A verified dependency-audit verdict any AI agent can call over MCP, not a raw scan.
[]( []( [](LICENSE) []( A verified dependency-audit verdict any AI agent can call. A free scanner gives you raw CVEs. gives you the judgment: the verdict checked against the version you actually installed, the one finding that matters, and the exact fix. It runs as an MCP server, so any agent (Claude Code, Cursor, your own) can call it before it ships code and get back a checked answer, not a…
Verification confirms publisher identity (repo ownership), not code safety. The security scan covers known CVEs and suspicious install scripts — it cannot prove the absence of malicious code.
[]( []( [](LICENSE) []( A verified dependency-audit verdict any AI agent can call. A free scanner gives you raw CVEs. gives you the judgment: the verdict checked against the version you actually installed, the one finding that matters, and the exact fix. It runs as an MCP server, so any agent (Claude Code, Cursor, your own) can call it before it ships code and get back a checked answer, not a wall of noise. A raw scanner and the agent itself can already produce a list of CVEs. What they cannot…