flagrix
OfficialScans GitHub repositories and profiles for malware, providing risk assessments and commit-pinned verdicts before cloning.
Click on "Install Server".
Wait a few minutes for the server to deploy. Once ready, it will show a "Started" state.
In the chat, type
@followed by the MCP server name and your instructions, e.g., "@flagrixscan https://github.com/example/repo for malware"
That's it! The server will respond to your query, and you can continue using it as needed.
Here is a step-by-step guide with screenshots.
flagrix
Scan GitHub repositories and profiles for malware before you clone — from the terminal, CI, or an AI agent. The same commit-pinned verdict as the Flagrix browser extension, made callable.
npx flagrix scan https://github.com/some-org/coding-assignment some-org/coding-assignment @ 3f9c2a1
HIGH RISK — Do not clone security score 12/100
3 files scanned · 10 dependencies · 2 issues
CRITICAL Data exfiltration patterns detected: Keylogger Pattern
assignment.js:14
14 document.addEventListener("keydown", (e) => send(e.key))Built after real fake-recruiter campaigns ("coding assignment" repos that steal wallets, SSH keys, and browser sessions) started targeting developers.
Commands
flagrix scan <url | owner/repo> # scan a repository (--ref <branch|sha>)
flagrix scan-user <username> # score a GitHub profile for scam signals
flagrix mcp # MCP server (stdio) for AI agentsRelated MCP server: FinishKit MCP Server
Exit codes
code | meaning |
0 | low risk |
1 | scan failed |
2 | medium risk — review before proceeding |
3 | high risk — do not clone |
--json (automatic when stdout is piped) emits the full result. The verdict is
pinned to the scanned commit (commitSha in the JSON): every file is read at
that SHA, so a push mid-scan or after the verdict can't silently invalidate it.
AI agents
claude mcp add flagrix -- npx -y flagrix mcpTools: scan_github_repo, scan_github_user. A Claude Code hook that gates every
git clone on a scan ships in hooks/ — see
docs/agent-gating.md.
Tokens & rate limits
Unauthenticated scans use GitHub's 60 req/h budget (a scan issues one request per
scanned file, up to ~50). Set GITHUB_TOKEN (or FLAGRIX_GITHUB_TOKEN, or
--token) to raise it to 5,000/h and to scan private repositories.
Privacy
Fully local. No telemetry, no accounts, no Flagrix backend — the only network calls go to the GitHub/npm APIs and the public detection-rules repository (signature refresh, cached 6 h, with a bundled offline snapshot).
How it works
Scanning logic lives in @flagrix/scanner-core (MIT), signatures in flagrix-detection-rules (MIT) — the same engine and rules the browser extension uses. Verdicts are risk assessments, not definitive fraud determinations; always verify through official channels.
AI Disclosure
This project leverages Claude AI for boilerplate generation, test-suite expansion, and optimization. All AI-generated code is strictly reviewed, refactored, and verified by human maintainers before merging.
License
MIT — see LICENSE.
This server cannot be installed
Maintenance
Resources
Unclaimed servers have limited discoverability.
Looking for Admin?
If you are the server author, to access and configure the admin panel.
Latest Blog Posts
- Your AI Chatbot Just Exposed Your CEO's Salary to an InternBy Om-Shree-0709 on .Agent IdentityMCP SecurityOAuth Delegation
- Why MCP Servers Need Execution Sandboxing (And Why Your Current Stack Isn't Enough)By Om-Shree-0709 on .Agentic AiPrompt InjectionWebAssembly
MCP directory API
We provide all the information about MCP servers via our MCP API.
curl -X GET 'https://glama.ai/api/mcp/v1/servers/flagrix-io/flagrix-cli'
If you have feedback or need assistance with the MCP directory API, please join our Discord server