Snyk scans your MCP servers by running them. Here is what that means.

Snyk's agent-scan tool works by starting every MCP server it finds in your config and querying its tool descriptions. That is not a bug. It is the architecture. To retrieve tool descriptions from a stdio MCP server, you have to execute it. The tool does exactly what it says on the box.

The problem is the use case.

What agent-scan actually does

When you run snyk-agent-scan, it reads your local MCP configuration files:

~/.cursor/mcp.json, Claude Desktop config, Windsurf config, and others. For each server it finds, it executes the command array from the config, spins up the server, connects via the MCP protocol, retrieves tool descriptions, and ships that data to Invariant Labs' API at invariantlabs.ai for analysis.

Snyk scans your MCP servers by running them. Here is what that means.

Other newsrooms on this story

Related reading

GitHub MCP Security Scanning: How AI Coding Agents Get an Immune System

The security problem nobody is talking about: MCP servers

I Built a 127-Tool MCP Server From Scratch — Here's What I Learned

Testing and Debugging MCP

Stop Blindly Trusting MCP Servers — Add a Trust Gate to Your AI Agent in 5 Lines

mcp-probe v1.0.0: A CI readiness gate for MCP servers