Cleared by Cyber-Guardian's automated review with a top security score. This is our point-in-time assessment — verify the current version before production use.
The trust standard for AI tools
Before You Install AI, Verify It.
Scan MCP servers, AI agents, AI Skills, IDE and VS Code extensions, Cursor tools, GitHub repositories and Actions, npm packages and dependencies before granting access to systems, data, credentials or workflows.
Has your code been scanned by Cyber Guardian Scan?
Create a free account to scan real code. Free accounts include 10 scans/month. No credit card required.
Why MCP security matters
Why pre-install scanning matters now
MCP (Model Context Protocol) lets AI assistants connect to anything: your Gmail, Notion, GitHub, files. A malicious MCP server runs on your machine with full permissions.
10,000+ MCP servers
Anyone can publish one. Most aren't audited.
Full system access
MCP servers run locally with your credentials.
No security standard
No app store review. No code signing. No mandatory audit.
How it works
01
Paste the Code
MCP server, AI Skill, IDE extension. Any language.
One clear score, backed by focused security checks
The overall score helps you make an install decision. The subscores show which security areas strengthened or reduced that result.
Cyber Guardian Security Score™
96 / 100
Safe for Install
No meaningful security concerns were found in the scanned version based on the available evidence.
Security score breakdown
Each area is evaluated separately so you can see where trust is strong and where closer review may be needed.
Higher score = stronger protection and lower detected risk
Code Safety
98
Credential Risk
100
Prompt Injection Risk
94
Supply Chain Risk
95
Permissions Risk
93
The score applies only to the exact version that was scanned and is based on current findings. If the code changes, a new scan is required.
Version-bound verification
Trust follows the exact code, not just the tool name
Cyber Guardian Scan connects every verification to a specific version, commit and code fingerprint. When the code changes, the previous verification expires.
A fingerprint proves what was scanned
The code fingerprint changes when the source changes. That prevents an old clean result from being presented as verification for a newer, modified version.
Versionv1.4.2
Commit84fd21b
Code fingerprintsha256:7c91...e4a2
Verified Current
The current code matches the exact version and fingerprint that were scanned.
Changed Since Scan
The source no longer matches the verified fingerprint. The earlier result is no longer current.
Danger for Install
The scanned version contains serious security risks and should not be installed.
Rescan Required
Scan the changed code again before relying on its previous verification or installing it.
Technical transparency
How the engine works
Cyber Guardian Scan is a static, pre-installation security review. It combines deterministic rules with semantic analysis, then returns a practical install decision.
Layer 1
Static analysis
The scanner checks the submitted code against defined threat families: credential access, command execution, prompt injection, exfiltration, obfuscation, risky install scripts and supply-chain indicators.
Layer 2
LLM-assisted semantic review
A language-model review is used to understand intent, permissions, tool behavior and suspicious combinations that simple signatures can miss. Static findings are never downgraded by the semantic layer.
Layer 3
Additional behavior review
When deeper review evidence is available, the report can include behavior signals and practical limits. Cyber Guardian Scan presents only verified evidence in the public report.
Layer 4
Threat intelligence
Findings are compared with defined threat families and recorded scan intelligence. Historical signals support review, but never replace checking the current source.
Layer 5
Policy and risk rules
Evidence, severity, scan coverage and verification rules are combined into a clear decision: Safe for Install, Needs Review, Danger for Install or Rescan Required.
Accuracy is reported carefully: the beta does not publish a measured false-positive rate yet. Needs Review means investigate before installing; Danger for Install is reserved for serious risk or strong malicious indicators.
Use the result as a security decision aid, not as a replacement for internal review, vendor due diligence, or production approval controls.
Product integrity
Clear security decisions without false claims.
Cyber Guardian Scan focuses on helping you decide whether to install, review, fix, block, or replace code. The report shows practical evidence and does not present unverified capabilities as active protection.
Evidence first
Findings must be explainable
Every risky result should show what was found, why it matters, and what the user should do next.
No false certainty
Clear limits
If a scan does not have enough evidence to approve installation, Cyber Guardian Scan says review is required instead of pretending the code is safe.
Fresh verification
Current source matters
Past clean results are useful signals, but code can change. Recommendations should be based on the current source, not blind trust.
Practical next step
Fix or choose a safer path
Reports should help users fix risky behavior, avoid unnecessary permissions, or contact the team for deeper review when needed.
Careful reporting
Public reports stay focused
Reports focus on evidence, risk, and the next decision the user needs to make.
Cyber Guardian Scan does not present a protection capability as active until it is connected, tested, reliable, and ready for users.
Understand the result
Malicious code and unsafe code are not the same.
Cyber Guardian Scan separates harmful intent from security weaknesses so users can block attacks without unfairly labeling developer mistakes as malicious.
Intentional harm
Malicious code
Behavior deliberately designed to steal, hide, damage, gain unauthorized access or execute actions the user did not approve.
Credential theft or data exfiltration
Hidden commands, reverse shells or destructive payloads
Obfuscation intended to conceal harmful behavior
Security weakness
Unsafe code
Code that may be well-intentioned but contains weak validation, excessive permissions, insecure architecture or missing safeguards.
Unvalidated input or insecure configuration
Permissions broader than the tool needs
Risky dependencies or missing authentication controls
How to read the verdict:Needs Review can indicate an unsafe implementation, incomplete evidence or unclear intent. Danger for Install is reserved for serious risk or strong malicious indicators. Read the findings before deciding what to do.
Security resources
Guides people can share before one bad AI-tool install.
These guides explain what can go wrong, who is exposed, and how to decide whether an MCP server, AI Skill, IDE extension, workflow or package is safe enough to use.
Builders
Solo developers and indie hackers
Explain the risk of copying unknown AI tooling while moving fast.
Cyber Guardian Scan helps teams avoid a dead end: when one tool is dangerous, verified alternatives with similar functionality can be reviewed before install.
Original tool
Unverified MCP connector
Danger for Install
24/100
Requests broad file access before the user understands the scope.
Runs shell commands from tool input without a clear permission boundary.
No current Cyber Guardian Scan verification for this source fingerprint.
Recommended verified alternatives
Safe for Install
Verified MCP Files Bridge
Similar file-workflow functionality, scanned source and fingerprint.
97/100
Guarded Workspace Connector
Similar workspace automation scope with tighter permission handling.
96/100
Minimal Repo Context Server
Similar repository context access, verified for the scanned version.
96/100
Important: alternatives are not identical replacements. They must be rescanned from the current public source before being recommended as safe.
Developer Certification
Help developers earn a trust mark for the exact code they publish
Developer Certification turns a scan into an improvement workflow: find issues, fix them, rescan, then publish a version-bound verification badge when the score qualifies.
Certification workflow
From repository to verified release
The goal is not to rubber-stamp code. It is to help authors understand risks, improve implementation quality and earn verification only for the scanned version.
01
Upload or connect repository
Scan a public source, repository, package, extension or workflow.
02
Get detailed findings
Review file paths, line numbers, risk explanations and recommended fixes.
03
Fix and harden
Improve unsafe patterns, permissions, validation and dependency risk.
04
Rescan the exact version
Verification applies only to the current code fingerprint.
05
Publish verified badge
Use the badge only when the scanned score and policy qualify.
Certification is version-bound: if the code changes, the badge requires a fresh scan.
Verified by Cyber Guardian Scan™
Cyber Guardian Certification™
96/100
Recommended for Install
Version-boundThis exact release was scanned; changes require rescanning.
High Security ScoreOnly scores 96+ can qualify for the verified trust mark.
Public verified listingQualified tools can appear in the scanned tools database with source and fingerprint metadata.
Teams and organizations
Turn scan evidence into a repeatable approval process
Cyber Guardian Scan helps teams evaluate AI tools before they reach systems, credentials and production workflows. Available foundations are shown separately from organization-specific requirements.
Build an evidence-based AI tool review workflow
Start with version-bound reports and scan history, then discuss volume, access, integration and governance requirements for your organization.
Team Dashboard
Discuss requirements
Discuss team access, roles, shared visibility and workspace requirements.
Shared Reports
Available now
Share professional, version-bound public scan reports with reviewers and stakeholders.
Audit Trail
Available now
Recorded scan history and fingerprints provide evidence for point-in-time decisions.
API Access
Discuss requirements
Contact the team to discuss supported integration, volume and authentication requirements.
CI/CD Integration
Discuss requirements
Plan security checks around repositories and GitHub Actions before code reaches production.
Policy Enforcement
Discuss requirements
Use scan verdicts to inform approval policy. Runtime enforcement is not presented as active protection.
Approved Tool Catalog
Available now
Use the public verified-tools database as a starting point, then confirm the current source and fingerprint before approval.
Contact Sales is a requirements conversation, not a claim that every enterprise control is already enabled. Cyber Guardian Scan will scope only capabilities that can be delivered and verified.
Plans
Start in the free beta. Choose the workflow you need later.
The free beta is available now. Commercial plans are shown as a product structure, not as purchasable subscriptions or confirmed prices.
One blocked bad install can pay for every scan.If one scan catches one dangerous payload before you install it, you may have avoided a serious security incident.
Available now
Free Beta
For individual evaluation
10 scans / month
Cyber Guardian Security Score
Basic findings and recommendation
Public-source scanning
Planned plan
Pro
For frequent security review
Pricing to be confirmed
Higher scan volume
Detailed findings and reports
Safer-alternative workflow
Workflow available
Developer Certification
For authors improving their own code
Pricing to be confirmed
Code improvement guidance
Rescan and qualification workflow
Version-bound badge and public listing
Discuss requirements
Team / Enterprise
For organizations and procurement
Custom scope
Volume and integration requirements
Team review and governance needs
Private-scan requirements discussion
No paid price, quota or SLA is confirmed on this page. Payment does not change a security score or verification decision.
Stay in the loop
Get alerts on risky AI tools and code threats
Leave your email for short updates on new attack patterns across MCP servers, AI Skills, IDE extensions, GitHub Actions, packages and dependencies. Useful only, no spam.