npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

decoy-scan

v0.4.2

Published

Security scanner for MCP server configurations. Finds risky tools, vulnerable packages, and suspicious servers across Claude Desktop, Cursor, VS Code, and more.

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

ad30jonead30jone

Keywords

mcpsecurityscannersupply-chainai-agentvulnerabilityprompt-injectiontool-risk

Readme

decoy-scan

Find security risks in your MCP servers before attackers do. Zero dependencies, zero config, zero account required.

npm License: MIT

npx decoy-scan

Scans Claude Desktop, Cursor, Windsurf, VS Code, Claude Code, Zed, and Cline. Finds risky tools, detects prompt injection, analyzes toxic data flows, tracks manifest changes, and maps everything to the OWASP Agentic Top 10.

What It Checks

| Check | What it finds | |-------|---------------| | Tool risk classification | Critical/high/medium/low tools by name + description | | Prompt injection detection | 37 patterns across 20 attack categories in tool descriptions | | Toxic flow analysis | Cross-server data leak (TF001) and destructive (TF002) attack chains | | Tool manifest hashing | Detects tool additions, removals, and description changes between scans | | Skill scanning | Prompt injection, hardcoded secrets, suspicious URLs in Claude Code skills | | Server command analysis | Pipe-to-shell, inline code, typosquatting, temp directory spawning | | Environment variable exposure | API keys, tokens, secrets, cloud credentials passed to servers | | Supply chain advisories | 40+ known vulnerable MCP packages via Decoy advisory database | | Transport security | HTTP without TLS, missing auth, wildcard CORS, public-bound SSE | | Input sanitization | Unconstrained parameters, missing maxLength, open schemas | | Permission scope | Over-privileged servers, dangerous capability combinations | | OWASP mapping | Every finding mapped to ASI01–ASI05 |

GitHub Action

One step. Scans MCP configs, enforces policy, uploads results to GitHub Security tab.

# .github/workflows/mcp-security.yml
name: MCP Security
on: [push, pull_request]

jobs:
  scan:
    runs-on: ubuntu-latest
    permissions:
      security-events: write
    steps:
      - uses: actions/checkout@v4
      - uses: decoy-run/decoy-scan@v1

That's it. Fails the build if critical tools or prompt injection are found. Results appear in the Security tab.

With options

- uses: decoy-run/decoy-scan@v1
  with:
    policy: no-critical,no-poisoning,no-toxic-flows
    report: true
    token: ${{ secrets.DECOY_TOKEN }}

Inputs

| Input | Default | Description | |-------|---------|-------------| | policy | no-critical,no-poisoning | Comma-separated policy rules | | sarif | true | Upload SARIF to GitHub Security tab | | report | false | Upload to Decoy Guard dashboard | | token | — | Decoy API token (for report) | | verbose | false | Show all tools including low-risk |

Policy rules

no-critical          Fail on critical tools (code exec, file write)
no-high              Fail on high-risk tools (file read, network)
no-poisoning         Fail on prompt injection in tool descriptions
no-toxic-flows       Fail on cross-server data leak / destructive chains
no-secrets           Fail on secrets exposed in MCP config
require-tripwires    Fail if decoy-tripwire not installed
max-critical=N       Fail if more than N critical tools
max-high=N           Fail if more than N high-risk tools

Manual CI/CD

If you prefer raw commands over the Action:

- run: npx decoy-scan --policy=no-critical,no-poisoning
- run: npx decoy-scan --sarif > results.sarif
- uses: github/codeql-action/upload-sarif@v3
  with:
    sarif_file: results.sarif

Options

npx decoy-scan                     # Full scan with server probing
npx decoy-scan --json              # JSON output (stdout, pipeable to jq)
npx decoy-scan --sarif             # SARIF 2.1.0 for GitHub Security / VS Code
npx decoy-scan --skills            # Also scan Claude Code skills
npx decoy-scan --no-probe          # Config-only (don't spawn servers)
npx decoy-scan --no-advisories     # Skip advisory database check
npx decoy-scan --report            # Upload results to Decoy dashboard
npx decoy-scan --policy=RULES      # CI/CD policy gate (exit 2 on violation)
npx decoy-scan --verbose           # Show all tools including low-risk
npx decoy-scan --quiet             # Suppress status output (exit code only)
npx decoy-scan --no-color          # Disable colored output

Run from your project root to include project-level .mcp.json configs.

Exit Codes

| Code | Meaning | |------|---------| | 0 | No critical or high-risk issues | | 1 | High-risk issues found | | 2 | Critical issues, tool poisoning, toxic flows, or policy violation |

Library

import {
  scan,
  toSarif,
  classifyTool,
  detectPoisoning,
  analyzeToxicFlows,
  hashToolManifest,
  detectManifestChanges,
  discoverSkills,
  analyzeSkill,
} from 'decoy-scan';

const results = await scan({ skills: true });
console.log(results.toxicFlows);    // [{ id: "TF001", severity: "critical", roles: {...} }]
console.log(results.skills);        // [{ name: "...", findings: [...] }]
console.log(results.servers[0].manifestHash);  // "45c4c571f03c78a2"

How It Compares

| | decoy-scan | Snyk agent-scan | |---|---|---| | Language | JavaScript | Python | | Dependencies | 0 | 15 (aiohttp, pydantic, mcp, etc.) | | Install | npx decoy-scan | uvx snyk-agent-scan + Snyk account | | Cloud required | No | Yes (sends data to Snyk API) | | Toxic flow analysis | Yes (local) | Yes (cloud) | | Manifest change detection | Yes | Yes (registry-based) | | Skill scanning | Yes | Yes | | CI/CD policy gate | Yes | No | | SARIF output | Yes | No | | OWASP mapping | Yes | No | | Hosts supported | 8 | 6 | | Tripwire integration | Yes (decoy-tripwire) | No |

Supported Hosts

Claude Desktop, Cursor, Windsurf, VS Code, Claude Code (global + project), Zed, Cline

Related

License

MIT