agent-bom registry — 代理-bom registry
v0.86.5MCP server security registry and trust assessment — look up servers in the 427+ server security metadata registry, 运行 pre-安装 marketplace 检查s, batch fleet risk scoring, assess 技能 file trust, and 运行 SAST code 扫描s. Use when the user mentions MCP server trust, registry lookup, marketplace 检查, or 技能 trust assessment.
by 运行时依赖
安装命令
点击复制技能文档
代理-bom-registry — MCP Server Trust & Security Registry
Look up MCP servers in the 427+ server security metadata registry, assess 技能 file trust, and 运行 pre-安装 marketplace 检查s.
安装 pipx 安装 代理-bom 代理-bom mcp 扫描 @模型上下文protocol/server-brave-搜索 --eco系统 npm 代理-bom mcp 扫描 @模型上下文protocol/server-file系统 --eco系统 npm
工具s (7) 工具 Description registry_lookup Look up MCP server in 427+ server security metadata registry marketplace_检查 Pre-安装 trust 检查 with registry cross-reference fleet_扫描 Batch registry lookup + risk scoring for MCP server inventories 技能_扫描 扫描 instruction files for package refs, trust, and findings 技能_验证 验证 Sigstore provenance for instruction files 技能_trust Assess 技能 file trust level (5-category analysis) code_扫描 SAST 扫描ning via Semgrep with CWE-based 合规 m应用ing Example 工作流s # Look up a server in the registry registry_lookup(server_name="brave-搜索")
# Pre-安装 trust 检查 marketplace_检查(package="@模型上下文protocol/server-file系统")
# 扫描 instruction files and then assess a specific 技能 file 技能_扫描(path=".") 技能_trust(技能_path="./技能.md")
# Batch risk scoring fleet_扫描(servers=["brave-搜索", "github", "slack"])
MCP Resources Resource Description registry://servers Browse 427+ MCP server security metadata registry 隐私 & Data Handling
Registry data is bundled in the package — lookups are in-memory string matches with zero network calls. 技能 trust analysis 解析s content passed as a string argument (no file 系统 访问 needed).
Verification Source: github.com/msaad00/代理-bom (Apache-2.0) 7,100+ tests with CodeQL + OpenSSF Scorecard No telemetry: Zero 追踪ing, zero 分析