Tool-first MCP: AST nav, impact/flow, task chains, memo/recall.
Verification confirms publisher identity (repo ownership), not code safety. The security scan covers known CVEs and suspicious install scripts — it cannot prove the absence of malicious code.
Tool-first MCP: AST nav, impact/flow, task chains, memo/recall.