A security-gated installer for MCP servers and AI-agent skills.
Installing an MCP server today is like running a random binary from the internet:
it runs locally with real privileges (filesystem, network, shell). spx scans a
source before it touches your client config, discloses what it can do, and
blocks installs that trip malware-grade signals.
Status: experimental / work in progress. Interfaces will change.
spxdiscloses capabilities and known-malware signals — it is not a guarantee of safety. Static analysis is unsound on dynamic languages; treat results as disclosure, not proof.
- Scan a repo or local dir and print a trust verdict, permission badges, and findings — powered by NVIDIA SkillSpector.
- Gate installs:
spx installscans first, blocks on malware-grade findings, and only then writes the MCP entry into your client config (atomic, backed up). - Cross-client: Cursor, Claude Desktop, VS Code (more to come).
spx does not trust the scanner's aggregate score (it inflates on finding
volume — a legitimate tool can hit 100/CRITICAL from noise). Instead it computes
its own gate over deduped, runtime-only findings, classified into three tiers:
| tier | examples | effect |
|---|---|---|
| malware | YARA sig, obfuscated/base64 exec, hardcoded secret | hard-block |
| suspicious | prompt-injection, rogue-agent, env-harvest, CVE'd dep | caution |
| capability | network, filesystem, privilege, output handling | disclosed as a badge |
Findings in test / docs / CI / deploy paths are excluded from the gate. The
suspicious middle is where pattern-matching cannot be sure; an optional --deep
LLM pass (and, later, reputation signals) resolves it.
# scan engine (one-time)
uv tool install git+https://github.com/NVIDIA/skillspector.git
# build spx
go build -o spx ./cmd/spxspx scan github:owner/repo # inspect a source
spx scan ./local/dir --deep # add the LLM intent pass
spx install <name> --command <cmd> --source github:owner/repo --client cursor
# scan -> gate -> write config
spx clients # detected AI clients
spx list # installed MCP servers
spx remove <name>Set SPX_SKILLSPECTOR_BIN to point at a specific engine binary.
Uses NVIDIA SkillSpector (Apache-2.0) as an external engine — see NOTICE.
Independent project, not affiliated with NVIDIA.