Live sandbox · AIVSS-aligned · OWASP Agentic Top 10
Know what an AI Artifact does — before it runs.
Agent skills, MCP servers and plugins are code-by-instruction — unsigned, unreviewed, and one prompt away from reading your secrets. AgentScan detonates any artifact in an instrumented sandbox and returns a risk verdict in seconds.
Sign in to scan
Every scan runs in a real, instrumented sandbox on our infrastructure. Sign in with Google to submit a skill, bundle, or folder — it takes one click.
Browsing public reports below needs no account.
Submit file
Submit URL soon
Drop an artifact to detonate
A single SKILL.md, plugin.json, or mcp.json.
Browse files
SKILL.md.mdplugin.jsonmcp.jsonmax 500 KB