Honest assessment of what Nerviq covers in OWASP Agentic Top 10, MCP Top 10, and Agentic Skills Top 10 — including the categories we explicitly do NOT cover, and which adjacent tools handle them.
When an enterprise buyer asks if Nerviq covers a specific OWASP category, they need a precise answer — not a slide deck. This page is that answer.
Nerviq operates at config-time and pre-runtime. That means we can detect a class of OWASP Agentic / MCP / Skills risks that show up in agent configuration files, declared MCP servers, hook scripts, and rule definitions — but we cannot detect what an agent does at execution time. Coverage assessment below uses three honest tiers:
owaspTags JSON field.Every check carries OWASP cross-walk tags as machine-readable metadata. Run nerviq audit --shallow-risk --json and inspect the owaspTags field on each finding — for example, ['mcp-top-10:server-allowlist', 'agentic-top-10:excessive-agency'].
https://genai.owasp.org/2025/12/09/owasp-top-10-for-agentic-applications-the-benchmark-for-agentic-security-in-the-age-of-autonomous-ai/
| Category | Coverage | Nerviq checks (or notes) |
|---|---|---|
| Tool / instruction integrity | Direct | agent-config-missing-file, agent-config-stack-contradiction, agent-config-script-not-in-package-json, agent-config-framework-version-mismatch |
| Insecure agent instructions | Direct | agent-config-secret-literal, agent-config-deprecated-keys, agent-config-dangerous-autoapprove |
| Cross-agent inconsistency | Direct | agent-config-cross-platform-drift (and the entire Harmony layer) |
| Excessive agency | Partial | mcp-server-no-allowlist, agent-config-dangerous-autoapprove (config-time only; runtime gating is out of scope) |
| Memory poisoning | Out of scope | Runtime concern — see Microsoft Agent Governance Toolkit |
| Prompt injection (runtime) | Out of scope | Runtime concern — see promptfoo for eval, MS AGT for runtime gating |
| Supply-chain attacks on agent tools | Partial | doctor + hook-script-missing for declared hooks; full provenance attestation out of scope |
| Insecure output handling | Out of scope | Application-layer concern |
| Excessive resource consumption | Out of scope | Runtime concern |
| Identity & access control | Out of scope | Org-layer concern — handled by Microsoft AGT or platform-native controls |
3/10 Direct · 1/10 Partial · 6/10 Out of scope (runtime).
https://owasp.org/www-project-mcp-top-10/
| Category | Coverage | Nerviq checks (or notes) |
|---|---|---|
| Server allowlist | Direct | mcp-server-no-allowlist |
| Config hygiene | Direct | doctor MCP probes (declared servers / env-var presence / command resolution) |
| Credential leak | Direct | agent-config-secret-literal also covers MCP env-var secrets in declarations |
| Tool poisoning | Out of scope | Runtime detection requires telemetry — see MS AGT |
| Capability attestation | Out of scope | Protocol-layer security; not Nerviq's layer |
| Origin authentication | Out of scope | Runtime concern |
| Input validation across MCP | Out of scope | Application-layer concern |
| Cross-tool data flow | Out of scope | Runtime concern |
| MCP server impersonation | Out of scope | Runtime concern |
| MCP audit trail | Out of scope | Runtime concern |
3/10 Direct · 0/10 Partial · 7/10 Out of scope (runtime / protocol).
https://owasp.org/www-project-agentic-skills-top-10/
| Category | Coverage | Nerviq checks (or notes) |
|---|---|---|
| Skill drift / staleness | Direct | agent-config-cross-platform-drift, hook-script-missing, agent-config-script-not-in-package-json |
| Skill capability scope | Partial | Skills are inventoried via doctor; allowlist enforcement runtime-only |
| Skill supply-chain integrity | Partial | hook-script-missing flags declared-but-missing scripts; no provenance attestation yet |
| Skill authorization bypass | Out of scope | Runtime concern |
| Skill data exfiltration | Out of scope | Runtime concern |
| Skill escalation | Out of scope | Runtime concern |
| Skill DoS | Out of scope | Runtime concern |
| Skill side-effect leakage | Out of scope | Application-layer concern |
| Skill insecure output | Out of scope | Application-layer concern |
| Skill audit trail | Out of scope | Runtime concern |
1/10 Direct · 2/10 Partial · 7/10 Out of scope (runtime / application).
Nerviq does not pretend to be a runtime security tool. Pair us with the right adjacent layer.
Policy enforcement, identity, sandboxing, SRE telemetry for autonomous agents at execution time. Covers ~7/10 of the Agentic Top 10 categories Nerviq is out-of-scope for. Open source, complementary to Nerviq.
Static analysis on the code AI agents produce. Doesn't overlap with Nerviq's config layer. Covers application-layer concerns (insecure output handling, cross-tool data flow at the code level).
Eval and adversarial testing of prompts. Pairs well with Nerviq's config-time checks: Nerviq makes sure the agent has the right instructions, promptfoo makes sure the instructions produce safe outputs.
Deep checks on one platform (Cursor or Claude). Pair with Nerviq for breadth (8 platforms via cross-platform Harmony Score) plus depth on a specific platform.
Machine-readable cross-walk so procurement teams can produce evidence per category.
Every shallow-risk finding now carries an owaspTags array. To filter for findings relevant to MCP Top 10:
nerviq audit --shallow-risk --json | jq '.shallowRiskHints[] | select(.owaspTags[] | contains("mcp-top-10"))'For a specific category like server allowlist:
nerviq audit --shallow-risk --json | jq '.shallowRiskHints[] | select(.owaspTags | index("mcp-top-10:server-allowlist"))'What this page is and is not.