If you're running AI agents in production or building on MCP, this scanner gives you the blast radius view you actually need. It inventories agents, MCP servers, tools, packages, and credential references, then maps vulnerabilities from OSV and GHSA through the dependency graph to show you which agents can reach which exposed attack paths. You get CLI output for CI gates, MCP tools for agent driven security queries, and a self hosted dashboard that visualizes the full mesh. The quickstart command seeds demo data so you can see graph backed findings before pointing it at your own stack. Useful when you need to answer "what breaks if this package is compromised" or enforce pre install guards across a fleet.
claude mcp add --transport stdio msaad00-agent-bom uvx agent-bom