New: State of MCP Package Security, April 2026 →|Case studies: Redis, Agions, NodeBench|Precision lineage →

The public security memory for MCP packages

Scan a package, inspect a repo dossier, follow advisories, and use the gate in CI when you want enforcement.

Try: mcp-trust-guard, @modelcontextprotocol/server-filesystem, or any npm package

Need repo-level context instead of a one-off package scan?Preview a GitHub repo →|Browse tracked dossiers

Inspect. Track. Enforce.

Inspect

Check any npm package or public GitHub repo. See scores, findings, publisher posture, repo exposure, and what capabilities the MCP stack grants to an agent.

Free. Instant. No signup.

Track

Follow scan history, public advisories, ruleset changes, and maintainer response loops. We monitor 1,160 MCP packages continuously and keep the evidence trail public.

Research, dossiers, and RSS stay public. Package watch email is optional.

Enforce

Put the gate in CI. Every PR shows what AI capabilities each MCP package grants. Block unapproved powers. Track approvals with expiry. No API key needed.

See the Policy Gate →

Redis pinned every MCP dependency in RedisInsight after our scan. Agions shipped fixes to taskflow-ai within 48h of our report. HomenShum turned a false-positive report into a same-day scanner improvement.

1,160

packages monitored

13,318

scans on record

public maintainer response case studies

See a repo dossier before you install anything

Paste any GitHub repo URL to see its MCP dependencies, capability surface, and what the gate would do. No install needed.

Preview Your Repo Read the precision log