From 997564c620aa77ef516198f9f240fb1e054f0a26 Mon Sep 17 00:00:00 2001 From: Wegz Date: Sun, 22 Feb 2026 19:58:55 -0500 Subject: [PATCH 01/10] feat: add agent-bom MCP server AI supply chain security scanner for MCP servers and AI agents. Provides CVE scanning, blast radius analysis, policy enforcement, SBOM generation (CycloneDX/SPDX/SARIF), and remediation planning. Signed-off-by: Mohamed Saad Signed-off-by: Wegz --- .../toolhive/servers/agent-bom/server.json | 77 +++++++++++++++++++ 1 file changed, 77 insertions(+) create mode 100644 registries/toolhive/servers/agent-bom/server.json diff --git a/registries/toolhive/servers/agent-bom/server.json b/registries/toolhive/servers/agent-bom/server.json new file mode 100644 index 00000000..fa76dc34 --- /dev/null +++ b/registries/toolhive/servers/agent-bom/server.json @@ -0,0 +1,77 @@ +{ + "$schema": "https://static.modelcontextprotocol.io/schemas/2025-12-11/server.schema.json", + "name": "io.github.stacklok/agent-bom", + "description": "AI supply chain security scanner — CVE scanning, blast radius analysis, policy enforcement, and SBOM generation for MCP servers and AI agents", + "title": "agent-bom", + "repository": { + "url": "https://github.com/msaad00/agent-bom", + "source": "github" + }, + "version": "1.0.0", + "packages": [ + { + "registryType": "oci", + "identifier": "docker.io/agentbom/agent-bom:0.28.1", + "transport": { + "type": "stdio" + }, + "environmentVariables": [ + { + "name": "NVD_API_KEY", + "description": "NVD API key for higher rate limits on CVSS enrichment (optional)", + "isRequired": false, + "isSecret": true + } + ] + } + ], + "_meta": { + "io.modelcontextprotocol.registry/publisher-provided": { + "io.github.stacklok": { + "docker.io/agentbom/agent-bom:0.28.1": { + "tier": "Community", + "status": "Active", + "tags": [ + "security", + "vulnerability-scanning", + "sbom", + "supply-chain", + "cve", + "blast-radius", + "mcp", + "ai-agents" + ], + "tools": [ + "scan", + "blast_radius", + "policy_check", + "registry_lookup", + "generate_sbom", + "compliance", + "remediate" + ], + "permissions": { + "network": { + "outbound": { + "allow_host": [ + "api.osv.dev", + "services.nvd.nist.gov", + "api.first.org", + "www.cisa.gov" + ], + "allow_port": [ + 443 + ] + } + } + }, + "custom_metadata": { + "author": "Mohamed Saad", + "homepage": "https://github.com/msaad00/agent-bom", + "license": "Apache-2.0" + } + } + } + } + } +} From 1cf708be24f948beeccca5049361636d28d0905d Mon Sep 17 00:00:00 2001 From: Wegz Date: Tue, 24 Feb 2026 01:47:07 -0500 Subject: [PATCH 02/10] feat: update agent-bom to v0.31.1 with GHCR image - Update image from docker.io/agentbom/agent-bom:0.28.1 to ghcr.io/msaad00/agent-bom:v0.31.1 - Fix namespace from io.github.stacklok to io.github.msaad00 - Update version from 1.0.0 to 0.31.1 - Add check tool and npm/PyPI to allowed network hosts --- .../toolhive/servers/agent-bom/server.json | 17 ++++++++++------- 1 file changed, 10 insertions(+), 7 deletions(-) diff --git a/registries/toolhive/servers/agent-bom/server.json b/registries/toolhive/servers/agent-bom/server.json index fa76dc34..e0b448bf 100644 --- a/registries/toolhive/servers/agent-bom/server.json +++ b/registries/toolhive/servers/agent-bom/server.json @@ -1,17 +1,17 @@ { "$schema": "https://static.modelcontextprotocol.io/schemas/2025-12-11/server.schema.json", - "name": "io.github.stacklok/agent-bom", + "name": "io.github.msaad00/agent-bom", "description": "AI supply chain security scanner — CVE scanning, blast radius analysis, policy enforcement, and SBOM generation for MCP servers and AI agents", "title": "agent-bom", "repository": { "url": "https://github.com/msaad00/agent-bom", "source": "github" }, - "version": "1.0.0", + "version": "0.31.1", "packages": [ { "registryType": "oci", - "identifier": "docker.io/agentbom/agent-bom:0.28.1", + "identifier": "ghcr.io/msaad00/agent-bom:v0.31.1", "transport": { "type": "stdio" }, @@ -27,8 +27,8 @@ ], "_meta": { "io.modelcontextprotocol.registry/publisher-provided": { - "io.github.stacklok": { - "docker.io/agentbom/agent-bom:0.28.1": { + "io.github.msaad00": { + "ghcr.io/msaad00/agent-bom:v0.31.1": { "tier": "Community", "status": "Active", "tags": [ @@ -43,6 +43,7 @@ ], "tools": [ "scan", + "check", "blast_radius", "policy_check", "registry_lookup", @@ -57,7 +58,9 @@ "api.osv.dev", "services.nvd.nist.gov", "api.first.org", - "www.cisa.gov" + "www.cisa.gov", + "registry.npmjs.org", + "pypi.org" ], "allow_port": [ 443 @@ -66,7 +69,7 @@ } }, "custom_metadata": { - "author": "Mohamed Saad", + "author": "W S", "homepage": "https://github.com/msaad00/agent-bom", "license": "Apache-2.0" } From 98d0d4a111d0b76eec9bc5a4730e998131dce291 Mon Sep 17 00:00:00 2001 From: Wegz Date: Thu, 5 Mar 2026 13:32:36 -0500 Subject: [PATCH 03/10] =?UTF-8?q?feat:=20update=20agent-bom=20to=20v0.54.0?= =?UTF-8?q?=20=E2=80=94=2018=20MCP=20tools,=20CIS=20benchmarks,=2010=20com?= =?UTF-8?q?pliance=20frameworks?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Major update from v0.31.1 (8 tools) to v0.54.0 (18 tools): New tools: verify, where, inventory, diff, skill_trust, marketplace_check, code_scan, context_graph, analytics_query, cis_benchmark New capabilities: - CIS benchmarks (AWS Foundations v3.0, Snowflake v1.0) - 20 MCP client auto-discovery - 13 cloud provider scanning - 10 compliance frameworks (OWASP LLM, MITRE ATLAS, NIST, EU AI Act, ...) - Policy-as-code with 18 conditions - Transitive dependency resolution (npm, PyPI, Go, Cargo, Maven) --- .../toolhive/servers/agent-bom/server.json | 33 ++++++++++++++----- 1 file changed, 25 insertions(+), 8 deletions(-) diff --git a/registries/toolhive/servers/agent-bom/server.json b/registries/toolhive/servers/agent-bom/server.json index e0b448bf..df3cbf11 100644 --- a/registries/toolhive/servers/agent-bom/server.json +++ b/registries/toolhive/servers/agent-bom/server.json @@ -1,17 +1,17 @@ { "$schema": "https://static.modelcontextprotocol.io/schemas/2025-12-11/server.schema.json", "name": "io.github.msaad00/agent-bom", - "description": "AI supply chain security scanner — CVE scanning, blast radius analysis, policy enforcement, and SBOM generation for MCP servers and AI agents", + "description": "AI supply chain security scanner for MCP servers and AI agents. CVE scanning, blast radius analysis, CIS benchmarks, policy enforcement, SBOM generation, and compliance across 10 frameworks.", "title": "agent-bom", "repository": { "url": "https://github.com/msaad00/agent-bom", "source": "github" }, - "version": "0.31.1", + "version": "0.54.0", "packages": [ { "registryType": "oci", - "identifier": "ghcr.io/msaad00/agent-bom:v0.31.1", + "identifier": "ghcr.io/msaad00/agent-bom:v0.54.0", "transport": { "type": "stdio" }, @@ -28,7 +28,7 @@ "_meta": { "io.modelcontextprotocol.registry/publisher-provided": { "io.github.msaad00": { - "ghcr.io/msaad00/agent-bom:v0.31.1": { + "ghcr.io/msaad00/agent-bom:v0.54.0": { "tier": "Community", "status": "Active", "tags": [ @@ -39,7 +39,11 @@ "cve", "blast-radius", "mcp", - "ai-agents" + "ai-agents", + "compliance", + "cis-benchmarks", + "owasp", + "policy-as-code" ], "tools": [ "scan", @@ -49,7 +53,17 @@ "registry_lookup", "generate_sbom", "compliance", - "remediate" + "remediate", + "verify", + "where", + "inventory", + "diff", + "skill_trust", + "marketplace_check", + "code_scan", + "context_graph", + "analytics_query", + "cis_benchmark" ], "permissions": { "network": { @@ -60,7 +74,10 @@ "api.first.org", "www.cisa.gov", "registry.npmjs.org", - "pypi.org" + "pypi.org", + "crates.io", + "proxy.golang.org", + "search.maven.org" ], "allow_port": [ 443 @@ -69,7 +86,7 @@ } }, "custom_metadata": { - "author": "W S", + "author": "Mohamed Saad", "homepage": "https://github.com/msaad00/agent-bom", "license": "Apache-2.0" } From cb5aaac03cc2394171d561778032812cce32b134 Mon Sep 17 00:00:00 2001 From: Wegz Date: Thu, 5 Mar 2026 14:00:07 -0500 Subject: [PATCH 04/10] chore: bump agent-bom to v0.55.0 (Streamlit dashboard, self-scan) --- registries/toolhive/servers/agent-bom/server.json | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/registries/toolhive/servers/agent-bom/server.json b/registries/toolhive/servers/agent-bom/server.json index df3cbf11..5d11321d 100644 --- a/registries/toolhive/servers/agent-bom/server.json +++ b/registries/toolhive/servers/agent-bom/server.json @@ -7,11 +7,11 @@ "url": "https://github.com/msaad00/agent-bom", "source": "github" }, - "version": "0.54.0", + "version": "0.55.0", "packages": [ { "registryType": "oci", - "identifier": "ghcr.io/msaad00/agent-bom:v0.54.0", + "identifier": "ghcr.io/msaad00/agent-bom:v0.55.0", "transport": { "type": "stdio" }, @@ -28,7 +28,7 @@ "_meta": { "io.modelcontextprotocol.registry/publisher-provided": { "io.github.msaad00": { - "ghcr.io/msaad00/agent-bom:v0.54.0": { + "ghcr.io/msaad00/agent-bom:v0.55.0": { "tier": "Community", "status": "Active", "tags": [ From adb2e38215a7379aff29e214d7b1e237742e6356 Mon Sep 17 00:00:00 2001 From: Wagdy Saad Date: Tue, 10 Mar 2026 03:25:33 -0400 Subject: [PATCH 05/10] =?UTF-8?q?feat:=20update=20agent-bom=20to=20v0.68.1?= =?UTF-8?q?=20=E2=80=94=2030=20MCP=20tools?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit - Version: 0.55.0 → 0.68.1 - Tools: 18 → 30 (added fleet_scan, runtime_correlate, vector_db_scan, aisvs_benchmark, gpu_infra_scan, dataset_card_scan, training_pipeline_scan, browser_extension_scan, model_provenance_scan, prompt_scan, model_file_scan, license_compliance_scan) - Description: updated to canonical tagline - Tags: added ai-infrastructure, gpu, runtime-enforcement - Env vars: added optional SNYK_TOKEN - Author: corrected to Wagdy Saad Signed-off-by: Wagdy Saad --- .../toolhive/servers/agent-bom/server.json | 37 +++++++++++++++---- 1 file changed, 29 insertions(+), 8 deletions(-) diff --git a/registries/toolhive/servers/agent-bom/server.json b/registries/toolhive/servers/agent-bom/server.json index 5d11321d..ad699b1c 100644 --- a/registries/toolhive/servers/agent-bom/server.json +++ b/registries/toolhive/servers/agent-bom/server.json @@ -1,17 +1,17 @@ { "$schema": "https://static.modelcontextprotocol.io/schemas/2025-12-11/server.schema.json", "name": "io.github.msaad00/agent-bom", - "description": "AI supply chain security scanner for MCP servers and AI agents. CVE scanning, blast radius analysis, CIS benchmarks, policy enforcement, SBOM generation, and compliance across 10 frameworks.", + "description": "Security scanner for AI infrastructure — CVEs, blast radius, credential exposure, runtime enforcement across MCP servers, containers, cloud, and GPU.", "title": "agent-bom", "repository": { "url": "https://github.com/msaad00/agent-bom", "source": "github" }, - "version": "0.55.0", + "version": "0.68.1", "packages": [ { "registryType": "oci", - "identifier": "ghcr.io/msaad00/agent-bom:v0.55.0", + "identifier": "ghcr.io/msaad00/agent-bom:v0.68.1", "transport": { "type": "stdio" }, @@ -21,6 +21,12 @@ "description": "NVD API key for higher rate limits on CVSS enrichment (optional)", "isRequired": false, "isSecret": true + }, + { + "name": "SNYK_TOKEN", + "description": "Snyk API token for vulnerability enrichment (optional)", + "isRequired": false, + "isSecret": true } ] } @@ -28,7 +34,7 @@ "_meta": { "io.modelcontextprotocol.registry/publisher-provided": { "io.github.msaad00": { - "ghcr.io/msaad00/agent-bom:v0.55.0": { + "ghcr.io/msaad00/agent-bom:v0.68.1": { "tier": "Community", "status": "Active", "tags": [ @@ -40,10 +46,13 @@ "blast-radius", "mcp", "ai-agents", + "ai-infrastructure", "compliance", "cis-benchmarks", "owasp", - "policy-as-code" + "policy-as-code", + "gpu", + "runtime-enforcement" ], "tools": [ "scan", @@ -54,16 +63,28 @@ "generate_sbom", "compliance", "remediate", + "skill_trust", "verify", "where", "inventory", "diff", - "skill_trust", "marketplace_check", "code_scan", "context_graph", "analytics_query", - "cis_benchmark" + "cis_benchmark", + "fleet_scan", + "runtime_correlate", + "vector_db_scan", + "aisvs_benchmark", + "gpu_infra_scan", + "dataset_card_scan", + "training_pipeline_scan", + "browser_extension_scan", + "model_provenance_scan", + "prompt_scan", + "model_file_scan", + "license_compliance_scan" ], "permissions": { "network": { @@ -86,7 +107,7 @@ } }, "custom_metadata": { - "author": "Mohamed Saad", + "author": "Wagdy Saad", "homepage": "https://github.com/msaad00/agent-bom", "license": "Apache-2.0" } From 2f44731923519bbb2be0c9323e8c58c755860dee Mon Sep 17 00:00:00 2001 From: Wagdy Saad Date: Tue, 10 Mar 2026 03:35:01 -0400 Subject: [PATCH 06/10] fix: remove unnecessary SNYK_TOKEN env var from listing Signed-off-by: Wagdy Saad --- registries/toolhive/servers/agent-bom/server.json | 6 ------ 1 file changed, 6 deletions(-) diff --git a/registries/toolhive/servers/agent-bom/server.json b/registries/toolhive/servers/agent-bom/server.json index ad699b1c..a30d7290 100644 --- a/registries/toolhive/servers/agent-bom/server.json +++ b/registries/toolhive/servers/agent-bom/server.json @@ -21,12 +21,6 @@ "description": "NVD API key for higher rate limits on CVSS enrichment (optional)", "isRequired": false, "isSecret": true - }, - { - "name": "SNYK_TOKEN", - "description": "Snyk API token for vulnerability enrichment (optional)", - "isRequired": false, - "isSecret": true } ] } From f6ba5f891750ddcef634a8d13859848900eeae84 Mon Sep 17 00:00:00 2001 From: Wagdy Saad Date: Tue, 10 Mar 2026 03:37:59 -0400 Subject: [PATCH 07/10] fix: add required icons, overview, and correct version format - Add icon.svg (shield logo) to server directory - Add icons array to server.json pointing to raw GitHub URL - Add overview markdown in _meta (capabilities summary) - Change version from "0.68.1" to "1.0.0" (catalog entry version, not software version) - Remove SNYK_TOKEN (unnecessary env var) Signed-off-by: Wagdy Saad --- registries/toolhive/servers/agent-bom/icon.svg | 10 ++++++++++ registries/toolhive/servers/agent-bom/server.json | 12 +++++++++++- 2 files changed, 21 insertions(+), 1 deletion(-) create mode 100644 registries/toolhive/servers/agent-bom/icon.svg diff --git a/registries/toolhive/servers/agent-bom/icon.svg b/registries/toolhive/servers/agent-bom/icon.svg new file mode 100644 index 00000000..f8715322 --- /dev/null +++ b/registries/toolhive/servers/agent-bom/icon.svg @@ -0,0 +1,10 @@ + + + + + + + + + + diff --git a/registries/toolhive/servers/agent-bom/server.json b/registries/toolhive/servers/agent-bom/server.json index a30d7290..74995349 100644 --- a/registries/toolhive/servers/agent-bom/server.json +++ b/registries/toolhive/servers/agent-bom/server.json @@ -3,11 +3,20 @@ "name": "io.github.msaad00/agent-bom", "description": "Security scanner for AI infrastructure — CVEs, blast radius, credential exposure, runtime enforcement across MCP servers, containers, cloud, and GPU.", "title": "agent-bom", + "icons": [ + { + "mimeType": "image/svg+xml", + "sizes": [ + "any" + ], + "src": "https://raw.githubusercontent.com/stacklok/toolhive-registry/main/registries/toolhive/servers/agent-bom/icon.svg" + } + ], "repository": { "url": "https://github.com/msaad00/agent-bom", "source": "github" }, - "version": "0.68.1", + "version": "1.0.0", "packages": [ { "registryType": "oci", @@ -29,6 +38,7 @@ "io.modelcontextprotocol.registry/publisher-provided": { "io.github.msaad00": { "ghcr.io/msaad00/agent-bom:v0.68.1": { + "overview": "## agent-bom\n\nSecurity scanner for AI infrastructure. Scans MCP servers, AI agents, containers, cloud environments, and GPU compute for CVEs, credential exposure, tool poisoning, and configuration drift.\n\n### Key capabilities\n\n- **30 MCP tools** for AI assistant integration (Claude, Cursor, Windsurf)\n- CVE scanning with blast radius analysis across transitive dependencies\n- Credential leak detection in MCP tool arguments and responses\n- CIS benchmark checks for AWS, Azure, GCP, Snowflake, Databricks\n- Policy-as-code engine with 17 declarative conditions\n- Compliance mapping across 11 frameworks (OWASP LLM/MCP/Agentic, MITRE ATLAS, NIST AI RMF, EU AI Act)\n- SBOM generation (CycloneDX, SPDX)\n- Runtime proxy for MCP traffic interception and enforcement", "tier": "Community", "status": "Active", "tags": [ From 033def0995d571d3241283b1c1c9ffd2d7e9be7f Mon Sep 17 00:00:00 2001 From: Wagdy Saad Date: Tue, 10 Mar 2026 03:39:23 -0400 Subject: [PATCH 08/10] chore: bump image tag to v0.68.2 Signed-off-by: Wagdy Saad --- registries/toolhive/servers/agent-bom/server.json | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/registries/toolhive/servers/agent-bom/server.json b/registries/toolhive/servers/agent-bom/server.json index 74995349..9df58c3e 100644 --- a/registries/toolhive/servers/agent-bom/server.json +++ b/registries/toolhive/servers/agent-bom/server.json @@ -20,7 +20,7 @@ "packages": [ { "registryType": "oci", - "identifier": "ghcr.io/msaad00/agent-bom:v0.68.1", + "identifier": "ghcr.io/msaad00/agent-bom:v0.68.2", "transport": { "type": "stdio" }, @@ -37,7 +37,7 @@ "_meta": { "io.modelcontextprotocol.registry/publisher-provided": { "io.github.msaad00": { - "ghcr.io/msaad00/agent-bom:v0.68.1": { + "ghcr.io/msaad00/agent-bom:v0.68.2": { "overview": "## agent-bom\n\nSecurity scanner for AI infrastructure. Scans MCP servers, AI agents, containers, cloud environments, and GPU compute for CVEs, credential exposure, tool poisoning, and configuration drift.\n\n### Key capabilities\n\n- **30 MCP tools** for AI assistant integration (Claude, Cursor, Windsurf)\n- CVE scanning with blast radius analysis across transitive dependencies\n- Credential leak detection in MCP tool arguments and responses\n- CIS benchmark checks for AWS, Azure, GCP, Snowflake, Databricks\n- Policy-as-code engine with 17 declarative conditions\n- Compliance mapping across 11 frameworks (OWASP LLM/MCP/Agentic, MITRE ATLAS, NIST AI RMF, EU AI Act)\n- SBOM generation (CycloneDX, SPDX)\n- Runtime proxy for MCP traffic interception and enforcement", "tier": "Community", "status": "Active", From 3ca62425aa673dab56057347f5f3b3fdee258275 Mon Sep 17 00:00:00 2001 From: W S <34316639+msaad00@users.noreply.github.com> Date: Thu, 12 Mar 2026 12:09:38 -0400 Subject: [PATCH 09/10] =?UTF-8?q?fix:=20address=20PR=20#784=20review=20fee?= =?UTF-8?q?dback=20=E2=80=94=20publisher=20namespace,=20version,=20tool=20?= =?UTF-8?q?count?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../toolhive/servers/agent-bom/server.json | 24 +++++++++++++++---- 1 file changed, 19 insertions(+), 5 deletions(-) diff --git a/registries/toolhive/servers/agent-bom/server.json b/registries/toolhive/servers/agent-bom/server.json index 9df58c3e..07e4e4b7 100644 --- a/registries/toolhive/servers/agent-bom/server.json +++ b/registries/toolhive/servers/agent-bom/server.json @@ -20,7 +20,7 @@ "packages": [ { "registryType": "oci", - "identifier": "ghcr.io/msaad00/agent-bom:v0.68.2", + "identifier": "ghcr.io/msaad00/agent-bom:v0.70.5", "transport": { "type": "stdio" }, @@ -36,9 +36,22 @@ ], "_meta": { "io.modelcontextprotocol.registry/publisher-provided": { - "io.github.msaad00": { - "ghcr.io/msaad00/agent-bom:v0.68.2": { - "overview": "## agent-bom\n\nSecurity scanner for AI infrastructure. Scans MCP servers, AI agents, containers, cloud environments, and GPU compute for CVEs, credential exposure, tool poisoning, and configuration drift.\n\n### Key capabilities\n\n- **30 MCP tools** for AI assistant integration (Claude, Cursor, Windsurf)\n- CVE scanning with blast radius analysis across transitive dependencies\n- Credential leak detection in MCP tool arguments and responses\n- CIS benchmark checks for AWS, Azure, GCP, Snowflake, Databricks\n- Policy-as-code engine with 17 declarative conditions\n- Compliance mapping across 11 frameworks (OWASP LLM/MCP/Agentic, MITRE ATLAS, NIST AI RMF, EU AI Act)\n- SBOM generation (CycloneDX, SPDX)\n- Runtime proxy for MCP traffic interception and enforcement", + "io.github.stacklok": { + "ghcr.io/msaad00/agent-bom:v0.70.5": { + "overview": "## agent-bom + +Security scanner for AI infrastructure. Scans MCP servers, AI agents, containers, cloud environments, and GPU compute for CVEs, credential exposure, tool poisoning, and configuration drift. + +### Key capabilities + +- **31 MCP tools** for AI assistant integration (Claude, Cursor, Windsurf) +- CVE scanning with blast radius analysis across transitive dependencies +- Credential leak detection in MCP tool arguments and responses +- CIS benchmark checks for AWS, Azure, GCP, Snowflake, Databricks +- Policy-as-code engine with 17 declarative conditions +- Compliance mapping across 11 frameworks (OWASP LLM/MCP/Agentic, MITRE ATLAS, NIST AI RMF, EU AI Act) +- SBOM generation (CycloneDX, SPDX) +- Runtime proxy for MCP traffic interception and enforcement", "tier": "Community", "status": "Active", "tags": [ @@ -88,7 +101,8 @@ "model_provenance_scan", "prompt_scan", "model_file_scan", - "license_compliance_scan" + "license_compliance_scan", + "ingest_external_scan" ], "permissions": { "network": { From 97420cfb8f0b8e4ffa5606b8cd4588939639fa2f Mon Sep 17 00:00:00 2001 From: W S <34316639+msaad00@users.noreply.github.com> Date: Thu, 12 Mar 2026 12:20:36 -0400 Subject: [PATCH 10/10] =?UTF-8?q?fix:=20remove=20NVD=5FAPI=5FKEY=20env=20v?= =?UTF-8?q?ar=20=E2=80=94=20no=20user=20keys=20needed,=20OSV=20is=20primar?= =?UTF-8?q?y=20source?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- registries/toolhive/servers/agent-bom/server.json | 9 +-------- 1 file changed, 1 insertion(+), 8 deletions(-) diff --git a/registries/toolhive/servers/agent-bom/server.json b/registries/toolhive/servers/agent-bom/server.json index 07e4e4b7..b3a23ba8 100644 --- a/registries/toolhive/servers/agent-bom/server.json +++ b/registries/toolhive/servers/agent-bom/server.json @@ -24,14 +24,7 @@ "transport": { "type": "stdio" }, - "environmentVariables": [ - { - "name": "NVD_API_KEY", - "description": "NVD API key for higher rate limits on CVSS enrichment (optional)", - "isRequired": false, - "isSecret": true - } - ] + "environmentVariables": [] } ], "_meta": {