Free Tier Available GitHub App Launched Get Started

The Security Guardrail
for AI Coding Agents

Open source threat intelligence for AI coding agents. SafeDep's hosted MCP server checks every package before an agent installs it using SafeDep's real-time threat intelligence.

Get Started Free See how it works

Works with every MCP-compatible agent

Claude Code

Cursor

OpenAI Codex

Gemini CLI

Windsurf

Zed

The Threat

AI Agents Don't Know
What They're Installing

AI coding agents write code, run commands, and install dependencies autonomously. They have no way to distinguish a legitimate package from a malicious one.

Shai-Hulud

A self-replicating worm compromised 500+ npm packages and 25,000 repos. Zero human interaction required. One npm install would have triggered the full chain.

500+ packages. 487 orgs. Self-spreading.

Unit 42 Research

Slopsquatting

AI models hallucinate package names. Attackers register them with malware. 58% of hallucinated names repeat — making them reliable attack targets.

5.2% hallucination rate. 30K downloads on one fake package.

Spracklen et al., 2025

Pre-Install Execution

Malware runs during npm install, before any code loads. By the time the command returns, credentials are already exfiltrated.

Executes before any scanner can inspect it.

Threat Intelligence

Before Every Install

SafeDep's hosted MCP server provides AI agents real-time access to a malicious package database. Before any install, the agent queries SafeDep. Malware gets blocked. Clean packages proceed. Zero friction.

How It Works

Three Steps to Safer Installs

Agent Identifies a Dependency

Before running any install command, the agent checks with SafeDep via MCP.

Real-Time Threat Analysis

Static analysis, sandbox execution, and verified threat reports — checked in milliseconds.

See how SafeDep analyzes packages

Install or Block

Clean packages proceed. Malicious packages are blocked. Uncertain? Fail closed, ask the developer.

Setup

Add SafeDep to Any Agent

Pick an agent. Paste the config. Every package the agent installs gets checked against SafeDep's threat intelligence.

Malicious packages are automatically blocked

Clean packages install normally

Unknown packages fail closed — the agent asks the developer to review

Claude Code

claude mcp add safedep-threats \
  --transport http \
  --header "Authorization: YOUR_API_KEY" \
  --header "X-Tenant-ID: YOUR_TENANT_DOMAIN" \
  https://mcp.safedep.io/model-context-protocol/threats/v1/mcp

Cursor

// ~/.cursor/mcp.json
{
  "mcpServers": {
    "safedep": {
      "url": "https://mcp.safedep.io/model-context-protocol/threats/v1/mcp",
      "headers": {
        "Authorization": "YOUR_API_KEY",
        "X-Tenant-ID": "YOUR_TENANT_DOMAIN"
      }
    }
  }
}

OpenAI Codex

# ~/.codex/config.toml
[mcp_servers.safedep]
type = "url"
url = "https://mcp.safedep.io/model-context-protocol/threats/v1/mcp"

[mcp_servers.safedep.headers]
Authorization = "YOUR_API_KEY"
X-Tenant-ID = "YOUR_TENANT_DOMAIN"

Gemini CLI

// ~/.gemini/settings.json
{
  "mcpServers": {
    "safedep": {
      "httpUrl": "https://mcp.safedep.io/model-context-protocol/threats/v1/mcp",
      "headers": {
        "Authorization": "YOUR_API_KEY",
        "X-Tenant-ID": "YOUR_TENANT_DOMAIN"
      }
    }
  }
}

Windsurf

// ~/.codeium/windsurf/mcp_config.json
{
  "mcpServers": {
    "safedep": {
      "serverUrl": "https://mcp.safedep.io/model-context-protocol/threats/v1/mcp",
      "headers": {
        "Authorization": "YOUR_API_KEY",
        "X-Tenant-ID": "YOUR_TENANT_DOMAIN"
      }
    }
  }
}

Zed

// ~/.config/zed/settings.json
{
  "context_servers": {
    "safedep": {
      "settings": {
        "url": "https://mcp.safedep.io/model-context-protocol/threats/v1/mcp",
        "headers": {
          "Authorization": "YOUR_API_KEY",
          "X-Tenant-ID": "YOUR_TENANT_DOMAIN"
        }
      }
    }
  }
}

Need credentials? Sign up free at app.safedep.io → Settings → API Keys

See It In Action

Watch SafeDep Block a Malicious Package in Real Time

See what happens when an AI agent tries to install a flagged package. SafeDep intercepts the request, checks its threat database, and blocks the install — before any code executes.

Get Started Free

Try it: After setup, prompt the agent with “Install the npm package safedep-test-pkg” — it should refuse. Also works with PyPI.

Coverage

Every Package Ecosystem. One MCP Server.

SafeDep monitors every major package registry in real-time. New releases are scanned by AI-powered static analysis and dynamic sandbox execution within minutes of publication.