Problem or use case
agentsec uses pattern matching to detect malicious URLs and domains in skill files and MCP configs. SkillScan-Security maintains a curated database of 163 malicious domains and 1,310 IPs, updated twice daily. Matching against known-bad infrastructure catches threats that pattern matching misses.
Proposed solution
Add a local IOC database that ships with the package and updates via agentsec update-ioc:
agentsec update-ioc # Fetch latest IOC feed
agentsec scan # Automatically checks against local IOC db
IOC sources (curated, not raw threat feeds):
- Known malicious domains used in prompt injection attacks
- Known C2 infrastructure targeting AI agents
- Package names flagged for supply chain attacks (typosquatting)
The database ships as a JSON file in the package. update-ioc fetches the latest version from a GitHub-hosted feed. All matching is local (no API calls during scan).
Area
Skill scanner / MCP scanner
Problem or use case
agentsec uses pattern matching to detect malicious URLs and domains in skill files and MCP configs. SkillScan-Security maintains a curated database of 163 malicious domains and 1,310 IPs, updated twice daily. Matching against known-bad infrastructure catches threats that pattern matching misses.
Proposed solution
Add a local IOC database that ships with the package and updates via
agentsec update-ioc:IOC sources (curated, not raw threat feeds):
The database ships as a JSON file in the package.
update-iocfetches the latest version from a GitHub-hosted feed. All matching is local (no API calls during scan).Area
Skill scanner / MCP scanner