@inner-security/mcp
v0.1.17
Published
Inner MCP server (stdio). Exposes 5 tools (check_package, check_dependencies, explain_verdict, suggest_alternative, request_review) so a coding agent gets a verdict + a suggested safer alternative BEFORE it installs. A thin client of Inner's Verdict API,
Downloads
3,105
Readme
@inner-security/mcp — Inner MCP server
A thin client of Inner's Verdict API, exposed over the Model Context Protocol (stdio). It lets a coding agent get a verdict + a suggested safer alternative before it installs a package.
All detection, scoring, and auth live server-side. This package ships no detection logic — it only consumes the Verdict API. Real usage is gated by an Inner org API key (the Datadog model).
Tools
| Tool | Purpose |
|------|---------|
| check_package | (ecosystem, name, version) → verdict + an alternative when blocked |
| check_dependencies | manifest/lockfile or explicit list → per-package verdicts + tally |
| explain_verdict | a package → deep-insight reasoning (behaviors + evidence) |
| suggest_alternative | a blocked package → a safer alternative |
| request_review | a package → records a review request |
Run
Requires Node >= 20. The server speaks MCP over stdio via the inner-mcp bin.
npx @inner-security/mcp # or: npm i -g @inner-security/mcp && inner-mcpWire into an MCP client
{
"mcpServers": {
"inner": {
"command": "npx",
"args": ["-y", "@inner-security/mcp"],
"env": {
"INNER_API_KEY": "ik_..."
}
}
}
}Configuration
Env-configurable; the Verdict API base defaults to Inner's hosted service, so
the server works out of the box (only INNER_API_KEY is needed for real
verdicts). Override INNER_API_URL only to point at a different deployment:
| Env | Purpose | Default |
|-----|---------|---------|
| INNER_API_URL | Verdict API base URL | https://api.getinner.ai |
| INNER_API_KEY | Org API key (gates real verdicts) | (none) |
How verdicts resolve
Package-verdict tools call POST /v1/verdict and handle the
VerdictEnvelope | PendingResponse envelope, polling PENDING items with a
per-request timeout. No local cache (unlike the CLI).
Telemetry
Opt-in and off by default. Set INNER_TELEMETRY=1 to send anonymous usage
events (tool-call completions and verdict tallies — never package names, file
paths, or your API key) to PostHog. The distinct ID is a SHA-256 hash of
INNER_API_KEY, so the raw key never leaves your machine.
License
MIT © 2026 Inner Security. See LICENSE.
