Privacy-first OSINT scanner: breaches, credentials, Shodan, username sweep. Scored PDF report.
Config is the same across clients — only the file and path differ.
{
"mcpServers": {
"eidolon": {
"cwd": "/absolute/path/to/eidolon",
"args": [
"run",
"eidolon-mcp"
],
"command": "uv"
}
}
}Are you the author?
Add this badge to your README to show your security score and help users find safe servers.
Eidolon is a privacy-first approach to finding and understanding your digital footprint. The stack uses OSINT tools to gather information based on your search parameters, then a local LLM compiles it into a report. The LLM runs on your machine, so no data ever reaches an external service or leaves your box — you own your data.
No automated test available for this server. Check the GitHub README for setup instructions.
Five weighted categories — click any category to see the underlying evidence.
No known CVEs.
No package registry to scan.
Be the first to review
Have you used this server?
Share your experience — it helps other developers decide.
Sign in to write a review.
Others in security
Proof primitive for AI agents on MultiversX. Anchor file hashes on-chain as verifiable proofs.
Security scanner for GitHub repos, Agent Skills, Plugins, and MCP servers. 18 scanners. Zero dependencies.
mcpki-server is the backend infrastructure for https://www.mcpki.org, enabling secure public key management and autonomous certificate handling for large language models (LLMs).
AI-powered reverse engineering assistant that bridges IDA Pro with language models through MCP.
MCP Security Weekly
Get CVE alerts and security updates for io.github.sudohnim/eidolon and similar servers.
Start a conversation
Ask a question, share a tip, or report an issue.
Sign in to join the discussion.
Eidolon is a privacy-first approach to finding and understanding your digital footprint. The stack uses OSINT tools to gather information based on your search parameters, then a local LLM compiles it into a report. The LLM runs on your machine, so no data ever reaches an external service or leaves your box — you own your data.
Eidolon runs as an MCP server, so you can drive it from any MCP client (Claude Desktop, Claude Code) — scan a target, list past scans, and read reports conversationally. It runs locally over stdio; your data never leaves the box.
Tools: scan_target, scan_status, list_scans, get_report, reveal_credentials. A scan takes minutes, so scan_target returns a scan_id immediately and runs in the background — poll scan_status(scan_id) until it reports done, then get_report(scan_id). The leaked-credential dossier (plaintext passwords from breach dumps) is redacted by default and only returned when you explicitly call reveal_credentials.
Everything below is optional — Eidolon runs with whatever you give it and tells you, per source, what it couldn't check (no token) versus what it checked and found nothing.
ollama pull llama3.1:8b — if it's down, the report is still produced deterministically (just no written narrative)..env.example. Each unlocks one data source and skips cleanly if absent (the report says "not checked — set X"). A scan with no keys is sparse but still runs.New here? Start with the Setup & Configuration guide — which keys to get, what each one costs, and what it unlocks.
git clone https://github.com/sudohnim/eidolon && cd eidolon
uv sync
cp .env.example .env # fill in your keys
# scan yourself from the CLI
uv run eidolon --email you@example.com
# or run the MCP server (stdio)
uv run eidolon-mcp
Option 1 — from a local clone (loads .env from cwd):
{
"mcpServers": {
"eidolon": {
"command": "uv",
"args": ["run", "eidolon-mcp"],
"cwd": "/absolute/path/to/eidolon"
}
}
}
Option 2 — from PyPI via uvx (recommended, no clone needed). Pass your keys in the env block:
{
"mcpServers": {
"eidolon": {
"command": "uvx",
"args": ["--from", "eidolon-osint", "eidolon-mcp"],
"env": {
"HIBP_API_KEY": "...",
"DEHASHED_API_KEY": "...",
"OLLAMA_HOST": "http://localhost:11434"
}
}
}
}
Option 3 — straight from GitHub (pre-release / latest commit):
{
"mcpServers": {
"eidolon": {
"command": "uvx",
"args": ["--from", "git+https://github.com/sudohnim/eidolon", "eidolon-mcp"],
"env": {
"HIBP_API_KEY": "...",
"DEHASHED_API_KEY": "...",
"OLLAMA_HOST": "http://localhost:11434"
}
}
}
}
Add only the keys you have — the rest skip cleanly. Then ask Claude to "scan my email"; it c