agent-bom

AI supply chain security scanner for MCP servers and AI agents. 18 tools for CVE scanning, blast radius mapping, CIS benchmarks, SBOM generation, and compliance enforcement across OWASP LLM Top 10, MITRE ATLAS, NIST AI RMF, and EU AI Act.

→ msaad00/agent-bom · listed on glama

Install from

Glama

M8ven verifies MCPs across every public registry — install directly from whichever one you prefer.

// key findings

✅

No credential exfiltration, no sensitive file access, no obfuscation

Static analysis found nothing flowing your secrets to unexpected places.

✅

Open source with a license and README

Anyone can audit the code, the license is declared, and the publisher documents what it does.

// required environment variables

This server reads these from process.env. You'll be asked to provide them before it can run.

configNEXT_EXPORT

configNEXT_PUBLIC_API_URL

// full audit trail

The full breakdown of what we checked, the deductions that landed, the network hosts, the dependency advisories, and concrete fix guidance is available to verified publishers.

// improvement guidance — verified publishers only

We have 1 concrete improvement we can share with the publisher of this MCP. Each comes with specific guidance to raise the trust score.

// embed badge in your README

[![M8ven Score](https://m8ven.ai/badge/mcp/msaad00-agent-bom-1fxnnb)](https://m8ven.ai/mcp/msaad00-agent-bom-1fxnnb)

commit: 82f6916ea3c02206aa2a12cbd58370a93485b604

code hash: f4c27ae987ff49e549b1bc4afa9bfcb16675b99d5ba3a9a853db4235403ae878

verified: 4/11/2026, 2:54:42 PM

view raw JSON →