agentaudit 3.9.4 → 3.9.5
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +1 -1
- package/index.mjs +5 -10
- package/package.json +1 -1
package/README.md
CHANGED
|
@@ -483,7 +483,7 @@ It checks standard config file locations for Claude Desktop, Cursor, VS Code, an
|
|
|
483
483
|
|
|
484
484
|
- **Trust Registry**: [agentaudit.dev](https://agentaudit.dev)
|
|
485
485
|
- **Leaderboard**: [agentaudit.dev/leaderboard](https://agentaudit.dev/leaderboard)
|
|
486
|
-
- **Skill
|
|
486
|
+
- **Agent Skill**: [github.com/starbuck100/agentaudit-skill](https://github.com/starbuck100/agentaudit-skill) — Full agent skill with pre-install security gate, detection patterns & peer review system
|
|
487
487
|
- **MCP Server Repository**: [github.com/starbuck100/agentaudit-mcp](https://github.com/starbuck100/agentaudit-mcp)
|
|
488
488
|
- **Report Issues**: [GitHub Issues](https://github.com/starbuck100/agentaudit-mcp/issues)
|
|
489
489
|
|
package/index.mjs
CHANGED
|
@@ -268,21 +268,16 @@ async function checkRegistry(slug) {
|
|
|
268
268
|
|
|
269
269
|
// ── MCP Server ───────────────────────────────────────────
|
|
270
270
|
|
|
271
|
-
const pkg = JSON.parse(fs.readFileSync(new URL('./package.json', import.meta.url), 'utf8'));
|
|
272
|
-
|
|
273
271
|
const server = new Server(
|
|
274
|
-
{ name: 'agentaudit', version:
|
|
275
|
-
{
|
|
276
|
-
capabilities: { tools: {} },
|
|
277
|
-
instructions: 'AgentAudit — Security scanner for AI packages. Use discover_servers to find MCP servers in editor configs, check_package for registry lookups, audit_package for deep LLM-powered code analysis, and submit_report to upload findings.',
|
|
278
|
-
}
|
|
272
|
+
{ name: 'agentaudit', version: '3.2.0' },
|
|
273
|
+
{ capabilities: { tools: {} } }
|
|
279
274
|
);
|
|
280
275
|
|
|
281
276
|
server.setRequestHandler(ListToolsRequestSchema, async () => ({
|
|
282
277
|
tools: [
|
|
283
278
|
{
|
|
284
279
|
name: 'discover_servers',
|
|
285
|
-
description: '
|
|
280
|
+
description: 'Scan local config files to list ALREADY INSTALLED MCP servers (Claude Desktop, Cursor, Windsurf, VS Code). Use ONLY when the user wants to review/list their existing servers. Do NOT use this when the user wants to install, evaluate, or look up a specific package — use check_package for that instead.',
|
|
286
281
|
inputSchema: {
|
|
287
282
|
type: 'object',
|
|
288
283
|
properties: {
|
|
@@ -295,7 +290,7 @@ server.setRequestHandler(ListToolsRequestSchema, async () => ({
|
|
|
295
290
|
},
|
|
296
291
|
{
|
|
297
292
|
name: 'audit_package',
|
|
298
|
-
description: 'Deep security audit
|
|
293
|
+
description: 'Deep security audit of a Git repository. Clones the repo and returns source code with a 3-pass audit methodology (UNDERSTAND → DETECT → CLASSIFY). You then analyze the code and call submit_report with findings. Use check_package FIRST to see if an audit already exists — only use this for unaudited packages or when a fresh audit is requested.',
|
|
299
294
|
inputSchema: {
|
|
300
295
|
type: 'object',
|
|
301
296
|
properties: {
|
|
@@ -323,7 +318,7 @@ server.setRequestHandler(ListToolsRequestSchema, async () => ({
|
|
|
323
318
|
},
|
|
324
319
|
{
|
|
325
320
|
name: 'check_package',
|
|
326
|
-
description: '
|
|
321
|
+
description: 'Look up a package in the AgentAudit security registry. USE THIS FIRST whenever the user wants to install, add, evaluate, or learn about a specific MCP server or package. Returns risk score, findings, and official audit status if available. If the package is not yet in the registry, suggests running an audit. This is the go-to tool for any "is this safe?" or "should I install this?" question.',
|
|
327
322
|
inputSchema: {
|
|
328
323
|
type: 'object',
|
|
329
324
|
properties: {
|