Skillget

agentic-integration-wrappers

mcp
Security Audit
Fail
Health Pass
  • License — License: Apache-2.0
  • Description — Repository has a description
  • Active repo — Last push 0 days ago
  • Community trust — 10 GitHub stars
Code Fail
  • rm -rf — Recursive force deletion command in build-mcpb.sh
Permissions Pass
  • Permissions — No dangerous permissions requested
Purpose
This tool provides integration wrappers that allow AI coding assistants to use Snyk's security scanning capabilities directly through the Model Context Protocol (MCP).

Security Assessment
The tool acts as a bridge to execute the Snyk CLI, inherently running shell commands and making external network requests to report vulnerabilities. A rule-based scan flagged a recursive force deletion command (`rm -rf`) inside the `build-mcpb.sh` script. However, this appears safely contained within the automated build and packaging process rather than runtime execution. No hardcoded secrets or dangerous permission requests were detected. Overall risk: Medium. While the wrapper itself is a benign configuration layer, underlying execution relies entirely on your local Snyk CLI setup and authentication.

Quality Assessment
The project is highly maintained, with its last code push occurring just today. It is backed by Snyk (a well-known security company) and uses the permissive Apache-2.0 license. Community traction is currently very small with only 10 GitHub stars, and the repository is explicitly closed to public contributions.

Verdict
Use with caution: the wrappers are standard configurations from a trusted vendor, but you should ensure your local Snyk CLI and authentication environment are properly secured.
SUMMARY

Provides wrappers to integrate with agentic workflows

README.md

Snyk Agentic Integration Wrappers

This repository provides integration wrappers that enable AI coding assistants to leverage Snyk's security platform capabilities through the Model Context Protocol (MCP).

Overview

The wrappers in this repository allow agentic AI systems (AI coding assistants) to perform security scanning on code, dependencies, infrastructure, and containers using Snyk's comprehensive security platform. This enables AI assistants to proactively identify and fix security vulnerabilities during code generation and review.

Supported Integrations

Claude Desktop Extension (MCPB)

  • File: manifest.json
  • Purpose: Packages Snyk as a Claude Desktop Extension (MCP Bundle)
  • Build Script: build-mcpb.sh - Creates a .mcpb file for distribution
  • Capabilities: Full Snyk security scanning suite via MCP

Google Gemini Extension

  • File: gemini-extension.json
  • Purpose: Enables Snyk security scanning in Google Gemini Code Assist
  • Configuration: Custom context file support and selective tool exposure

Anthropic MCP Marketplace

  • File: server.json
  • Purpose: Standard MCP server configuration for any MCP-compatible AI assistant
  • Registry: Published to the Model Context Protocol Registry (domain: snyk.io)
  • Distribution: Automated via GitHub Actions workflow on each Snyk CLI release

Security Capabilities

Through these integrations, AI assistants gain access to:

  • SAST (Static Application Security Testing): Code vulnerability scanning
  • SCA (Software Composition Analysis): Open source dependency vulnerability detection
  • IaC (Infrastructure as Code): Security misconfiguration detection in cloud infrastructure
  • Container Security: Container image vulnerability scanning
  • AI-specific features: SBOM generation and testing, AI Bill of Materials (AIBOM)

How It Works

All integrations use the Snyk CLI's MCP server capability (snyk mcp -t stdio), which exposes Snyk's security tools through the Model Context Protocol. The AI assistant can invoke Snyk scans during code generation, review, and security analysis workflows.

Release Process

The repository uses an automated GitHub Actions workflow (build-and-release.yml) that:

  1. Triggers on Snyk CLI releases (via repository_dispatch or manual workflow_dispatch)
  2. Builds the Claude Desktop Extension (.mcpb file) using build-mcpb.sh
  3. Creates a GitHub release with the built artifacts and SHA256 checksums
  4. Publishes the updated MCP server configuration to the Anthropic MCP Registry

This repository is closed to public contributions.

Reviews (0)

No results found