Server data from the Official MCP Registry
Verify-before-act safety checks for AI agents: packages, lockfiles, manifests, CI workflows.
Verify-before-act safety checks for AI agents: packages, lockfiles, manifests, CI workflows.
Agent Guard is a well-intentioned supply-chain safety tool with solid architecture and no critical vulnerabilities. However, several moderate-risk issues warrant user awareness: (1) the HTTP server logs all requests including IP/UA to a persistent JSONL file without rotation or privacy controls, (2) fetches are made to external package registries and manifest content analysis without request signing or validation, and (3) the manifest scorer's signature corpus, while comprehensive, relies on regex patterns that could produce false positives. These are appropriate concerns for a developer tool but do not represent exploitable security flaws. Supply chain analysis found 3 known vulnerabilities in dependencies (0 critical, 3 high severity). Package verification found 1 issue.
7 files analyzed · 13 issues found
Security scores are indicators to help you make informed decisions, not guarantees. Always review permissions before connecting any MCP server.
This plugin requests these system permissions. Most are normal for its category.
Add this to your MCP configuration file:
{
"mcpServers": {
"io-github-liminalpepe-agent-guard-mcp": {
"args": [
"-y",
"@liminallablibs/agent-guard-mcp"
],
"command": "npx"
}
}
}From the project's GitHub README.
One line: Verify-before-act safety for AI agents — check packages, lockfiles, skill manifests, and CI workflows before install or merge. Zero API keys. Zero config.
Scores Cursor/Claude skill manifests + GitHub Actions workflows — not just npm dependencies.
| When you… | Call |
|---|---|
npm install foo / agent suggests a new dep | check_package |
| Review an LLM-generated lockfile | verify_lockfile |
| Install a Cursor skill or MCP plugin | score_manifest |
Merge a PR touching .github/workflows/* | check_workflow |
Call these before installing a dependency, merging a CI change, or installing a third-party skill/plugin — so an agent refuses hallucinated packages, typosquats, poisoned manifests, and compromised CI actions.
Exposes four MCP tools (also available as a plain HTTP service):
| Tool | Use before… | Returns |
|---|---|---|
check_package | adding a single npm/PyPI dependency | OK / SUSPICIOUS / DANGER + typosquat/slop flags |
verify_lockfile | running npm/pip/yarn install | scans every direct + transitive dep in a lockfile |
score_manifest | installing a Cursor/Claude skill or MCP/Smithery plugin | poison-signature + scope-overreach + drift score 0–100 |
check_workflow | merging a PR that touches CI | flags mutable action pins, compromised actions, curl|bash, pwn-requests, secret exposure |
AI agents routinely hallucinate package names (slopsquatting), trust LLM-generated lockfiles, install unvetted skill packs, and pin CI actions to mutable tags. Each is a live supply-chain vector. This server gives an agent a cheap "is this safe?" call before it acts.
{
"mcpServers": {
"agent-guard": { "command": "npx", "args": ["-y", "@liminallablibs/agent-guard-mcp@0.2.1"] }
}
}
Before installing any npm/PyPI package, running install from a lockfile, installing a third-party skill/MCP plugin, or merging CI workflow changes, call the agent-guard MCP tools (
check_package,verify_lockfile,score_manifest,check_workflow). If verdict is SUSPICIOUS, REVIEW, or BLOCK/DANGER, stop and show findings to the user — do not proceed.
npx -y @liminallablibs/agent-guard-mcp@0.2.1 # MCP clients spawn this via npx
# HTTP mirror:
npm run http && curl "http://localhost:8402/check?name=reactt&ecosystem=npm"
# → DANGER — typosquat of "react"
Or run directly:
npm install
node src/mcp-server.mjs # stdio MCP server
npm run http # optional HTTP mirror on :8402
GET /check?name=<pkg>&ecosystem=<npm|pypi>POST /check-lockfile {lockfile_content, format} — format ∈ package-lock.json | yarn.lock | pnpm-lock.yaml | poetry.lock | requirements.txtPOST /score-manifest {manifest_type, manifest_content}POST /check-workflow {workflow_content}MIT.
Be the first to review this server!
by Modelcontextprotocol · Developer Tools
Read, search, and manipulate Git repositories programmatically
by Toleno · Developer Tools
Toleno Network MCP Server — Manage your Toleno mining account with Claude AI using natural language.
by mcp-marketplace · Developer Tools
Create, build, and publish Python MCP servers to PyPI — conversationally.
by Microsoft · Content & Media
Convert files (PDF, Word, Excel, images, audio) to Markdown for LLM consumption
by mcp-marketplace · Developer Tools
Search and install MCP servers from inside your AI client.
by mcp-marketplace · Finance
Free stock data and market news for any MCP-compatible AI assistant.