Repo Forensics

Name: Repo Forensics
Author: alexgreensh

logs · by alexgreensh

Security scanner for GitHub repos, Agent Skills, Plugins, and MCP servers. 18 scanners. Zero dependencies.

89 177/wk 0 tools GitHub npm PyPI

No known CVEs

AGPL-3.0 license

Actively maintained

Last commit 5d ago

Works with most clients

Transport: stdio, sse, http

0 tools

Grade F

Edit this pageView history

Security Developer Tools

Step 1

Install in your client

Config is the same across clients — only the file and path differ.

Supported in Claude Desktopstdio, sse, http · Node 18+

Paste into ~/Library/Application Support/Claude/claude_desktop_config.json

{
  "mcpServers": {
    "repo-forensics": {
      "args": [
        "-y",
        "logs"
      ],
      "command": "npx"
    }
  }
}

Are you the author?

Add this badge to your README to show your security score and help users find safe servers.

Embed in your READMEAbout badges →

[![MCPpedia Score](https://mcppedia.org/api/badge/repo-forensics)](https://mcppedia.org/s/repo-forensics)

Read me

What Repo Forensics does

That MCP server with 500 downloads. The Claude Code skill someone linked in Discord. The ClawHub extension your OpenClaw agent auto-installed. The npm package Cursor added to your lockfile. The Codex plugin you grabbed from GitHub.

Test This Server

This server supports HTTP transport. Be the first to test it — help the community know if it works.

Loading README…

Scored, not listed

Why this score

Five weighted categories — click any category to see the underlying evidence.

Score breakdown

62/100across 5 weighted dimensions

How we score →

0255075100

−38

Security

Maintenance

Efficiency

Documentation

Compatibility

Categoriesclick a row to see evidence

Security

OSV.dev

No known CVEs.

Checked logs against OSV.dev.

Community

Reviews

Be the first to review

Have you used this server?

Share your experience — it helps other developers decide.

How easy was setup?Did it work reliably?How was the documentation?

Frequently Asked Questions

Is Repo Forensics safe to use?: Repo Forensics has no known CVEs as of the latest MCPpedia security scan. It does not require authentication, so any local process can connect — keep this in mind in shared environments. Licensed under AGPL-3.0.
How do I install Repo Forensics?: Repo Forensics supports copy-paste install configs on its MCPpedia page for Claude Desktop, Cursor, and Claude Code. Scroll to the Quick Install section and select your client.
What AI clients work with Repo Forensics?: Repo Forensics is compatible with claude-desktop, cursor, claude-code. It uses stdio and sse and http transport.
Is Repo Forensics actively maintained?: Repo Forensics is actively maintained — last commit was 5 days ago. It has 89 GitHub stars.

Similar servers

Others in security / developer-tools

View all →

XcodeBuildMCP97

A Model Context Protocol (MCP) server and CLI that provides tools for agent use when working on iOS and macOS projects.

5.8k 2

XcodeBuildMCP97

XcodeBuildMCP provides tools for Xcode project management, simulator management, and app utilities.

5.8k 1

io.github.signerlabs/shipswift96

40+ production-ready SwiftUI recipes for building full-stack iOS apps via MCP.

2.0k 3

Figma Console Mcp96

MCP server for accessing Figma plugin console logs and screenshots via Cloudflare Workers or local mode

1.7k 2

MCP Security Weekly

Get CVE alerts and security updates for Repo Forensics and similar servers.

Community

Discussion

Start a conversation

Ask a question, share a tip, or report an issue.

Has anyone used this with Cursor?How do you handle auth?Any alternatives?

Install

Claude Code (auto-scan on install)

/plugin marketplace add alexgreensh/repo-forensics
/plugin install repo-forensics@alexgreensh-repo-forensics

Hooks auto-wire on install. Every git clone, npm install, pip install is scanned automatically. Known-malicious packages are blocked before execution.

Codex CLI (auto-scan on install)

Install the plugin via the Codex marketplace. Hooks auto-wire from plugin.json. Same three hooks as Claude Code: PreToolUse (IOC gate), PostToolUse (auto-scan), SessionStart (security scan).

OpenClaw (one-time setup)

Install the plugin, then wire hooks:

python3 scripts/openclaw_install.py

This adds PreToolUse, PostToolUse, and SessionStart hooks to `~

... View full README on GitHub

Frequently Asked Questions

Is Repo Forensics safe to use?

Repo Forensics has no known CVEs as of the latest MCPpedia security scan. It does not require authentication, so any local process can connect — keep this in mind in shared environments. Licensed under AGPL-3.0.

How do I install Repo Forensics?

Repo Forensics supports copy-paste install configs on its MCPpedia page for Claude Desktop, Cursor, and Claude Code. Scroll to the Quick Install section and select your client.

What AI clients work with Repo Forensics?

Repo Forensics is compatible with claude-desktop, cursor, claude-code. It uses stdio and sse and http transport.

Is Repo Forensics actively maintained?

Repo Forensics is actively maintained — last commit was 5 days ago. It has 89 GitHub stars.

Repo Forensics

npm audit for AI-agent plugins, skills, and MCP servers.

Audit untrusted repos before they touch your agent. Fully local, zero dependencies, zero telemetry.

Install

Claude Code (auto-scan on install)

/plugin marketplace add alexgreensh/repo-forensics
/plugin install repo-forensics@alexgreensh-repo-forensics

Hooks auto-wire on install. Every git clone, npm install, pip install is scanned automatically. Known-malicious packages are blocked before execution.

Codex CLI (auto-scan on install)

Install the plugin via the Codex marketplace. Hooks auto-wire from plugin.json. Same three hooks as Claude Code: PreToolUse (IOC gate), PostToolUse (auto-scan), SessionStart (security scan).

OpenClaw (one-time setup)

Install the plugin, then wire hooks:

python3 scripts/openclaw_install.py

This adds PreToolUse, PostToolUse, and SessionStart hooks to `~

... View full README on GitHub