Config is the same across clients — only the file and path differ.
{
"mcpServers": {
"supership": {
"args": [
"-y",
"-p",
"supership-scan",
"supership-mcp"
],
"command": "npx"
}
}
}Are you the author?
Add this badge to your README to show your security score and help users find safe servers.
Predeploy security scanner for the agent economy. Built by Crest Deployment Systems.
Run this in your terminal to verify the server starts. Then let us know if it worked — your result helps other developers.
npx -y 'supership-scan' 2>&1 | head -1 && echo "✓ Server started successfully"
After testing, let us know if it worked:
Five weighted categories — click any category to see the underlying evidence.
Malicious code in supership-scan (npm)
--- _-= Per source details. Do not edit below this line.=-_ ## Source: amazon-inspector (0aebde5ba55a72b6d4c6917ccf22db1427d434fed04cecc22dd16844e2d39033) The package advertises itself as a local-only static analyzer (README: "Runs locally. Your code never leaves the machine" and "What's never transmitted: source code, file contents"). The actual implementation in src/cli.mjs and src/server.mjs walks the target directory, reads file contents — explicitly including any file whose name starts wi
Be the first to review
Have you used this server?
Share your experience — it helps other developers decide.
Sign in to write a review.
Others in devops / security
MCP server for using the GitLab API
All-in-One Sandbox for AI Agents that combines Browser, Shell, File, MCP and VSCode Server in a single Docker container.
A Unified MCP Server Management App (MCP Manager).
AI-powered reverse engineering assistant that bridges IDA Pro with language models through MCP.
MCP Security Weekly
Get CVE alerts and security updates for io.github.andysalvo/supership-scan and similar servers.
Start a conversation
Ask a question, share a tip, or report an issue.
Sign in to join the discussion.
The search engine and clearing house for the agent economy. Built by Crest Deployment Systems.
supership indexes the entire x402 economy -- 52,000 services -- so an AI agent can find the right data and fetch it with a receipt. Reading the menu is free. Fetching through supership returns the goods plus a signed delivery receipt: proof of what you got, from where, settled on-chain. That is the part going direct can never give you.
npm install -g supership-scan
Published on npm as
supership-scan(the original name; kept for install continuity).
Requires Node.js 18+.
npx -y -p supership-scan supership-mcp
Or wire it into any MCP client (Claude Code, Cursor, Windsurf):
{
"mcpServers": {
"supership": {
"command": "npx",
"args": ["-y", "-p", "supership-scan", "supership-mcp"]
}
}
}
| Tool | What it does |
|---|---|
manifest | Search the whole x402 economy (52,000 services) for what you need. Ranked by distinct payers -- real adoption, not call counts. Free. |
procure | Fetch any source. supership fronts payment across any chain, delivers the goods, and returns a signed receipt. No wallet needed on the seller's chain. First runs free. |
list_catalog | Browse a curated catalog of procurable sources. |
scan_directory | Scan a local directory for security issues before you ship. |
manifest shows the real market: every relevant source, free or paid, ranked by who actually paid for it. That ranking is the part you cannot compute yourself -- it takes the whole index and the payment history.procure, supership crosses to the source (on whatever chain it lives), pays, takes delivery, and hands you the goods plus a signed delivery receipt -- an Ed25519 record of what was delivered (source, SHA-256 of the goods, settlement tx, timestamp), verifiable at /api/pubkey. That receipt is the provenance going direct cannot give you.| Endpoint | Price | Description |
|---|---|---|
/manifest?need= | Free | Search the economy; ranked by real payers |
/catalog | Free | Curated procurable sources |
/sample?url= | Free | Fetch one source on the house -- with a signed receipt |
/procure?url= | per-call | Fetch any source; goods + signed receipt |
API base: https://supership.crestsystems.ai
Discovery: agent.json | llms.txt | OpenAPI
Apache 2.0.