Skip to content

Skill: run-scan

Rendered verbatim from apps/mcp-server/skills/run-scan/SKILL.md — this is exactly what the agent runs on.

Run and monitor a scan

create_scan both creates AND starts a run (status → Running immediately).

Launch

  1. Get the workflow's workflowDefinitionId (list_workflows / get_workflow).
  2. create_scan with:
    • workflowDefinitionId (required).
    • parameters — a key/value map that scopes the run, e.g. { "wildcard": "*.acme.com" }. Omit to scan all in-phase targets.
    • secretValues — any masked secrets the workflow declares.
    • delaySeconds — optional pacing. It returns the scan with its id.

Monitor

  • get_scan with the scan id → overall status, stepCount, completedStepIds, runningStepIds, estimatedCompletionAt.
  • get_scan_tasks_statistics with the scan id → per-step counts (pending, running, completed, failed) and lastError. Filter by steps/status.
  • Poll periodically; a scan ends as Completed or CompletedWithErrors.
  • stop_scan to halt a run you no longer need.

Read results

Steps with saveToDb upsert into catalog tables. After completion, re-read with the recon tools (list_domains, list_http_paths, list_technologies, …) scoped to the target to see what the scan produced.

Notes

  • Workers must exist and advertise the steps' targetTags; list_workers shows capacity.
  • Editing a workflow after a scan starts does NOT affect the running scan (it runs against a frozen snapshot).

Next: read the results back — Output tables explains where a scan's rows land, then re-read them with the recon tools.