fix: upgrade mcp-scan cli extension

[aarlaud]

Pull Request Submission Checklist

• Follows CONTRIBUTING guidelines
• Commit messages
  are release-note ready, emphasizing
  what was changed, not how.
• Includes detailed description of changes
• Contains risk assessment (Low | Medium | High)
• Highlights breaking API changes (if applicable)
• [] Links to automated tests covering new functionality
• Includes manual testing instructions (if necessary)
• Updates relevant GitBook documentation (PR link: ___)
• Includes product update to be announced in the next stable release notes

What does this PR do?

Bump mcp-scan cli extension version

Where should the reviewer start?

• snyk mcp-scan --experimental
• snyk mcp-scan --experimental --skills
• snyk mcp-scan --experimental --no-upload

How should this be manually tested?

make build and run snyk-linux mcp-scan --experimental

What's the product update that needs to be communicated to CLI users?

Updated version including skills scanning

Risk assessment (Low | Medium | High)?

Low

[snyk-io]

✅ Snyk checks have passed. No issues have been found so far.

Status	Scanner	Critical	High	Medium	Low	Total (0)
✅	Open Source Security	0	0	0	0	0 issues
✅	Licenses	0	0	0	0	0 issues
✅	Code Security	0	0	0	0	0 issues

💻 Catch issues earlier using the plugins for VS Code, JetBrains IDEs, Visual Studio, and Eclipse.

[snyk-pr-review-bot]

PR Reviewer Guide 🔍

🧪 No relevant tests

🔒 No security concerns identified

⚡ Recommended focus areas for review Missing Tests 🟡 [minor] The PR upgrades github.com/snyk/cli-extension-mcp-scan to a version that introduces "skills scanning". However, there are no automated tests (unit or integration) included in this PR to verify that the new functionality is correctly integrated or that the mcp-scan command behaves as expected with the new extension. Given that this is an experimental feature, maintaining baseline integration tests is important to prevent breaking the CLI's entry point for this command. github.com/snyk/cli-extension-mcp-scan v0.0.0-20260219173540-2022ed83158d Dependency Bump 🟡 [minor] The github.com/elazarl/goproxy/ext dependency is updated from a 2023 pseudo-version to a 2026 version. This represents a significant jump (approximately 2.5 years of changes). While the risk is assessed as low, such a major update to a proxy extension library can introduce subtle changes in network handling or interceptor behavior that may affect CLI connectivity in environments requiring proxies. github.com/elazarl/goproxy/ext v0.0.0-20260212222702-ffdf0b284e35