Inkog

Name: Inkog
Author: inkog-io

inkog-io/inkog-mcp

Audit MCP servers and agent configs for vulnerabilities before you wire them into Claude Code or Cursor.

Overview

Inkog is a Ship-phase MCP server that scans AI agents and MCP servers for security vulnerabilities before you install them.

What is this MCP server?

Scans AI agents and MCP server definitions for known security weaknesses
Designed for audit-before-install workflow on third-party MCP packages
stdio npm package @inkog-io/mcp (v1.0.5) with INKOG_API_KEY auth
Free tier available at app.inkog.io for solo builders testing new servers
Complements manual README review with automated vulnerability signals
Server schema version 1.0.5
stdio transport via npm package @inkog-io/mcp
Requires secret INKOG_API_KEY (free tier noted in registry metadata)

Compatible agents: Claude Code, Cursor, Codex, any compatible agent

Community signal: 2 GitHub stars.

What problem does it solve?

You cannot safely trust every MCP listing without a fast, agent-driven security check before it gets API keys and shell access.

Who is it for?

Indie builders who add new MCP servers weekly and want a repeatable pre-install security pass from inside the agent.

Skip if: Teams that only use first-party, internally authored MCP servers with no third-party registry risk.

What do I get? / Deliverables

You get vulnerability-oriented scan results on agents and MCP packages so you can reject or harden integrations before registration.

Security scan output for target agents or MCP server definitions
Documented risk context to support install or block decisions

Recommended MCP Servers

1Claw Vault1clawAI/1claw-mcp

1Claw Vault exposes a stdio MCP server (@1claw/mcp) that connects AI agents to HSM-backed secret storage with just-in-ti…2 stars

1passwordCakeRepository/1Password-MCP

The 1Password MCP server lets solo builders wire service-account access into Claude Code, Cursor, or other stdio MCP hos…16 stars

402sentinel Mcpkaditang/402sentinel-mcp

402 Sentinel MCP gives solo builders and agent authors a pre-flight check before honoring x402 payment flows on Base. In…1 stars

A2adependencyinspector Mcpclauxel/a2a-dependency-inspector-mcp

A2A Dependency Inspector MCP is a hosted Clauxel server for builders shipping agent-to-agent (A2A) workflows who must pr…

A2a Governance Bridge Mcp

A2A Governance Bridge is a Model Context Protocol server that exposes governance-oriented tools for multi-agent setups: …

A2aidentitytoll Mcpclauxel/a2a-identity-toll-mcp

A2A Identity Toll MCP is a Clauxel-hosted remote MCP server that acts as an identity and policy toll booth for agent-to-…

Journey fit

Primary fit

Security vetting belongs in Ship when you are about to grant tools filesystem, network, and secret access to your coding agent. Pre-install MCP audits reduce supply-chain and prompt-injection risk before those integrations land in your daily build loop.

How it compares

MCP-backed security scanner, not a general code-review or SAST skill inside the repo.

Common Questions / FAQ

Who is Inkog MCP for?

Solo and small teams shipping with coding agents who install third-party MCP servers and want automated vulnerability checks before connect.

When should I use Inkog MCP?

Use it during Ship security review whenever you evaluate a new MCP server, agent plugin bundle, or after upgrading an existing MCP package.

How do I add Inkog MCP to my agent?

Install @inkog-io/mcp from npm, set INKOG_API_KEY from https://app.inkog.io, and register the stdio server in Claude Code, Cursor, or Codex MCP settings.

Inkog

inkog-io/inkog-mcp

Audit MCP servers and agent configs for vulnerabilities before you wire them into Claude Code or Cursor.

Overview

Inkog is a Ship-phase MCP server that scans AI agents and MCP servers for security vulnerabilities before you install them.

What is this MCP server?

Scans AI agents and MCP server definitions for known security weaknesses
Designed for audit-before-install workflow on third-party MCP packages
stdio npm package @inkog-io/mcp (v1.0.5) with INKOG_API_KEY auth
Free tier available at app.inkog.io for solo builders testing new servers
Complements manual README review with automated vulnerability signals
Server schema version 1.0.5
stdio transport via npm package @inkog-io/mcp
Requires secret INKOG_API_KEY (free tier noted in registry metadata)

Compatible agents: Claude Code, Cursor, Codex, any compatible agent

Community signal: 2 GitHub stars.

What problem does it solve?

You cannot safely trust every MCP listing without a fast, agent-driven security check before it gets API keys and shell access.

Who is it for?

Indie builders who add new MCP servers weekly and want a repeatable pre-install security pass from inside the agent.

Skip if: Teams that only use first-party, internally authored MCP servers with no third-party registry risk.

What do I get? / Deliverables

You get vulnerability-oriented scan results on agents and MCP packages so you can reject or harden integrations before registration.

Security scan output for target agents or MCP server definitions
Documented risk context to support install or block decisions

Recommended MCP Servers

1Claw Vault1clawAI/1claw-mcp

1Claw Vault exposes a stdio MCP server (@1claw/mcp) that connects AI agents to HSM-backed secret storage with just-in-ti…2 stars

1passwordCakeRepository/1Password-MCP

The 1Password MCP server lets solo builders wire service-account access into Claude Code, Cursor, or other stdio MCP hos…16 stars

402sentinel Mcpkaditang/402sentinel-mcp

402 Sentinel MCP gives solo builders and agent authors a pre-flight check before honoring x402 payment flows on Base. In…1 stars

A2adependencyinspector Mcpclauxel/a2a-dependency-inspector-mcp

A2A Dependency Inspector MCP is a hosted Clauxel server for builders shipping agent-to-agent (A2A) workflows who must pr…

A2a Governance Bridge Mcp

A2A Governance Bridge is a Model Context Protocol server that exposes governance-oriented tools for multi-agent setups: …

A2aidentitytoll Mcpclauxel/a2a-identity-toll-mcp

A2A Identity Toll MCP is a Clauxel-hosted remote MCP server that acts as an identity and policy toll booth for agent-to-…

Journey fit

Primary fit

How it compares

MCP-backed security scanner, not a general code-review or SAST skill inside the repo.

Common Questions / FAQ

Who is Inkog MCP for?

Solo and small teams shipping with coding agents who install third-party MCP servers and want automated vulnerability checks before connect.

When should I use Inkog MCP?

Use it during Ship security review whenever you evaluate a new MCP server, agent plugin bundle, or after upgrading an existing MCP package.

How do I add Inkog MCP to my agent?

Install @inkog-io/mcp from npm, set INKOG_API_KEY from https://app.inkog.io, and register the stdio server in Claude Code, Cursor, or Codex MCP settings.

Overview

What is this MCP server?

What problem does it solve?

Who is it for?

What do I get? / Deliverables

Recommended MCP Servers

Journey fit

Who is Inkog MCP for?

When should I use Inkog MCP?

How do I add Inkog MCP to my agent?

This week for builders

Overview

What is this MCP server?

What problem does it solve?

Who is it for?

What do I get? / Deliverables

Recommended MCP Servers

Journey fit

Who is Inkog MCP for?

When should I use Inkog MCP?

How do I add Inkog MCP to my agent?