tanav.aiScanResearchARDGet Started
Open appTry free scan →
Featured Solution

Shadow AI

Your developers have already connected MCP servers you've never reviewed.

CRITICAL
--dangerously-skip-permissions + .env credential access — widely deployed in developer configs
garrytan/gstack · CHK-115 · AI confirmed
shadow AI detection · config vs approved inventoryclaude_desktop_config@anthropic/mcpserver-gitstripe-mcpcustom-agentanother-serverapproved.json@anthropic/mcpserver-gitcustom-agentSHADOWstripe-mcpnot in allowlistSHADOWanother-serverscore: 83 · BLOCKaiss scan · stripe-mcp · score: 83/100● CRITICAL · CHK-115 · credential access in SKILL.md● HIGH · CHK-125 · unrestricted filesystem access● MEDIUM · CHK-126 · no description, single versionaction: BLOCK recommended · policy violation logged · SIEM notified
9
AI artifact types scanned
297
critical findings confirmed
0
other scanners cover skill files
Featured Solution
See what's installed before it becomes an incident.

Developers add MCP servers to claude_desktop_config.json and .cursor/mcp.json without any security review. AISS reads those files, compares against your approved inventory, and surfaces every gap immediately.

Parses claude_desktop_config.json, .cursor/mcp.json, Windsurf config
Compares installed servers against org allowlist
Unknown servers flagged with risk score attached
Full finding report before you approve or block
shadow AI detection · config vs approved inventoryclaude_desktop_config@anthropic/mcpserver-gitstripe-mcpcustom-agentanother-serverapproved.json@anthropic/mcpserver-gitcustom-agentSHADOWstripe-mcpnot in allowlistSHADOWanother-serverscore: 83 · BLOCKaiss scan · stripe-mcp · score: 83/100● CRITICAL · CHK-115 · credential access in SKILL.md● HIGH · CHK-125 · unrestricted filesystem access● MEDIUM · CHK-126 · no description, single versionaction: BLOCK recommended · policy violation logged · SIEM notified
How it works
01
Connect your GitHub org
OAuth in 30 seconds. AISS discovers every MCP server, skill file, hook, and agent config across all repos.
02
22 modules scan in parallel
CVE lookup, secret scanning, auth checking, tool description analysis, skill file parsing — all concurrent, all hand-written.
03
LLM verifies high-severity
Critical and high findings go to an LLM verifier before reporting. No false positives reach your CISO.
04
Gate, alert, or export
Block in CI via SARIF. Send to SIEM via NDJSON. Export CycloneDX SBOM. Enforce allowlist/blocklist policy.
Press coverage
VentureBeat
Anthropic Skill scanners passed every check. The malicious code rode in on a test file.
VentureBeat
No publicly documented scanner operates outside the assumption that the threat lives in SKILL.md.
CrowdStrike · RSAC 2026
ClawHavoc — 1,184 malicious skills confirmed in the wild. The attack surface is the skill layer.