Scan an npm package for MCP security issues. Checks install scripts, prompt injection patterns, suspicious URLs, source code patterns, dependency count, metadata completeness, and publisher provenance. Returns score (0-100), risk level, and detailed findings.

Get a trust verdict for an MCP package: allow, warn, or block. Based on scan findings (score and severity). Also reports monitoring status and publisher posture. Use this before installing or connecting to an MCP server.

Check which monitored MCP servers depend on a given package. Use this during incident response to find blast radius. Example: 'which MCP servers use axios?'

Check if a package or agent has been reported to the KYA abuse database. Returns whether abuse has been reported and any details.

Check if an MCP package is under continuous monitoring and get its scan history. Shows current score, risk level, and recent changes.

Inspect the current repo for MCP dependencies, look up AgentScore verdicts for each package, and summarise what should be gated in CI. Use this when a developer wants to understand all MCP packages in a repo instead of scanning one package at a time.

Generate the exact GitHub Actions workflow needed to enforce AgentScore Policy Gate for a repo. Detects MCP dependencies locally and returns the OIDC-based YAML needed for setup. No API key or secret is required.

Write the AgentScore Policy Gate workflow file to this repo. Creates .github/workflows/agentscore-policy-gate.yml with OIDC authentication (no API key needed). Detects MCP dependencies and includes them in the workflow. The gate will auto-provision the repo on first push.