Skip to content

Releases: trynullsec/nullsec

v0.1.0 — Initial Release

20 May 14:07
@trynullsec trynullsec
v0.1.0
3eb8abf

Choose a tag to compare

View all tags
v0.1.0 — Initial Release Latest
Latest

nullsec-mcp v0.1.0

Trust analysis for MCP servers and AI agents.

Features

  • Tool Inventory — discovers all registered MCP tools, classifies capability types (filesystem, shell, network, database, wallet, credentials)
  • Dangerous Capability Detection — flags tools with unguarded dangerous operations; distinguishes mitigated vs unguarded
  • Permission Analysis — maps credential surface from env vars, README docs, and source code
  • Injection Surface — AI-powered detection of confused-deputy attacks, unsanitized outputs, and tool-chaining risks (requires ANTHROPIC_API_KEY)
  • Input Validation — static analysis for path traversal, SQL injection, command injection, SSRF, eval
  • Network Egress — identifies outbound domains and dynamic URL fetching
  • Trust Score — deterministic 0–100 score with grade (A+ to F), risk level, and capability breakdown
  • NSIP Manifest — generates machine-readable nsip.json trust documents (nsip/v0.1 schema)

Usage

npx nullsec-mcp https://github.com/org/your-mcp-server

Options

Flag Description
--json Full JSON output for CI/CD
--nsip Write nsip.json to current directory
--no-ai Skip AI analysis (no API key needed)
--max-size <MB> Max repo size limit (default: 200)

Exit Codes

Code Meaning
0 Trust Score ≥ 80
1 Trust Score 40–79
2 Trust Score < 40
Assets 2
Loading