AI Agent Security Scanner for IDEs

Verify your agents and the code they write.

Scan the assets that your agents use: MCP servers, skills, and AI-generated code. This extension assesses the supply chain assets around your AI tooling to identify threats before they land: prompt injection, data exfiltration, command injection, supply chain tampering, and more.

Works in VS Code · Cursor · Windsurf · Antigravity

Documentation · Installation Guide · Discord · Cisco AI Defense

What It Does

MCP Server Scanning

The scanner discovers and analyzes MCP server configurations on your machine. It inspects tool descriptions, server configurations, and endpoints for hidden instructions, exfiltration patterns, cross-tool attack chains, and suspicious commands. Learn more →

Agent Skill Scanning

Skills for Cursor, Claude Code, Codex, and Antigravity are analyzed for command injection, obfuscation, privilege escalation, and supply chain indicators. The scanner examines skill definitions and any referenced scripts or binaries without executing them. Learn more →

Secure AI-generated Code

Project CodeGuard's security rules are embedded directly into the AI agent's context, covering 20+ security domains ranging from input validation and authentication to cryptography and session management. These rules guide AI-generated code toward secure patterns from the start, rather than catching vulnerabilities after the fact. Learn more →

Watchdog

Watchdog continuously monitors critical AI configuration files for unauthorized modifications. It detects hook injection, auto-memory poisoning, shell alias injection, and MCP configuration tampering using SHA-256 snapshots with HMAC verification. When a change is detected, developers can view diffs, restore from snapshots, or accept the change as a new baseline. Learn more →

Quick Start

Install from the VS Code Marketplace — the Setup Wizard opens automatically
Scan — open the Command Palette (Cmd/Ctrl+Shift+P) and run Scan All (MCP + Skills)
Review findings in the sidebar, dashboard, or Problems panel

YARA and behavioral analysis work out of the box with zero configuration. For deeper analysis, add an LLM provider via Configure LLM Provider in the Command Palette.

See the Installation Guide for LLM provider setup (OpenAI, Anthropic, Azure, Ollama, Google AI Studio, AWS Bedrock, and more).

Analysis Engines

Engine	Local	What it does
YARA Pattern Matching	Yes	Signature-based detection of known malicious patterns using built-in + custom rules
Behavioral Analysis	Yes	Python AST dataflow analysis with taint tracking and control-flow graph construction
LLM Analysis	Depends	Semantic analysis of tool descriptions and skill content for intent-level threats
Cisco AI Defense*	No	Cloud-based threat classification powered by Cisco's security intelligence (API key required)
VirusTotal*	No	Hash-based and optional file-upload scanning for binaries referenced by skills (API key required)
Meta Analyzer	Depends	Second-pass LLM review that cross-correlates findings from all engines (~64% noise reduction)

See the full engine reference for details on all engines and configuration.

IDE Integration

Security Dashboard — Visual summary with severity breakdowns and quick actions
Inline Decorations — Status indicators directly in MCP config files
CodeLens — Contextual info above server definitions
Findings Tree — Organized by config, server, or skill
Watchdog Panel — Real-time file protection status with diff views
One-click Remediation — Trust, allowlist, or remove servers and skills inline
Report Export — JSON, Markdown, or CSV
Scan Comparison — Track new, resolved, and unchanged findings over time

Supported Platforms

MCP Configurations: Cursor · Claude Desktop · VS Code · Windsurf · Antigravity · Workspace configs

Agent Skills: Cursor · Claude · Codex · Antigravity · Custom directories

LLM Providers: OpenAI · Anthropic · Azure OpenAI · Azure AI · AWS Bedrock · GCP Vertex · Ollama · OpenRouter · Google AI Studio

See the full platform matrix for config file locations and skill paths.

Key Commands

Command	Description
Scan All (MCP + Skills)	Scan all MCP configs and skills in a single pass
Open Security Dashboard	Visual security summary with severity breakdown
Configure LLM Provider	Set up AI analysis provider
Configure Cisco AI Defense	Enable Cisco AI Defense cloud-based classification with additional capabilities (API key required)
CodeGuard: Configure Rules	Select IDEs and security rule categories to inject
CodeGuard: Inject Rules Now	Write selected rules into IDE agent config
Export Scan Report	Export results as JSON, Markdown, or CSV
Compare with Previous Scan	Track new, resolved, and unchanged findings

See the full command reference for all available commands.

Security & Privacy

No Source Code Transmission — Your source code never leaves your machine
No Tool Execution — Analyzes descriptions only; never executes MCP tools or runs skill code
Secure Credential Storage — API keys stored in your OS keychain via VS Code's SecretStorage API
Privacy-First VirusTotal — Only file hashes sent by default; file upload is opt-in
Minimal Network Access — YARA and behavioral analysis are fully local; network requests only for configured analyzers

Anonymous usage telemetry can be disabled at any time via settings. No scan content, API keys, or PII is ever transmitted.

Your use of this extension is governed by the Cisco Online Privacy Statement.

Documentation

Topic	Link
Overview & Commands	Documentation Home
Installation & LLM Setup	Installation Guide
Features & Threat Categories	Features
All Settings	Settings Reference
Custom YARA, Policies, CodeGuard	Advanced Features
Troubleshooting	FAQ

Community

Discord — Questions, feedback, and discussions
GitHub Issues — Bug reports and feature requests
Cisco AI Defense — Enterprise AI security

License

Apache 2.0

AI Agent Security Scanner for IDEs

Cisco-AI

AI Agent Security Scanner for IDEs

What It Does

MCP Server Scanning

Agent Skill Scanning

Secure AI-generated Code

Watchdog

Quick Start

Analysis Engines

IDE Integration

Supported Platforms

Key Commands

Security & Privacy

Documentation

Community

License