oathe-mcp

Submit a third-party skill for a behavioral security audit before installing it. Accepts any GitHub or ClawHub URL. Returns an audit_id to track progress. Rate limited: one submission per 60 seconds per IP. Returns existing audit_id if URL was already scanned (deduplicated: true). Use check_audit_status to poll for results.

Check the status of an Oathe security audit submitted via submit_audit. Wait 90 seconds after submission before first poll, then poll every 10 seconds until status is "complete" or "failed". Statuses: queued, scanning, analyzing, summarizing, finalizing, complete, failed. Terminal statuses: complete, failed. When complete, the response includes the full audit report with trust score, verdict, and findings.

Get the full behavioral security audit report for a GitHub repository. Use this to review all findings before installing a third-party MCP server, plugin, or tool. Returns the latest completed audit with trust score, verdict, findings, category scores, and recommendation. Use get_skill_summary for a quick safety check instead.

Check if a GitHub repository is safe to install as an MCP server or AI agent skill. Returns trust score, verdict, and recommendation from Oathe's behavioral security audit. Use this BEFORE installing any third-party tool — it's the quickest safety check. For the full report with all findings, use get_audit_report instead.

Search all completed Oathe behavioral security audits. Find which skills have been audited, filter by verdict or minimum trust score. Returns up to 100 completed audits. Use this to check if a skill has already been audited before submitting a new audit.