npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

@getvetai/cli

v0.4.4

Published

Security audit CLI for AI skills and MCP servers — scan, audit, and score tools before you install them

Downloads

819

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

getvetgetvet

Keywords

aisecurityauditmcpopenclawskillstoolstrustscanner

Readme

@getvetai/cli

Security audit CLI for AI skills and MCP servers. Scan, audit, and discover tools before you install them.

🌐 Registry: getvet.ai — 23,000+ AI tools verified and scored

Install

npm install -g @getvetai/cli

Or run without installing:

npx @getvetai/cli scan .

Commands

vet scan <target>

Scan a tool for security issues. Checks the getvet.ai registry first for instant results.

# Scan an npm package (checks registry first)
vet scan @modelcontextprotocol/server-filesystem

# Local analysis only (skip registry)
vet scan @modelcontextprotocol/server-filesystem --offline

# Request a deep scan from registry
vet scan @modelcontextprotocol/server-filesystem --deep

# Scan a local project
vet scan ./my-mcp-server

# Scan a GitHub repo
vet scan https://github.com/modelcontextprotocol/servers

# JSON output
vet scan ./SKILL.md --json

vet audit [path]

Audit all AI tools in a project. Auto-discovers MCP configurations from:

Claude Desktop · Cursor · VS Code · Windsurf · Cline · Zed · Continue · OpenClaw

# Audit current directory
vet audit

# Audit a specific project
vet audit ./my-project

# Strict mode — exit 1 if any tool is unverified/flagged
vet audit --strict

# JSON output
vet audit --json

vet find <query>

Search the getvet.ai registry for tools by description.

# Search for tools
vet find "web scraping"
vet find "database access"

# Limit results
vet find "browser automation" --limit 20

# Filter by type
vet find "file management" --type mcp

# JSON output
vet find "weather" --json

vet install <package>

Install a package with a pre-install security audit.

# Audit + install
vet install @modelcontextprotocol/server-github

# Install globally
vet install -g some-mcp-server

Verification Levels

| Level | Badge | Meaning | |-------|-------|---------| | L2 | ✅ Verified | Installs, boots, tools discovered and tested | | L1 | 🔍 Boots | Installs and boots successfully | | L0 | ⚠️ Indexed | Cataloged, not yet verified |

What It Detects

  • Permissions: shell execution, file I/O, network access, browser control, database queries, crypto operations
  • Security issues: destructive commands, remote code execution, dynamic eval, credential patterns, elevated privileges
  • MCP-specific: tool parameter analysis, transport detection (stdio/http/sse), runtime detection
  • Requirements: environment variables, API keys, Docker dependencies

API Access

Access verified tool schemas programmatically. Create a free API key at getvet.ai/dashboard → API Keys.

# Fetch tool schemas
curl -H "x-api-key: vet_sk_YOUR_KEY" https://getvet.ai/api/v1/tools/TOOL_SLUG/schemas

# Or use Bearer token
curl -H "Authorization: Bearer vet_sk_YOUR_KEY" https://getvet.ai/api/v1/tools/TOOL_SLUG/schemas

# Bulk fetch (multiple tools at once)
curl -X POST \
  -H "x-api-key: vet_sk_YOUR_KEY" \
  -H "Content-Type: application/json" \
  -d '{"slugs":["tool-1","tool-2"]}' \
  https://getvet.ai/api/v1/tools/schemas/bulk

See getvet.ai/get-started for full documentation.

Links

  • 🌐 getvet.ai — Browse the registry
  • 📦 npm — Package page

License

MIT