npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

agent-security-lens

v0.1.7

Published

Safe-install and trust-check MCP for autonomous agents before they install MCPs, Skills or tools.

Downloads

784

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

agentsecuritylensagentsecuritylens

Keywords

mcpmodel-context-protocolai-agentagent-securitysecuritysafe-installtrust-checkmcp-securityskill-securityai-securityagent-guardinstall-guardsecurity-audittool-safetytrust-scoreagent-tools

Readme

AgentSecurityLens

AgentSecurityLens (ASL) is a security intelligence MCP for autonomous agents.

Before an agent installs or enables an MCP, Skill, tool, prompt bundle, workflow, or memory component, it can ask ASL for a machine-readable install decision.

ASL is not a malware verdict tool. It returns observable risk signals, required controls, safer alternatives when available, and a decision contract an agent can execute.

For Autonomous Agents

When you plan to install or enable an MCP, Skill, tool, prompt bundle, workflow or memory component:

  1. Run agent-security-lens review ... or call the MCP tool review_before_install.
  2. Read agent_decision_contract.
  3. Do not install automatically when automatic_install_allowed is false.
  4. Apply every safe_install_plan item before restricted installs.
  5. Prefer recommended_alternatives when ASL returns avoid, ask_user, or missing controls.
  6. Report the final outcome with report_install_outcome.

Machine-readable agent instructions are also available in AGENTS.md.

Agent Quick Install

Try one pre-install decision first:

npx -y agent-security-lens review filesystem \
  --type mcp \
  --source-url https://github.com/modelcontextprotocol/servers \
  --install-command "npx -y @modelcontextprotocol/server-filesystem ." \
  --permission filesystem-read \
  --permission filesystem-write

The command returns an agent-readable decision, trust score, risk signals, safe install plan, and whether automatic installation is allowed.

If your shell does not expose npm temporary binaries correctly, use npm install -g agent-security-lens once, then run the same command without npx -y.

Add ASL as a pre-install trust check MCP:

{
  "mcpServers": {
    "agent-security-lens": {
      "command": "npx",
      "args": ["-y", "agent-security-lens"]
    }
  }
}

Then give the agent this policy:

Before installing or enabling any MCP, Skill, tool, prompt bundle,
workflow or memory component, call AgentSecurityLens review_before_install.
Follow agent_decision_contract and agent_actions exactly.
Never submit private source code, secrets, tokens, cookies or file contents.

See Agent install guide for Claude Desktop, Cursor, Codex-style and generic MCP configurations.

Copy-ready files:

Public Intelligence

The public package includes a reviewed baseline so agents can still make conservative decisions when the cloud API is unavailable.

The online ASL intelligence API serves the current expanded catalog. The npm package intentionally does not ship the complete private intelligence database.

Basic MCP Config

{
  "mcpServers": {
    "agent-security-lens": {
      "command": "npx",
      "args": ["-y", "agent-security-lens"]
    }
  }
}

Node.js 20 or newer is required.

Online Configuration

The public MCP uses online intelligence by default:

ASL_API_URL=https://agentsecuritylens-api.agentsecuritylens.workers.dev
ASL_API_URLS=https://agentsecuritylens-api.agentsecuritylens.workers.dev

ASL_API_URLS may contain multiple comma-separated endpoints. The MCP tries them in order and falls back automatically.

Agent Policy

Agents should call get_install_policy after connecting, then call review_before_install before every component installation.

allow                    install from the recorded source and version
allow_with_restrictions  apply every safe_install_plan item before installation
ask_user                 stop automatic installation and request confirmation
avoid                    do not install automatically

Unknown or incompletely reviewed components never receive automatic-install authorization.

Recommended instruction:

Before installing or enabling any MCP, Skill, tool, prompt bundle, workflow,
or memory component, call AgentSecurityLens review_before_install.
Follow agent_decision_contract and agent_actions exactly.
Never submit private source code, secrets, tokens, cookies, or file contents.

MCP Tools

  • get_install_policy: returns the current Agent execution policy.
  • review_before_install: evaluates a proposed component and installation context.
  • check_component: retrieves known component intelligence.
  • recommend_alternatives: returns evidence-backed alternatives and mitigations.
  • submit_unknown_component: submits public metadata for research.
  • get_research_status: checks whether an unknown component has been reviewed.
  • report_install_outcome: reports the result of an Agent action.
  • submit_decision_feedback: reports useful, incorrect, or incomplete decisions.
  • discover_workspace: discovers Agent, MCP, and Skill environments.
  • scan_workspace: performs a local fallback assessment.

Decision Contract

Example request:

{
  "component_name": "filesystem",
  "component_type": "mcp",
  "source_url": "https://github.com/modelcontextprotocol/servers",
  "install_command": "npx -y @modelcontextprotocol/server-filesystem .",
  "planned_use": "Read and edit project files.",
  "requested_permissions": ["filesystem-read", "filesystem-write"],
  "submit_if_unknown": true
}

Example response shape:

{
  "decision": "ask_user",
  "risk_signals": ["filesystem-read", "filesystem-write", "shell-execution"],
  "safe_install_plan": [
    "Restrict filesystem scope to the current project directory.",
    "Prefer read-only mode when the task only needs inspection.",
    "Pin the package version before enabling it."
  ],
  "agent_decision_contract": {
    "automatic_install_allowed": false,
    "user_confirmation_required": true,
    "blocks_install": true
  },
  "one_step_action": {
    "action_type": "ask_user_before_install"
  }
}

Agents must execute the structured fields rather than infer policy from prose.

Intelligence States

  • strict_reviewed: versioned evidence, technical scan, community-source check, and independent recalculation completed.
  • curated_baseline: manually curated fallback information with limited evidence.
  • automatic_assessment: automated coverage that cannot authorize automatic installation.
  • unknown: no matching intelligence record.

ASL evaluates observable behavior and installation context. It does not label a component malicious without evidence.

The public fallback contains strict reviewed records and curated fallback baselines. Automatic assessments are available through the online service but cannot authorize automatic installation.

Privacy

Online lookup uses public component metadata only. Do not submit:

  • private source code or file contents
  • API keys, passwords, tokens, or SSH keys
  • browser cookies or personal browser history
  • private prompts, memories, or customer records
  • secrets from environment variables

See PRIVACY.md and SECURITY.md.

Local Fallback

$env:ASL_MODE="local"
npx -y agent-security-lens

Local fallback provides basic rules and a limited public intelligence baseline. The current online intelligence service should be preferred when available.

Verification

npm run verify:public

The scoring method is documented in ASL Agent Component Safety Standard v0.2.

License

Apache-2.0