The Problem
AI agents are becoming the new software supply chain. When you install an MCP server in Claude Desktop or a SKILL.md file in Claude Code, your agent follows those instructions unconditionally. There's no permission prompt, no sandbox, no review process.
This creates the same class of supply chain attacks that plagued npm and PyPI — but worse. A malicious MCP server can read your files, exfiltrate credentials, and execute arbitrary code. A poisoned agent skill can inject hidden instructions that override your AI's behavior without you ever seeing them.
The attack surface is real. Researchers have already demonstrated tool poisoning, credential theft via environment variable exposure, and cross-tool manipulation in production MCP servers. Agent skills face their own threats: instruction injection, encoded payloads piped to shell, and social engineering that tricks agents into running destructive commands.
What Vigile Does
Vigile is a security scanner purpose-built for AI agent tools. It works at three layers:
Static scanning analyzes MCP server configurations and agent skill files against 50 detection patterns covering tool poisoning, permission abuse, data exfiltration, obfuscation, instruction injection, malware delivery, and more. Every pattern maps to a specific threat ID so you know exactly what was found and why it matters.
Trust scoring gives every scanned item a score from 0 to 100 based on five weighted factors: code analysis, dependency health, permission safety, behavioral stability, and transparency. This makes it easy to compare tools at a glance and make informed decisions about what to install.
Sentinel runtime monitoring goes beyond static analysis. It intercepts outbound network traffic from your MCP servers and flags C2 beaconing, credential theft, DNS tunneling, and connections to unexpected destinations. Static scanning catches what's in the code — Sentinel catches what the code actually does on the wire.
How It Works
Getting started takes five seconds:
npx vigile-scan --allThat's it. Vigile auto-discovers your MCP configurations from Claude Desktop, Claude Code, Cursor, GitHub Copilot, Windsurf, and VS Code. It finds your agent skill files — SKILL.md, .mdc rules, CLAUDE.md, .github/copilot instructions. Then it scans everything and gives you a trust score for each item.
The CLI outputs JSON for CI/CD integration, so you can block deployments that include risky MCP servers or agent skills. Exit code 1 on critical or high findings means it works natively in any pipeline.
The Trust Registry
Beyond the scanner, Vigile maintains a community trust registry at vigile.dev. Every MCP server and agent skill that gets scanned contributes to a shared database of trust scores, security findings, and behavioral analysis.
Before you install a new MCP server, check its trust score. Before you use someone's SKILL.md, see if it's been flagged. The registry turns individual scans into collective intelligence.
Free to Use
The Vigile CLI scanner is free and open source (Apache 2.0), available on npm. Unlimited local scans, no account required, no strings attached. The registry is free to browse. API access for programmatic scanning starts at 50 requests per month on the free tier.
Sentinel runtime monitoring and advanced features are available on Pro ($9.99/month) and Pro+ ($29.99/month) plans. These fund continued development and keep the free tier sustainable.
Get Started
Run your first scan right now:
npx vigile-scan --all --verboseOr scan a skill online at vigile.dev/scan-skill — paste any SKILL.md content and get instant results, no install needed.
Browse the registry at vigile.dev/search to see trust scores for hundreds of indexed MCP servers and agent skills.