vaporcheck
vaporcheck is an MCP server that verifies whether package names and file paths actually exist, preventing AI assistants from hallucinating or using fake identifiers. It provides a single verify_identifier tool with the following capabilities:
Verify Python packages (PyPI): Check if a Python package exists on PyPI before installing or recommending it, catching hallucinated or slop-squatted package names.
Verify JavaScript packages (npm): Check if an npm package exists before installing or recommending it.
Verify filesystem paths: Check if a file or directory path exists on the local machine before reading, editing, or referencing it. Supports relative paths via an optional
cwdparameter.Clear existence status: Returns one of four outcomes —
exists,not-found,deprecated, orcannot-verify— so AI assistants can self-correct when an identifier doesn't exist.
Click on "Install Server".
Wait a few minutes for the server to deploy. Once ready, it will show a "Started" state.
In the chat, type
@followed by the MCP server name and your instructions, e.g., "@vaporcheckcheck if package 'reqeusts' exists on PyPI"
That's it! The server will respond to your query, and you can continue using it as needed.
Here is a step-by-step guide with screenshots.
vaporcheck
Stops AI coding assistants from using things that don't exist.
AI assistants sometimes invent package names, file paths, and function names that look real but aren't. Research found that almost 1 in 5 packages recommended by AI didn't exist — and attackers register those fake names to spread malware (this is called slopsquatting).
vaporcheck is a simple safety net: before your AI assistant installs a package or touches a file, it checks — does this actually exist? If not, it blocks the action and tells the assistant why, so it can correct itself.
What it looks like
AI: pip install reqeusts-slop-xyz ← a package that doesn't exist
⛔ BLOCKED by vaporcheck — that package was not found
AI: "Oops — I meant `requests`."
pip install requests ✅ goes through normallyReal packages and real files pass through instantly. You'll never notice vaporcheck until it saves you.
Related MCP server: DepShield MCP
Install
If you use Claude Code — two commands, done:
/plugin marketplace add cdmx-in/vaporcheck
/plugin install vaporcheck@cdmxThat installs both the protection (the blocker) and the verify_identifier tool your assistant can use to double-check things itself.
If you use any other AI tool that supports MCP:
pip install vaporcheckthen add this to your tool's MCP config:
{
"mcpServers": {
"vaporcheck": { "command": "vaporcheck-mcp" }
}
}Works on Windows, Mac, and Linux. No other dependencies.
Not sure it's working? Run python -m vaporcheck.doctor.
What it checks today
✅ Python packages (PyPI) — including whole
requirements.txtfiles✅ JavaScript packages (npm) — including
package.json✅ File paths on your computer
Coming next: more package ecosystems (Rust, Go, Ruby, Java) and code symbols.
More
Developers and the curious can find everything else — how it works, the research behind it — in docs/.
License
Maintenance
Resources
Unclaimed servers have limited discoverability.
Looking for Admin?
If you are the server author, to access and configure the admin panel.
Tools
Latest Blog Posts
- Your AI Chatbot Just Exposed Your CEO's Salary to an InternBy Om-Shree-0709 on .Agent IdentityMCP SecurityOAuth Delegation
- Why MCP Servers Need Execution Sandboxing (And Why Your Current Stack Isn't Enough)By Om-Shree-0709 on .Agentic AiPrompt InjectionWebAssembly
MCP directory API
We provide all the information about MCP servers via our MCP API.
curl -X GET 'https://glama.ai/api/mcp/v1/servers/cdmx-in/vaporcheck'
If you have feedback or need assistance with the MCP directory API, please join our Discord server