# oathe-mcp
MCP server for [Oathe](https://oathe.ai) AI security audits. Check trust scores before installing MCP servers, plugins, or AI agent skills.
## Quick Start
```bash
npx oathe-mcp
```
No API key required. No configuration needed.
## MCP Client Configuration
### Claude Desktop
Add to your `claude_desktop_config.json`:
```json
{
"mcpServers": {
"oathe": {
"command": "npx",
"args": ["-y", "oathe-mcp"]
}
}
}
```
### Claude Code
```bash
claude mcp add oathe -- npx -y oathe-mcp
```
## Tools
### submit_audit
Submit a GitHub or ClawHub URL for a security audit.
```json
{ "skill_url": "https://github.com/owner/repo" }
```
Returns `audit_id` to track progress. Rate limited: one submission per 60 seconds per IP.
### check_audit_status
Check the status of a submitted audit.
```json
{ "audit_id": "uuid-from-submit" }
```
Poll every 5 seconds. Terminal statuses: `complete`, `failed`.
### get_audit_report
Get the full security audit report for a repository.
```json
{ "owner": "anthropics", "repo": "claude-code" }
```
Returns trust score, verdict, findings, category scores, and recommendation.
### get_skill_summary
Get a lightweight summary (score + verdict) without full findings.
```json
{ "owner": "anthropics", "repo": "claude-code" }
```
Returns score, verdict, recommendation, and finding counts.
### search_audits
Search completed audits by verdict or minimum trust score.
```json
{ "verdict": "SAFE", "min_score": 80, "sort": "trust_score", "order": "DESC" }
```
Returns up to 100 results.
## Configuration
| Environment Variable | Default | Description |
|---------------------|---------|-------------|
| `OATHE_API_BASE` | `https://audit-engine.oathe.ai` | Override the API base URL |
Setting an invalid `OATHE_API_BASE` will produce a clear error at startup.
## License
MIT
