Cisco IDE AI Security Scanner
Trust, but verify — security scanning for MCP servers, agent skills, and AI-generated code.
Your AI agents pull in MCP servers, run skills, and generate code — but how do you know what they're actually doing? Cisco AI Security Scanner watches the supply chain around your AI tools and catches threats before they land: hidden instructions, data exfiltration, prompt injection, vulnerable patterns, and more.
Works in VS Code, Cursor, Windsurf, and Antigravity.
Join Discord | Cisco AI Defense
How It Works
Get protected in three steps.
1. Install — Install from the VS Code Marketplace or via VSIX. The Setup Wizard walks you through initial configuration.
2. Configure — Choose your analyzers — YARA and behavioral analysis run out of the box. Optionally add an LLM provider, Cisco AI Defense, or VirusTotal for deeper analysis.
3. Scan — Run Scan All (MCP + Skills) from the Command Palette, or let auto-scan handle it. Review findings in the sidebar, dashboard, or Problems panel.
Command Reference
All commands are accessible via the Command Palette (Cmd/Ctrl+Shift+P).
Scanning
| Command | Description |
|---|---|
| Scan All (MCP + Skills) | Scan all MCP configs and skills in a single pass |
| Scan All MCP Configurations | Scan MCP configurations only |
| Scan Global MCP Configurations | Scan IDE-level MCP configs only |
| Scan Workspace MCP Configurations | Scan project-level MCP configs only |
| Scan This MCP Config File | Scan a specific MCP config file (context menu) |
| Scan All Skills | Scan all discovered skills |
| Scan Global Skills | Scan IDE-level skills only |
| Scan Workspace Skills | Scan project-level skills only |
| Scan This Skill | Scan a specific skill (context menu) |
| Refresh Configurations | Refresh the list of discovered MCP configurations |
| Refresh Skills | Refresh the list of discovered skills |
| Refresh Findings | Refresh the current security findings |
| Refresh Analyzers | Refresh the state of the analysis engines |
| Refresh Settings | Refresh the extension settings view |
| Refresh History | Refresh the scan history list |
| Refresh Allowlist | Refresh the allowlist view |
Skill Specific
| Command | Description |
|---|---|
| Trust This Skill | Add a skill to the allowlist |
| View Skill Details | View detailed information about a discovered skill |
| Show Skill Details | Show details for a specific skill in the UI |
| Show Skill Finding Details | Show details for a specific security finding in a skill |
| Open File at Finding | Open the skill file directly to the line containing the finding |
| Configure Scan Policy | Open the interactive scan policy editor |
Configuration
| Command | Description |
|---|---|
| Configure LLM Provider | Select your LLM provider and enter your API key |
| Configure Cisco AI Defense | Enter your Cisco AI Defense API key |
| Configure VirusTotal API | Enter your VirusTotal API key |
| Configure Analyzer | Quick-toggle analyzers on or off |
| Open Setup | Open the extension setup interface |
| Open Setup Wizard | Re-run the initial setup wizard |
| Open Extension Settings | Open VS Code settings filtered to scanner settings |
| Test LLM Connection | Verify your LLM API key and endpoint are working |
| Toggle Setting | Quick toggle for boolean settings |
| Select Setting Value | Quick selection for enum settings |
Results and Reports
| Command | Description |
|---|---|
| Open Security Dashboard | Visual summary with severity breakdown and quick actions |
| Show Scan Results | Show the most recent scan results in the sidebar |
| Show Finding Details | Open detailed view for a specific security finding |
| Export Scan Report | Export results as JSON, Markdown, or CSV |
| Compare with Previous Scan | See new, resolved, and unchanged findings |
| Open Custom YARA Rules Folder | Open the directory for custom rules |
| Show Scan History | Browse past scan results |
Allowlist
| Command | Description |
|---|---|
| Add to Allowlist | Suppress findings for a trusted server, tool, or skill |
| Remove from Allowlist | Re-enable scanning for an allowlisted item |
| Remove Server | Remove a flagged server from the MCP config |
| View Tool Details | View detailed information about a discovered tool |
CodeGuard
| Command | Description |
|---|---|
| Configure CodeGuard Rules | Select IDEs and rule categories to inject |
| Inject Rules Now | Write selected rules into IDE agent config |
| Remove All Rules | Remove all injected CodeGuard rules |
| Show Injection Status | See which rules are currently active |
| Reset Injection Consent | Reset the prompt asking for permission to inject rules |
Watchdog
| Command | Description |
|---|---|
| Toggle File Protection | Enable or disable Watchdog globally |
| Add File to Watchlist | Monitor a custom file path |
| Remove File from Watchlist | Stop monitoring a specific file |
| View Diff Against Snapshot | See what changed since the last snapshot |
| Restore File from Snapshot | Revert a file to its last known-good state |
| Accept Current File State | Accept the current content as the new baseline |
| Re-Snapshot All Files | Take fresh snapshots of all monitored files |
| Restore All Modified Files | Revert all modified files at once |
| Configure Presets | Toggle which file protection presets are active |
| Refresh | Refresh the Watchdog status view |
| Show Activity Log | View the history of file changes and Watchdog actions |
| Check Protection Status | Check the current protection status |
| Clear All Snapshots | Remove all stored snapshots and start fresh |
Troubleshooting
| Command | Description |
|---|---|
| Toggle Debug Mode | Enable verbose logging for troubleshooting |
| Show History Details | Show detailed information about a historical scan |
| Show Extension Logs | Open the output channel with scanner logs |
| Reset Python Environment | Rebuild the Python virtual environment and reinstall scanners |
| Clear All Stored Data & Keys | Remove all cached data, API keys, and scan history |
| Clear Scan History | Remove all stored scan history |
Security and Privacy
- Secure Credential Storage — API keys stored in your OS keychain via VS Code's SecretStorage API
- No Tool Execution — Analyzes descriptions only; never executes MCP tools or runs skill code
- Privacy-First VirusTotal — Only file hashes sent by default; file upload is opt-in
- Minimal Network Access — Requests only made for configured analyzers (YARA and behavioral analysis are fully local)
- No Source Code Transmission — Your source code never leaves your machine; only MCP tool descriptions and skill definitions are sent to configured analysis services