@forge-registry/cli

MCP@jokin-bereciartu
v0.2.0jokin-bereciartuMITUpdated 20d agonpmGitHub

Verify, install, and publish MCP servers, A2A agents, and AI skills via the Forge trust registry.

Verify, install, and publish MCP servers, A2A agents, and AI skills. Checks a package before you install it: Forge registry — is it listed? verified? who published it? OSV scan — known CVEs for the exact version from the OSV database Script analysis — lifecycle scripts (, , etc.) checked for suspicious patterns ------|-------------| | Output raw JSON (useful for scripting) | Exit codes: =…

@jokin-bereciartu
Identity-verified publisher GitHub@jokin-bereciartu
Verified Jun 13, 2026
20d agoLast update
Package
Authorjokin-bereciartu
LicenseMIT
Version0.2.0
Sourcenpm
Trust Status
A
95/100Trusted
Listed in Forge index+10/10
Publisher identity verified+25/25
Ed25519 publish signature+10/10
Domain verification+0/5
Publisher: host /.well-known/forge.json on the package homepage with { "publisher": "<github-login>" }
CVE scan · clean+30/30
Static analysis · clean+20/20
npm provenance (Sigstore)+0/5
Publish from GitHub Actions with the --provenance flag
Paste into Claude Code, Cursor, or any AI assistant to fix all gaps
StatusIdentity verified
Signature✓ Signed · Ed25519
Domain
Provenance
Dependencies60 resolved+ · none vulnerable
Tool surface8 tools · 2 privileged
Security scan✓ Cleanv0.2.0 · 20d ago
EvalsNone
IndexedJun 13, 2026

Verification confirms publisher identity (repo ownership), not code safety. The security scan covers known CVEs and suspicious install scripts — it cannot prove the absence of malicious code.

About

Verify, install, and publish MCP servers, A2A agents, and AI skills. Checks a package before you install it: Forge registry — is it listed? verified? who published it? OSV scan — known CVEs for the exact version from the OSV database Script analysis — lifecycle scripts (, , etc.) checked for suspicious patterns ------|-------------| | Output raw JSON (useful for scripting) | Exit codes: = clean/verified, = critical vulnerabilities found Trust-aware wrapper around : 2. Blocks on critical/high…

Keywords
forgemcpa2acliai-toolssecurityverify