Verify, install, and publish MCP servers, A2A agents, and AI skills via the Forge trust registry.
Verify, install, and publish MCP servers, A2A agents, and AI skills. Checks a package before you install it: Forge registry — is it listed? verified? who published it? OSV scan — known CVEs for the exact version from the OSV database Script analysis — lifecycle scripts (, , etc.) checked for suspicious patterns ------|-------------| | Output raw JSON (useful for scripting) | Exit codes: =…
Verification confirms publisher identity (repo ownership), not code safety. The security scan covers known CVEs and suspicious install scripts — it cannot prove the absence of malicious code.
Verify, install, and publish MCP servers, A2A agents, and AI skills. Checks a package before you install it: Forge registry — is it listed? verified? who published it? OSV scan — known CVEs for the exact version from the OSV database Script analysis — lifecycle scripts (, , etc.) checked for suspicious patterns ------|-------------| | Output raw JSON (useful for scripting) | Exit codes: = clean/verified, = critical vulnerabilities found Trust-aware wrapper around : 2. Blocks on critical/high…