Appearance
Skill: run-scan
Rendered verbatim from
apps/mcp-server/skills/run-scan/SKILL.md— this is exactly what the agent runs on.
Run and monitor a scan
create_scan both creates AND starts a run (status → Running immediately).
Launch
- Get the workflow's
workflowDefinitionId(list_workflows/get_workflow). create_scanwith:workflowDefinitionId(required).parameters— a key/value map that scopes the run, e.g.{ "wildcard": "*.acme.com" }. Omit to scan all in-phase targets.secretValues— any masked secrets the workflow declares.delaySeconds— optional pacing. It returns the scan with itsid.
Monitor
get_scanwith the scanid→ overallstatus,stepCount,completedStepIds,runningStepIds,estimatedCompletionAt.get_scan_tasks_statisticswith the scanid→ per-step counts (pending,running,completed,failed) andlastError. Filter bysteps/status.- Poll periodically; a scan ends as
CompletedorCompletedWithErrors. stop_scanto halt a run you no longer need.
Read results
Steps with saveToDb upsert into catalog tables. After completion, re-read with the recon tools (list_domains, list_http_paths, list_technologies, …) scoped to the target to see what the scan produced.
Notes
- Workers must exist and advertise the steps'
targetTags;list_workersshows capacity. - Editing a workflow after a scan starts does NOT affect the running scan (it runs against a frozen snapshot).
Next: read the results back — Output tables explains where a scan's rows land, then re-read them with the recon tools.