Skip to content

NavaneethMv/safepack

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

1 Commit
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

safepack (spx)

A security-gated installer for MCP servers and AI-agent skills.

Installing an MCP server today is like running a random binary from the internet: it runs locally with real privileges (filesystem, network, shell). spx scans a source before it touches your client config, discloses what it can do, and blocks installs that trip malware-grade signals.

Status: experimental / work in progress. Interfaces will change. spx discloses capabilities and known-malware signals — it is not a guarantee of safety. Static analysis is unsound on dynamic languages; treat results as disclosure, not proof.

What it does

  • Scan a repo or local dir and print a trust verdict, permission badges, and findings — powered by NVIDIA SkillSpector.
  • Gate installs: spx install scans first, blocks on malware-grade findings, and only then writes the MCP entry into your client config (atomic, backed up).
  • Cross-client: Cursor, Claude Desktop, VS Code (more to come).

How it scores

spx does not trust the scanner's aggregate score (it inflates on finding volume — a legitimate tool can hit 100/CRITICAL from noise). Instead it computes its own gate over deduped, runtime-only findings, classified into three tiers:

tier examples effect
malware YARA sig, obfuscated/base64 exec, hardcoded secret hard-block
suspicious prompt-injection, rogue-agent, env-harvest, CVE'd dep caution
capability network, filesystem, privilege, output handling disclosed as a badge

Findings in test / docs / CI / deploy paths are excluded from the gate. The suspicious middle is where pattern-matching cannot be sure; an optional --deep LLM pass (and, later, reputation signals) resolves it.

Install

# scan engine (one-time)
uv tool install git+https://github.com/NVIDIA/skillspector.git

# build spx
go build -o spx ./cmd/spx

Usage

spx scan github:owner/repo            # inspect a source
spx scan ./local/dir --deep           # add the LLM intent pass

spx install <name> --command <cmd> --source github:owner/repo --client cursor
                                      # scan -> gate -> write config
spx clients                           # detected AI clients
spx list                              # installed MCP servers
spx remove <name>

Set SPX_SKILLSPECTOR_BIN to point at a specific engine binary.

License / attribution

Uses NVIDIA SkillSpector (Apache-2.0) as an external engine — see NOTICE. Independent project, not affiliated with NVIDIA.

About

Security-gated installer for MCP servers and AI-agent skills — scans before it installs.

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

 
 
 

Contributors

Languages