Model Context Protocol
Check packages for malware from inside your AI coding assistant.
The PkgRadar MCP server puts supply-chain malware intelligence directly in the AI dev loop. Before Claude Code, Cursor, Copilot, or Windsurf adds a dependency, it can ask PkgRadar whether that package is malicious — and get a one-line verdict back.
Open source, free, and backed by PkgRadar’s public API. No API key required.
Why
Catch malware before npm install, not after.
AI assistants happily add whatever dependency gets the job done — including the typosquat, the freshly published dropper, or the compromised release that public advisories haven’t caught up to yet. With the MCP server installed, the assistant checks each package against PkgRadar first and refuses to install the ones flagged malicious. PkgRadar flags the majority of malicious packages before public disclosure, so the assistant is warned while the window is still open.
⚠️ MALICIOUS — do not install
Package: npm/@diagrammo/[email protected]
Risk: high Score: 24
Known-malicious — attributed to campaign: Clob dropper
Top signals: install_lifecycle_remote_or_exec (high); large_javascript_payload (low)Install
Claude Code
One command. It runs the server via npx, so there’s nothing to clone or build.
claude mcp add pkgradar -- npx -y @pkgradar/mcpInstall
Cursor / Windsurf / generic mcp.json
Add PkgRadar to your MCP config. Works with any MCP-aware client.
{
"mcpServers": {
"pkgradar": {
"command": "npx",
"args": ["-y", "@pkgradar/mcp"]
}
}
}Optional: set PKGRADAR_API_BASE to point at a self-hosted or proxied API (defaults to https://pkgradar.com). No API key is needed.
Tools
Five tools the assistant can call
| Tool | What it does |
|---|---|
check_package | Check one package (ecosystem, name, optional version). Returns a verdict — MALICIOUS / Review / clean / not-yet-scanned — plus risk, score, campaign attribution, lead time vs public disclosure, and the top detection signals. |
check_dependencies | Paste a whole package.json or requirements.txtand check every dependency at once. Returns only the flagged packages plus a “checked N, flagged M” summary — the pre-install gate. |
list_campaigns | List the named malware campaigns PkgRadar tracks, with attributed-package counts. |
get_campaign | Detail for one campaign: description, attribution basis, and sample members. |
coverage_stats | PkgRadar’s transparency numbers — detections, how often it flagged first, and median lead time ahead of public advisories. |
Ecosystems: npm, PyPI, Cargo, RubyGems, Maven, NuGet, Composer, Go, and Pub. For scoped npm packages, pass the full name (e.g. @scope/pkg).
Open source
Read the code, wraps the public API
The MCP server is a thin, MIT-licensed wrapper over PkgRadar’s free public API — the same endpoints that power the package pages on this site. No credentials, no telemetry beyond the package lookups themselves. Audit it, vendor it, or fork it.