Scans GitHub-hosted AI skills for security issues before your agent installs them. Exposes three MCP tools: scan_skill submits a repo URL and returns a scored report flagging prompt injection patterns, malware indicators, and OWASP LLM Top 10 violations with line numbers and snippets. Get_report retrieves cached public scan results at no cost. Check_certification validates skill safety badges. Useful when building agents that autonomously install third-party skills and need supply chain verification without human review. Free tier gives you 5 scans per month. Results include a verdict (SAFE, CAUTION, DANGEROUS) based on a 0-100 score, plus detailed issue breakdowns. Average scan completes in under 3 seconds. Connects to https://apisecurityscan.net/mcp via streamable HTTP.
claude mcp add --transport http net.apisecurityscan-securityscan https://apisecurityscan.net/mcp