TridentChain Security

Name: TridentChain Security
Author: DevInder1

DevInder1/supply-chain-scanner-public

Scan project dependencies and IDE extensions for known CVEs locally via OSV/NVD before you ship, without uploading your manifest to a cloud scanner.

Overview

TridentChain Security is an MCP server for the Ship phase that locally scans dependencies and IDE extensions for CVEs using OSV and NVD without uploading your project data.

What is this MCP server?

Local CVE scanning using OSV and NVD data sources
Scans application dependencies and IDE extension inventory
No upload of lockfiles or extension lists to a remote service
PyPI package tridentchain-mcp with stdio MCP transport (v0.1.4)
Open-source scanner repo on GitHub (supply-chain-scanner-public)
Version 0.1.4 on PyPI identifier tridentchain-mcp
Data sources OSV and NVD per description
Scans both application dependencies and IDE extensions

Compatible agents: Claude Code, Cursor, Codex, any compatible agent

What problem does it solve?

Before launch you need to know which packages or IDE extensions carry known CVEs, but cloud scanners often require uploading sensitive dependency graphs.

Who is it for?

Indie developers and small teams who want agent-triggered, privacy-preserving supply-chain CVE checks on deps and editor extensions pre-release.

Skip if: Organizations needing signed SBOM governance, license compliance suites, or active runtime intrusion detection—this is local CVE lookup, not full GRC.

What do I get? / Deliverables

After installing tridentchain-mcp and enabling stdio MCP, your agent can run local OSV/NVD-backed scans and act on CVE findings before you ship.

Local CVE findings for dependencies and IDE extensions via MCP tools
No requirement to upload project files to a third-party scan service

Recommended MCP Servers

1Claw Vault1clawAI/1claw-mcp

1Claw Vault exposes a stdio MCP server (@1claw/mcp) that connects AI agents to HSM-backed secret storage with just-in-ti…2 stars

1passwordCakeRepository/1Password-MCP

The 1Password MCP server lets solo builders wire service-account access into Claude Code, Cursor, or other stdio MCP hos…16 stars

402sentinel Mcpkaditang/402sentinel-mcp

402 Sentinel MCP gives solo builders and agent authors a pre-flight check before honoring x402 payment flows on Base. In…1 stars

A2adependencyinspector Mcpclauxel/a2a-dependency-inspector-mcp

A2A Dependency Inspector MCP is a hosted Clauxel server for builders shipping agent-to-agent (A2A) workflows who must pr…

A2a Governance Bridge Mcp

A2A Governance Bridge is a Model Context Protocol server that exposes governance-oriented tools for multi-agent setups: …

A2aidentitytoll Mcpclauxel/a2a-identity-toll-mcp

A2A Identity Toll MCP is a Clauxel-hosted remote MCP server that acts as an identity and policy toll booth for agent-to-…

Journey fit

Primary fit

Shipping safely includes knowing whether your dependency tree or editor extensions carry published CVEs; TridentChain targets that gate in the Ship phase. Security subphase covers supply-chain and vulnerability checks; a local OSV/NVD-backed scanner fits pre-release and CI-adjacent workflows.

How it compares

Local supply-chain CVE MCP scanner, not a cloud code review skill or infrastructure monitoring dashboard.

Common Questions / FAQ

Who is TridentChain Security for?

Solo builders and small teams using MCP agents who need local vulnerability scanning on dependencies and IDE extensions before shipping.

When should I use TridentChain Security?

Use it in the ship security step when you are cutting a release or hardening a repo and want OSV/NVD CVE coverage without sending lockfiles to a remote scanner.

How do I add TridentChain Security to my agent?

Install the PyPI package tridentchain-mcp (v0.1.4), configure your MCP client to launch it over stdio, and invoke its scan tools from Claude Code, Cursor, or Codex.

TridentChain Security

DevInder1/supply-chain-scanner-public

Scan project dependencies and IDE extensions for known CVEs locally via OSV/NVD before you ship, without uploading your manifest to a cloud scanner.

Overview

TridentChain Security is an MCP server for the Ship phase that locally scans dependencies and IDE extensions for CVEs using OSV and NVD without uploading your project data.

What is this MCP server?

Local CVE scanning using OSV and NVD data sources
Scans application dependencies and IDE extension inventory
No upload of lockfiles or extension lists to a remote service
PyPI package tridentchain-mcp with stdio MCP transport (v0.1.4)
Open-source scanner repo on GitHub (supply-chain-scanner-public)
Version 0.1.4 on PyPI identifier tridentchain-mcp
Data sources OSV and NVD per description
Scans both application dependencies and IDE extensions

Compatible agents: Claude Code, Cursor, Codex, any compatible agent

What problem does it solve?

Before launch you need to know which packages or IDE extensions carry known CVEs, but cloud scanners often require uploading sensitive dependency graphs.

Who is it for?

Indie developers and small teams who want agent-triggered, privacy-preserving supply-chain CVE checks on deps and editor extensions pre-release.

Skip if: Organizations needing signed SBOM governance, license compliance suites, or active runtime intrusion detection—this is local CVE lookup, not full GRC.

What do I get? / Deliverables

After installing tridentchain-mcp and enabling stdio MCP, your agent can run local OSV/NVD-backed scans and act on CVE findings before you ship.

Local CVE findings for dependencies and IDE extensions via MCP tools
No requirement to upload project files to a third-party scan service

Recommended MCP Servers

1Claw Vault1clawAI/1claw-mcp

1Claw Vault exposes a stdio MCP server (@1claw/mcp) that connects AI agents to HSM-backed secret storage with just-in-ti…2 stars

1passwordCakeRepository/1Password-MCP

The 1Password MCP server lets solo builders wire service-account access into Claude Code, Cursor, or other stdio MCP hos…16 stars

402sentinel Mcpkaditang/402sentinel-mcp

402 Sentinel MCP gives solo builders and agent authors a pre-flight check before honoring x402 payment flows on Base. In…1 stars

A2adependencyinspector Mcpclauxel/a2a-dependency-inspector-mcp

A2A Dependency Inspector MCP is a hosted Clauxel server for builders shipping agent-to-agent (A2A) workflows who must pr…

A2a Governance Bridge Mcp

A2A Governance Bridge is a Model Context Protocol server that exposes governance-oriented tools for multi-agent setups: …

A2aidentitytoll Mcpclauxel/a2a-identity-toll-mcp

A2A Identity Toll MCP is a Clauxel-hosted remote MCP server that acts as an identity and policy toll booth for agent-to-…

Journey fit

Primary fit

How it compares

Local supply-chain CVE MCP scanner, not a cloud code review skill or infrastructure monitoring dashboard.

Common Questions / FAQ

Who is TridentChain Security for?

Solo builders and small teams using MCP agents who need local vulnerability scanning on dependencies and IDE extensions before shipping.

When should I use TridentChain Security?

Use it in the ship security step when you are cutting a release or hardening a repo and want OSV/NVD CVE coverage without sending lockfiles to a remote scanner.

How do I add TridentChain Security to my agent?

Install the PyPI package tridentchain-mcp (v0.1.4), configure your MCP client to launch it over stdio, and invoke its scan tools from Claude Code, Cursor, or Codex.

Overview

What is this MCP server?

What problem does it solve?

Who is it for?

What do I get? / Deliverables

Recommended MCP Servers

Journey fit

Who is TridentChain Security for?

When should I use TridentChain Security?

How do I add TridentChain Security to my agent?

This week for builders

Overview

What is this MCP server?

What problem does it solve?

Who is it for?

What do I get? / Deliverables

Recommended MCP Servers

Journey fit

Who is TridentChain Security for?

When should I use TridentChain Security?

How do I add TridentChain Security to my agent?