How do I install Litmus?

Litmus is a local plugin. Install it using npm package: @polygraphso/litmus and add the generated configuration snippet to your AI app's MCP config file. Then restart your AI app.

What credentials does Litmus need?

Litmus requires the following credentials or environment variables: POLYGRAPH_API_URL. You can find setup instructions on the server detail page.

What AI apps work with Litmus?

Litmus uses the Model Context Protocol (MCP) and works with any MCP-compatible AI app, including Claude, ChatGPT / Codex, Gemini, Copilot, Cursor, and more.

Back to Browse

Litmus MCP Server

by Polygraphso

Developer ToolsLow Risk9.7MCP RegistryLocal

Free

Server data from the Official MCP Registry

Grade MCP servers A–F with the open behavioral litmus: reproducible, content-addressed evidence.

About

Grade MCP servers A–F with the open behavioral litmus: reproducible, content-addressed evidence.

Security Report

9.7

Low Risk9.7Low Risk

Valid MCP server (5 strong, 8 medium validity signals). No known CVEs in dependencies. ⚠️ Package registry links to a different repository than scanned source. Imported from the Official MCP Registry. 1 finding(s) downgraded by scanner intelligence.

19 files analyzed · 1 issue found

Security scores are indicators to help you make informed decisions, not guarantees. Always review permissions before connecting any MCP server.

Permissions Required

This plugin requests these system permissions. Most are normal for its category.

file_system

Check that this permission is expected for this type of plugin.

HTTP Network Access

Connects to external APIs or services over the internet.

env_vars

Check that this permission is expected for this type of plugin.

What You'll Need

Set these up before or after installing:

Base URL used to look up published grades (verify_attestation).Optional

Environment variable: POLYGRAPH_API_URL

How to Install

Add this to your MCP configuration file:

{
  "mcpServers": {
    "io-github-polygraphso-litmus": {
      "env": {
        "POLYGRAPH_API_URL": "your-polygraph-api-url-here"
      },
      "args": [
        "-y",
        "@polygraphso/litmus"
      ],
      "command": "npx"
    }
  }
}

Documentation

View on GitHub

From the project's GitHub README.

litmus

This is the source for @polygraphso/litmus, the open behavioral litmus harness for MCP servers from polygraph.so.

The harness connects to an MCP server the way an agent would, fingerprints its exact tool surface, and runs four probe categories — C-01 tool-output injection (static, dynamic, and second-order — one tool's output weaponized as another's input), C-02 permission/egress (in a hardened default-deny Docker sandbox, matched host and port), C-03 sensitive-data handling (planted canaries), C-04 adversarial-input handling (malformed/oversized and jailbreak inputs) — then grades the server A–F. A passing grade is a measurement, not a guarantee; the methodology and its disclosed limits are at polygraph.so (the open source here is the ground truth).

The same package also grades Claude Code / Agent Skills (a SKILL.md + bundle) under a separate static litmus (litmus-skill-v1): a deterministic byte-scan — S-01 prompt injection, S-03 data-exfiltration instructions, S-04 dangerous commands in bundled scripts — graded A/B/D/F and anchored by a whole-directory content hash, plus a separate advisory quality signal. It is static (no execution): an A is static-clean, not behavioral proof. See packages/litmus/README.md.

The hosted, operator-run grading service is not in this repo — it lives in a separate private repo and consumes this package from npm like any other client.

Layout

This is a pnpm monorepo. Only @polygraphso/litmus is published; the @polygraph/* packages are private building blocks that tsup bundles into it.

packages/
  litmus/          # @polygraphso/litmus — the only published package (lib + 3 bins: CLI, skill CLI, MCP)
  core/            # contract types, canonical JSON, identity helpers
  probes/          # the harness: connect, fingerprint, grade, probe runners, sandbox
  onchain/         # EAS attestation read + encode/decode (Base) — read-only, no minting
  agent/           # agent-gate decision logic + live-fingerprint recheck
  mcp/             # MCP server wrapper
  cli/             # CLI commands + target/auth resolution
  demo-*-mcp/      # demo MCP servers used as test fixtures

See packages/litmus/README.md for the npm-facing usage docs, and polygraph.so for the methodology and proof format.

Develop

pnpm install
pnpm -r typecheck
pnpm -r test
pnpm --filter @polygraphso/litmus build   # → packages/litmus/dist

Release

@polygraphso/litmus is versioned in packages/litmus/package.json. Tag to publish:

git tag litmus-v<x.y.z> && git push origin litmus-v<x.y.z>

The Publish @polygraphso/litmus workflow builds, typechecks, tests, and publishes with npm provenance. See CONTRIBUTING.md for the full process and the local-development workflow for downstream consumers.

License

Apache-2.0 — © polygraph.so.

Reviews

No reviews yet

Be the first to review this server!

More Developer Tools MCP Servers

Fetch

Free

by Modelcontextprotocol · Developer Tools

Web content fetching and conversion for efficient LLM usage

Toleno

Free

by Toleno · Developer Tools

Toleno Network MCP Server — Manage your Toleno mining account with Claude AI using natural language.

mcp-creator-python

Free

by mcp-marketplace · Developer Tools

Create, build, and publish Python MCP servers to PyPI — conversationally.

Litmus MCP Server

About

Security Report

Findings (1)

Permissions Required

What You'll Need

How to Install

Documentation

litmus

Layout

Develop

Release

License

Reviews

No reviews yet

More Developer Tools MCP Servers

Fetch

Toleno

mcp-creator-python

MarkItDown

FinAgent

mcp-creator-typescript