SafeDep
Real-time malicious package protection for AI coding agents
Documentation Index
Fetch the complete documentation index at: https://docs.safedep.io/llms.txt Use this file to discover all available pages before exploring further.
Model Context Protocol Server
SafeDep cloud hosted MCP server
SafeDep offers a cloud hosted Model Context Protocol (MCP) server for integrating malicious package feeds into AI Agents and IDEs. This integration enables AI Agents to continue working autonomously while protected against malicious open source packages.
Endpoints
| Endpoint | Description |
|---|---|
https://mcp.safedep.io/model-context-protocol/threats/v1/mcp | SafeDep MCP endpoint (HTTP) |
https://mcp.safedep.io/model-context-protocol/threats/v1/sse | Legacy SSE endpoint |
Authentication
The MCP server requires SafeDep API key based authentication. Following HTTP headers are required:
| Header | Description |
|---|---|
Authorization | <API Key> |
X-Tenant-ID | your-tenant-domain (e.g. default-team.your-domain.safedep.io) |
Quick Start
Navigate to [app.safedep.io](https://app.safedep.io/) and sign up Create an API key for use with the MCP server from your SafeDep Cloud [tenant settings](https://app.safedep.io/settings/api-keys) Configure the MCP server with your API key and tenant domain in your favorite IDE or AI Agent (see [Setup](#setup) for more details). Verify the setup by asking your coding agent to install a [test package](#testing). The agent should block it as malicious.Setup
Use `claude` CLI to add the MCP server to your user settings. This configuration will be available across all Claude Code projects.```bash theme={null}
claude mcp add -s user --transport http safedep \
https://mcp.safedep.io/model-context-protocol/threats/v1/mcp \
--header "Authorization: <API Key>" \
--header "X-Tenant-ID: <Tenant Domain>"
```
```json theme={null}
{
"mcpServers": {
"safedep": {
"url": "https://mcp.safedep.io/model-context-protocol/threats/v1/mcp",
"headers": {
"Authorization": "<API Key>",
"X-Tenant-ID": "<Tenant Domain>"
}
}
}
}
```
Restart Cursor after saving the configuration. You can verify the server connection in **Cursor Settings > MCP Servers**.
See the [Cursor MCP documentation](https://cursor.com/docs/context/mcp) for more details.
```toml theme={null}
[mcp_servers.safedep]
url = "https://mcp.safedep.io/model-context-protocol/threats/v1/mcp"
[mcp_servers.safedep.env_http_headers]
"Authorization" = "SAFEDEP_API_KEY"
"X-Tenant-ID" = "SAFEDEP_TENANT_ID"
```
Set the environment variables with your credentials:
```bash theme={null}
export SAFEDEP_API_KEY="<API Key>"
export SAFEDEP_TENANT_ID="<Tenant Domain>"
```
See the [Codex MCP documentation](https://developers.openai.com/codex/mcp) for more details.
```json theme={null}
{
"mcpServers": {
"safedep": {
"httpUrl": "https://mcp.safedep.io/model-context-protocol/threats/v1/mcp",
"headers": {
"Authorization": "<API Key>",
"X-Tenant-ID": "<Tenant Domain>"
}
}
}
}
```
See the [Gemini CLI MCP documentation](https://geminicli.com/docs/tools/mcp-server/) for more details.
```json theme={null}
{
"mcpServers": {
"safedep": {
"url": "https://mcp.safedep.io/model-context-protocol/threats/v1/mcp",
"headers": {
"Authorization": "<API Key>",
"X-Tenant-ID": "<Tenant Domain>"
}
}
}
}
```
See the [Windsurf Cascade MCP documentation](https://docs.windsurf.com/windsurf/cascade/mcp) for more details.
```json theme={null}
{
"context_servers": {
"safedep": {
"enabled": true,
"url": "https://mcp.safedep.io/model-context-protocol/threats/v1/mcp",
"headers": {
"Authorization": "<API Key>",
"X-Tenant-ID": "<Tenant Domain>"
}
}
}
}
```
See the [Zed MCP documentation](https://zed.dev/docs/ai/mcp) for more details.
Testing
After setting up the MCP server, you can verify the integration is working by asking your coding agent to install one of the following test packages:
| Package | Ecosystem |
|---|---|
safedep-test-pkg | npm |
safedep-test-pkg | PyPI |
These are harmless packages that are marked as malicious in the SafeDep database, specifically meant for testing. Your coding agent should block the installation and warn you about the package being flagged as malicious.
For example, try prompting your agent with:
Install the npm package safedep-test-pkg
If the MCP server is configured correctly, the agent will check the package against SafeDep's threat intelligence and refuse to install it.
संबंधित सर्वर
Google Analytics 4 MCP
Connect GA4 to Claude or ChatGPT via Two Minute Reports MCP. Track New Users, Sessions, and Signups to improve website performance.
Nefesh Human State
Fuses biometric signals into a stress score (0-100) for real-time AI adaptation. MCP + A2A native.
OctoEverywhere For 3D Printing
A 3D Printing MCP server that allows for querying for live state, webcam snapshots, and 3D printer control.
Refgrow MCP Server
MCP server for managing affiliate and referral programs. Track referrals, manage affiliates, process conversions, and handle payouts through AI assistants.
SpeedOf.Me Speed Test MCP
Official SpeedOf.Me server for AI agents - accurate speed tests via 129 global edge servers with analytics dashboard.
root-mcp
MCP server for ROOT CERN files
Overseerr
Interact with the Overseerr API to manage movie and TV show requests.
mcp-fns-check
MCP-сервер для проверки российских контрагентов (юридические лица и ИП) через публичные данные ФНС: ЕГРЮЛ/ЕГРИП, ЕФРСБ, «Прозрачный бизнес», ФССП, КАД.
Ecovacs Robot Control
Control and query the status of Ecovacs cleaning robots using the MCP protocol.
Image
Fetch and process images from URLs, local file paths, and numpy arrays, returning them as base64-encoded strings.