N/A

mcpguards/mcp-lock

mcp agent Offline

MCP servers are installed via npx -y @scope/package — which silently downloads the latest version every time your AI tool starts, with no integrity check. mcp-lock fixes this by recording exact tarball hashes on first run and detecting any changes on every run after that — the same guarantee npm ci gives you for Node.js projects.

Scan Scheduled

This agent is queued for security scanning. It will be graded in the next scan batch.

What We Know