Skip to content
Cisco
CiscoAI Security

Frequently Asked Questions

What does this extension actually scan?

It scans two categories of targets:

  1. MCP server configurations — Tool descriptions, server definitions, commands, arguments, environment variables, and endpoint URLs from MCP config files across Cursor, Claude Desktop, VS Code, Windsurf, Antigravity, and workspace-level configs.
  2. Agent skill definitions — SKILL.md manifests, referenced scripts, and binaries from Cursor, Claude, Codex, Antigravity, and custom skill directories.

It analyzes the metadata and descriptions — it never executes tools or runs skill code.

Does it execute MCP tools?

No. The scanner reads tool descriptions provided by the MCP protocol. It never calls, invokes, or executes any MCP tools. This is a strictly read-only analysis approach.

Which LLM providers are supported?

Nine providers: OpenAI, Anthropic, Azure OpenAI, Azure AI Services (Claude/Llama), AWS Bedrock, GCP Vertex AI, Ollama (local/offline), OpenRouter, and Google AI Studio.

See the Installation page for detailed setup instructions for each provider.

Is my source code sent anywhere?

No. Your source code never leaves your machine. The extension only sends MCP tool descriptions and skill definition content to configured analysis services (LLM providers, Cisco AI Defense, VirusTotal). VirusTotal only receives file hashes by default — file upload is opt-in via skill-scanner.virustotal.uploadUnknownFiles.

What do the severity levels mean?

SeverityMeaning
CriticalActive exploitation or direct data exfiltration with high confidence
HighStrong indicators of malicious intent or dangerous capability
MediumSuspicious patterns that warrant investigation
LowMinor concerns or informational hygiene issues
InfoStructural or metadata observations with no security impact
SafeNo findings detected by any enabled analyzer

See the Features page for full details and examples.

How do I scan workspace-only configs?

Set mcp-scanner.scanScope to workspace in settings. This limits scanning to MCP configurations found in your current project folder (e.g. .cursor/mcp.json, .vscode/mcp.json). Use both to scan global and workspace configs together.

What is CodeGuard?

CodeGuard injects security rules into your IDE's AI agent context (Cursor rules, Windsurf rules, GitHub Copilot instructions, Antigravity rules) so that AI-generated code follows secure coding patterns from the start. Rules cover 20+ security domains including input validation, authentication, cryptography, and more. Rules are sourced from Project CodeGuard.

See the Advanced Features page for a full list of rule categories and the injection workflow.

How does Watchdog work?

Watchdog takes SHA-256 snapshots of critical AI configuration files and monitors them for changes using file system watchers. When a change is detected, it either notifies you (with options to view diff, accept, or restore) or automatically restores the file to its last known-good state, depending on your watchdog.action setting.

Built-in presets cover known attack vectors: hook injection, auto-memory poisoning, shell alias injection, and MCP server poisoning. See the Features page for the full preset table.

What are the Watchdog presets and what do they protect?

PresetProtects
cursorCursor MCP config, .cursorrules, hooks (local + global)
claude-codeClaude settings (hooks target), CLAUDE.md, MEMORY.md, per-project memory files
claude-desktopClaude Desktop MCP config
shell-config~/.zshrc, ~/.bashrc, ~/.bash_profile, ~/.zprofile, ~/.profile
vscodeVS Code global and workspace MCP configs
windsurfWindsurf MCP config and .windsurfrules
workspace-mcpWorkspace-level mcp.json, .mcp/config.json, .cursor/mcp.json

Default enabled: cursor, claude-code, shell-config. Presets are no-ops for files that don't exist, so enabling them is safe even when you don't use the corresponding tool.

How do I add custom YARA rules?

  1. Create a directory for your rules (e.g. ~/.security-rules/yara/)
  2. Add .yar or .yara files to it
  3. Set mcp-scanner.customYara.rulesPath to that directory
  4. Enable mcp-scanner.customYara.enabled

Your rules will be loaded alongside the built-in set on the next scan. See the Advanced Features page for an example rule and guidance on writing effective rules.

Can I use it offline (with Ollama)?

Yes. YARA pattern matching, static analysis, and behavioral analysis run entirely locally with no network access. For LLM-powered analysis offline, set the provider to Ollama and point the endpoint to your local Ollama instance (default: http://localhost:11434). This gives you a fully offline scanning setup with no data leaving your device.

How do I export a scan report?

Open the Command Palette (Cmd/Ctrl+Shift+P) and run Export Scan Report. Choose from JSON, Markdown, or CSV format. The report includes all findings from the most recent scan with full details: severity, analyzer, threat type, description, and recommendation.

What are the scan policy presets?

PresetBehavior
StrictMaximum detection sensitivity with minimal allowlists. Accepts more false positives for thorough coverage. Best for untrusted external skills and compliance audits.
BalancedGood trade-off between true and false positives with moderate allowlists. Default for most workflows.
PermissiveMinimizes false positives with extensive allowlists, higher thresholds, and some rules disabled. Reduces noise in trusted environments.
CustomFull control via a YAML policy file. Merges your overrides on top of a chosen preset base.

Generate a starter policy with skill-scanner generate-policy, or use the interactive configurator with skill-scanner configure-policy. See the Advanced Features page for the full policy schema.

How do I allowlist a trusted server or skill?

Multiple ways:

  • Right-click a finding in the sidebar and select Add to Allowlist
  • Use the quick fix action (lightbulb icon) in the Problems panel
  • Manually add names to the mcp-scanner.allowlist.servers, mcp-scanner.allowlist.tools, or mcp-scanner.allowlist.skills arrays in settings

Allowlisted items are excluded from future scan results. Disable allowlisting entirely with mcp-scanner.allowlist.enabled = false.

What is the Meta Analyzer?

The Meta Analyzer is a second-pass LLM review that cross-correlates findings from all other engines. It validates whether findings are genuine threats or false positives, detects attack chains across multiple findings, rates confidence levels, and produces prioritized remediation recommendations. It requires an LLM API key and is enabled via skill-scanner.analyzers.meta.

How do I configure which MCP sources are discovered?

Toggle individual MCP config sources in settings under mcp-scanner.globalConfigs.*:

  • mcp-scanner.globalConfigs.cursor — Cursor
  • mcp-scanner.globalConfigs.claude — Claude Desktop
  • mcp-scanner.globalConfigs.vscode — VS Code
  • mcp-scanner.globalConfigs.windsurf — Windsurf
  • mcp-scanner.globalConfigs.antigravity — Antigravity

Workspace configs (.cursor/mcp.json, .vscode/mcp.json, etc.) are always discovered when scanScope includes workspace.

How do I configure which skill sources are discovered?

Toggle skill sources in settings:

  • skill-scanner.globalSkills.claudeSkills — Controls Cursor (~/.cursor/skills/), Claude (~/.claude/skills/), and Codex (~/.codex/skills/) global paths together
  • skill-scanner.globalSkills.antigravitySkills — Antigravity skills (~/.gemini/antigravity/skills/)
  • skill-scanner.globalSkills.customPaths — Add any additional directories as an array of absolute paths

Scans are failing — what should I check?

  1. MCP config validity — Ensure your MCP configuration files are valid JSON/JSONC.
  2. Server accessibility — For stdio servers, verify the command is in your PATH. For remote servers, check network connectivity.
  3. Python environment — Try Reset Python Environment from the Command Palette to rebuild the venv and reinstall scanners.
  4. Debug mode — Enable Toggle Debug Mode and check the output panel (Show Extension Logs) for detailed error messages.
  5. Scanner versions — The extension installs cisco-ai-mcp-scanner and cisco-ai-skill-scanner from PyPI. Ensure your network allows access to pypi.org.

LLM analysis isn't working — what should I check?

  1. Test your connection — Run Test LLM Connection from the Command Palette.
  2. Verify your API key — Ensure the key is correct and has credits/quota available.
  3. Check endpoint URLs — For Azure OpenAI, Azure AI, or self-hosted providers, verify the endpoint and deployment name in settings.
  4. Ollama — Ensure the service is running (ollama serve) and the endpoint is correct (default: http://localhost:11434). Verify the model is downloaded (ollama list).
  5. Model override — If you set mcp-scanner.llm.model, make sure the model name is valid for your provider.

Skills aren't being found — what should I check?

  1. Skill structure — Ensure each skill directory contains a SKILL.md file (the manifest that identifies it as a skill).
  2. Source settings — Check that the relevant skill sources are enabled: skill-scanner.globalSkills.claudeSkills, skill-scanner.globalSkills.antigravitySkills.
  3. Custom paths — For custom directories, verify the paths are correct in skill-scanner.globalSkills.customPaths. Each entry should be an absolute path.
  4. Scan scope — If set to workspace, only skills in the current project are scanned. Set to global or both to include global skills.
  5. Refresh — Run Refresh Skills from the Command Palette to re-discover skill directories.

Can I use the skill-scanner as a standalone CLI tool?

Yes. The extension uses cisco-ai-skill-scanner (installed from PyPI) under the hood. You can also install and use it independently:

pip install cisco-ai-skill-scanner
skill-scanner scan /path/to/skill

The CLI supports additional features like SARIF output for GitHub Code Scanning integration, batch scanning of multiple skills, custom policy generation, an interactive TUI configurator, and a REST API server. See the skill-scanner documentation for full CLI usage.

How do I completely reset the extension?

Run Clear All Stored Data & Keys from the Command Palette. This removes all cached data, API keys, scan history, and snapshots. The Setup Wizard will appear on the next activation. You can also run Reset Python Environment separately if you only need to rebuild the scanner installation.