AI coding agents are inside your repos. Scan what they can expose before it becomes expensive.
CapitalGuardAI-agent security licensesScan

Integration risk

Agent Tool Bridge Risk

MCP servers, agent plugins, local bridges, and automation connectors can quietly expand what a coding agent can inspect or transmit.

Severity: HighDetected by: Growth and Pro

Signals CapitalGuard looks for

MCP or agent connector configuration in the repo
Tool bridges with filesystem, browser, cloud, or messaging access
Automation credentials stored near agent instructions

Why it matters

Tool bridges can turn a local coding assistant into an operator across many systems.
External transfer risk grows when agents can browse, upload, message, or modify cloud data.
Teams often add connectors faster than they document security boundaries.

Precautions to take

Inventory each bridge, connector, and external tool permission.
Separate development convenience tools from production or customer-data access.
Require explicit approval before agents transmit files, logs, secrets, or customer context.

Next step

Turn this risk into a scoped scan and policy path.

Compare Licenses