Cisco AI Security Scanner

Trust, but verify — security scanning for MCP servers, agent skills, and AI-generated code.

Your AI agents pull in MCP servers, run skills, and generate code — but how do you know what they're actually doing? This extension watches the supply chain around your AI tools and catches threats before they land: prompt injection, data exfiltration, command injection, supply chain tampering, and more.

Works in VS Code · Cursor · Windsurf · Antigravity

Documentation · Installation Guide · Discord · Cisco AI Defense

What It Does

MCP Server Scanning

Analyze tool descriptions, server configurations, and endpoints across every MCP config on your machine. Detects hidden instructions, data exfiltration patterns, cross-tool attack chains, and suspicious commands. Learn more →

Agent Skill Scanning

Inspect skill definitions, referenced scripts, and binaries from Cursor, Claude, Codex, Antigravity, and custom directories. Catches command injection, obfuscated code, privilege escalation, and supply chain risks. Learn more →

CodeGuard

Inject CodeGuard security rules directly into your IDE's agent context so AI-generated code follows secure defaults from the start. Covers 20+ security domains including input validation, authentication, cryptography, and more. Supports Cursor, Windsurf, GitHub Copilot, and Antigravity. Learn more →

Watchdog

Monitor critical AI configuration files for unauthorized changes. Protects against hook injection, auto-memory poisoning, shell alias injection, and MCP server poisoning with SHA-256 snapshots and HMAC verification. Learn more →

Quick Start

Install from the VS Code Marketplace — the Setup Wizard opens automatically
Scan — open the Command Palette (Cmd/Ctrl+Shift+P) and run Scan All (MCP + Skills)
Review findings in the sidebar, dashboard, or Problems panel

YARA and behavioral analysis work out of the box with zero configuration. For deeper analysis, add an LLM provider via Configure LLM Provider in the Command Palette.

See the Installation Guide for LLM provider setup (OpenAI, Anthropic, Azure, Ollama, Google AI Studio, AWS Bedrock, and more).

Analysis Engines

Engine	Local	What it does
YARA Pattern Matching	Yes	Signature-based detection of known malicious patterns using built-in + custom rules
Behavioral Analysis	Yes	Python AST dataflow analysis with taint tracking and control-flow graph construction
LLM Analysis	Depends	Semantic analysis of tool descriptions and skill content for intent-level threats
Cisco AI Defense	No	Cloud-based threat classification powered by Cisco's security intelligence
VirusTotal	No	Hash-based and optional file-upload scanning for binaries referenced by skills
Meta Analyzer	Depends	Second-pass LLM review that cross-correlates findings from all engines (~64% noise reduction)

See the full engine reference for details on all engines and configuration.

IDE Integration

Security Dashboard — Visual summary with severity breakdowns and quick actions
Inline Decorations — Status indicators directly in MCP config files
CodeLens — Contextual info above server definitions
Findings Tree — Organized by config, server, or skill
Watchdog Panel — Real-time file protection status with diff views
One-click Remediation — Trust, allowlist, or remove servers and skills inline
Report Export — JSON, Markdown, or CSV
Scan Comparison — Track new, resolved, and unchanged findings over time

Supported Platforms

MCP Configurations: Cursor · Claude Desktop · VS Code · Windsurf · Antigravity · Workspace configs

Agent Skills: Cursor · Claude · Codex · Antigravity · Custom directories

LLM Providers: OpenAI · Anthropic · Azure OpenAI · Azure AI · AWS Bedrock · GCP Vertex · Ollama · OpenRouter · Google AI Studio

See the full platform matrix for config file locations and skill paths.

Key Commands

Command	Description
Scan All (MCP + Skills)	Scan all MCP configs and skills in a single pass
Open Security Dashboard	Visual security summary with severity breakdown
Configure LLM Provider	Set up AI analysis provider
Configure Cisco AI Defense	Enable Cisco cloud-based classification
CodeGuard: Configure Rules	Select IDEs and security rule categories to inject
CodeGuard: Inject Rules Now	Write selected rules into IDE agent config
Export Scan Report	Export results as JSON, Markdown, or CSV
Compare with Previous Scan	Track new, resolved, and unchanged findings

See the full command reference for all available commands.

Security & Privacy

No Source Code Transmission — Your source code never leaves your machine
No Tool Execution — Analyzes descriptions only; never executes MCP tools or runs skill code
Secure Credential Storage — API keys stored in your OS keychain via VS Code's SecretStorage API
Privacy-First VirusTotal — Only file hashes sent by default; file upload is opt-in
Minimal Network Access — YARA and behavioral analysis are fully local; network requests only for configured analyzers

Anonymous usage telemetry can be disabled at any time via settings. No scan content, API keys, or PII is ever transmitted.

Your use of this extension is governed by the Cisco Online Privacy Statement.

Documentation

Topic	Link
Overview & Commands	Documentation Home
Installation & LLM Setup	Installation Guide
Features & Threat Categories	Features
All Settings	Settings Reference
Custom YARA, Policies, CodeGuard	Advanced Features
Troubleshooting	FAQ

Community

Discord — Questions, feedback, and discussions
GitHub Issues — Bug reports and feature requests
Cisco AI Defense — Enterprise AI security

License

Apache 2.0

Cisco AI Security Scanner

Cisco-AI

Cisco AI Security Scanner

What It Does

MCP Server Scanning

Agent Skill Scanning

CodeGuard

Watchdog

Quick Start

Analysis Engines

IDE Integration

Supported Platforms

Key Commands

Security & Privacy

Documentation

Community

License