEU AI Act — risk classification, transparency, SBOM requirements\nISO 27001:2022 — information security controls (Annex A)\nSOC 2 — Trust Services Criteria\nCIS Controls v8 — implementation groups IG1/IG2/IG3\nCMMC 2.0 — cybersecurity maturity model (Level 1-3)\nPrivacy & Data Handling\n\nThis skill installs agent-bom from PyPI. Verify the redaction behavior before running with any config files:\n\n# Step 1: Install\npip install agent-bom\n\n# Step 2: Review redaction logic BEFORE scanning\n# sanitize_env_vars() replaces ALL env var values with ***REDACTED***\n# BEFORE any config data is processed or stored:\n# https://github.com/msaad00/agent-bom/blob/main/src/agent_bom/security.py#L159\n\n# Step 3: Review config parsing — only structural data extracted:\n# https://github.com/msaad00/agent-bom/blob/main/src/agent_bom/discovery/__init__.py\n\n# Step 4: Verify package provenance (Sigstore)\nagent-bom verify agent-bom\n\n# Step 5: Only then run scans\nagent-bom scan\n\n\nWhat is extracted: Server names, commands, args, and URLs from MCP client config files across 22 AI tools. What is NOT extracted: Env var values are replaced with ***REDACTED*** by sanitize_env_vars() before any processing. Only public package names and CVE IDs are sent to vulnerability databases. Cloud CIS checks use locally configured credentials and call only the cloud provider's own APIs.\n\nVerification\nSource: github.com/msaad00/agent-bom (Apache-2.0)\nSigstore signed: agent-bom verify agent-bom@0.71.0\n6,040+ tests with CodeQL + OpenSSF Scorecard\nNo telemetry: Zero tracking, zero analytics" }, "trust": { "sourceLabel": "tencent", "provenanceUrl": "https://clawhub.ai/msaad00/agent-bom", "publisherUrl": "https://clawhub.ai/msaad00/agent-bom", "owner": "msaad00", "version": "0.71.0", "license": null, "verificationStatus": "Indexed source record" }, "links": { "detailUrl": "https://openagent3.xyz/skills/agent-bom", "downloadUrl": "https://openagent3.xyz/downloads/agent-bom", "agentUrl": "https://openagent3.xyz/skills/agent-bom/agent", "manifestUrl": "https://openagent3.xyz/skills/agent-bom/agent.json", "briefUrl": "https://openagent3.xyz/skills/agent-bom/agent.md" } }