Supply-chain attack scanner for the agent era. Triage in 30s with `npx patient-zero`, block malicious installs before postinstall runs, or drop into CI as a GitHub Action. Covers npm + Python + MCP agent configs. Free, MIT, no signup, no telemetry.
Drift inferred · capture-to-capture
No drift recorded — single capability capture; advisories appear once its surface changes.
transport — counts 0 tools · 0 res
· 0 prompts
permission surface via README inference
no tools enumerated yet for this server.
evidence-backed
findings quoted directly from the published source artifact — not inferred
This server hasn't been statically analyzed yet (npm/PyPI artifacts only).