Server data from the Official MCP Registry
Scan GitHub repos and profiles for malware before cloning — commit-pinned risk verdicts for agents
Scan GitHub repos and profiles for malware before cloning — commit-pinned risk verdicts for agents
Flagrix is a well-structured security scanner MCP server with proper authentication, secure credential handling, and appropriate permissions. Code quality is solid with good error handling and input validation. No malicious patterns or dangerous vulnerabilities detected. Minor findings relate to broad exception handling and logging practices that are common in TypeScript projects. Supply chain analysis found 6 known vulnerabilities in dependencies (2 critical, 3 high severity). Package verification found 1 issue.
7 files analyzed · 11 issues found
Security scores are indicators to help you make informed decisions, not guarantees. Always review permissions before connecting any MCP server.
This plugin requests these system permissions. Most are normal for its category.
Set these up before or after installing:
Environment variable: GITHUB_TOKEN
Add this to your MCP configuration file:
{
"mcpServers": {
"io-github-flagrix-io-flagrix": {
"env": {
"GITHUB_TOKEN": "your-github-token-here"
},
"args": [
"-y",
"flagrix"
],
"command": "npx"
}
}
}From the project's GitHub README.
Scan GitHub repositories and profiles for malware before you clone — from the terminal, CI, or an AI agent. The same commit-pinned verdict as the Flagrix browser extension, made callable.
npx flagrix scan https://github.com/some-org/coding-assignment
some-org/coding-assignment @ 3f9c2a1
HIGH RISK — Do not clone security score 12/100
3 files scanned · 10 dependencies · 2 issues
CRITICAL Data exfiltration patterns detected: Keylogger Pattern
assignment.js:14
14 document.addEventListener("keydown", (e) => send(e.key))
Built after real fake-recruiter campaigns ("coding assignment" repos that steal wallets, SSH keys, and browser sessions) started targeting developers.
flagrix scan <url | owner/repo> # scan a repository (--ref <branch|sha>)
flagrix scan-user <username> # score a GitHub profile for scam signals
flagrix mcp # MCP server (stdio) for AI agents
| code | meaning |
|---|---|
| 0 | low risk |
| 1 | scan failed |
| 2 | medium risk — review before proceeding |
| 3 | high risk — do not clone |
--json (automatic when stdout is piped) emits the full result. The verdict is
pinned to the scanned commit (commitSha in the JSON): every file is read at
that SHA, so a push mid-scan or after the verdict can't silently invalidate it.
claude mcp add flagrix -- npx -y flagrix mcp
Tools: scan_github_repo, scan_github_user. A Claude Code hook that gates every
git clone on a scan ships in hooks/ — see
docs/agent-gating.md.
Unauthenticated scans use GitHub's 60 req/h budget (a scan issues one request per
scanned file, up to ~50). Set GITHUB_TOKEN (or FLAGRIX_GITHUB_TOKEN, or
--token) to raise it to 5,000/h and to scan private repositories.
Fully local. No telemetry, no accounts, no Flagrix backend — the only network calls go to the GitHub/npm APIs and the public detection-rules repository (signature refresh, cached 6 h, with a bundled offline snapshot).
Scanning logic lives in @flagrix/scanner-core (MIT), signatures in flagrix-detection-rules (MIT) — the same engine and rules the browser extension uses. Verdicts are risk assessments, not definitive fraud determinations; always verify through official channels.
This project leverages Claude AI for boilerplate generation, test-suite expansion, and optimization. All AI-generated code is strictly reviewed, refactored, and verified by human maintainers before merging.
MIT — see LICENSE.
Be the first to review this server!
by Modelcontextprotocol · Developer Tools
Web content fetching and conversion for efficient LLM usage
by Modelcontextprotocol · Developer Tools
Read, search, and manipulate Git repositories programmatically
by Toleno · Developer Tools
Toleno Network MCP Server — Manage your Toleno mining account with Claude AI using natural language.