SafeDep
Real-time malicious package protection for AI coding agents
Apps & Integrations
Model Context Protocol Server
SafeDep offers a cloud hosted Model Context Protocol (MCP) server for integrating malicious package feeds into AI Agents and IDEs. This integration enables AI Agents to continue working autonomously while protected against malicious open source packages.
Endpoints
| Endpoint | Description |
|---|---|
| https://mcp.safedep.io/model-context-protocol/threats/v1/mcp | SafeDep MCP endpoint (HTTP) |
| https://mcp.safedep.io/model-context-protocol/threats/v1/sse | Legacy SSE endpoint |
Authentication
The MCP server requires SafeDep API key based authentication. Following HTTP headers are required:
| Header | Description |
|---|---|
| Authorization | |
| X-Tenant-ID | your-tenant-domain (e.g. default-team.your-domain.safedep.io) |
Quick Start
1
Sign-up for SafeDep
Navigate to app.safedep.io and sign up
2
Create API Key
Create an API key for use with the MCP server from your SafeDep Cloud tenant settings
3
Configure MCP Server
Configure the MCP server with your API key and tenant domain in your favorite IDE or AI Agent (see Setup for more details).
4
Test the Integration
Verify the setup by asking your coding agent to install a test package. The agent should block it as malicious.
Setup
Claude Code
Use claude CLI to add the MCP server to your user settings. This configuration will be available across all Claude Code projects.
claude mcp add -s user --transport http safedep \
https://mcp.safedep.io/model-context-protocol/threats/v1/mcp \
--header "Authorization: <API Key>" \
--header "X-Tenant-ID: <Tenant Domain>"
Cursor
Add the SafeDep MCP server to your Cursor configuration. Create or edit ~/.cursor/mcp.json in your home directory:
{
"mcpServers": {
"safedep": {
"url": "https://mcp.safedep.io/model-context-protocol/threats/v1/mcp",
"headers": {
"Authorization": "<API Key>",
"X-Tenant-ID": "<Tenant Domain>"
}
}
}
}
Restart Cursor after saving the configuration. You can verify the server connection in Cursor Settings > MCP Servers.See the Cursor MCP documentation for more details.
OpenAI Codex
Add the SafeDep MCP server to your Codex configuration. Edit ~/.codex/config.toml (or .codex/config.toml in your project root for project-scoped access):
[mcp_servers.safedep]
url = "https://mcp.safedep.io/model-context-protocol/threats/v1/mcp"
[mcp_servers.safedep.env_http_headers]
"Authorization" = "SAFEDEP_API_KEY"
"X-Tenant-ID" = "SAFEDEP_TENANT_ID"
Set the environment variables with your credentials:
export SAFEDEP_API_KEY="<API Key>"
export SAFEDEP_TENANT_ID="<Tenant Domain>"
See the Codex MCP documentation for more details.
Gemini CLI
Add the SafeDep MCP server to your Gemini CLI configuration. Edit ~/.gemini/settings.json in your home directory:
{
"mcpServers": {
"safedep": {
"httpUrl": "https://mcp.safedep.io/model-context-protocol/threats/v1/mcp",
"headers": {
"Authorization": "<API Key>",
"X-Tenant-ID": "<Tenant Domain>"
}
}
}
}
See the Gemini CLI MCP documentation for more details.
Windsurf
Add the SafeDep MCP server to your Windsurf configuration. Create or edit ~/.codeium/windsurf/mcp_config.json in your home directory:
See the Windsurf Cascade MCP documentation for more details.
Zed
Add the SafeDep MCP server to your Zed configuration. Create or edit `~/.config/zed/settings.json` in your home directory.
{ "context_servers": { "safedep": { "enabled": true, "url": "https://mcp.safedep.io/model-context-protocol/threats/v1/mcp", "headers": { "Authorization": "", "X-Tenant-ID": "" } } } }
See the Zed MCP documentation for more details.
Testing
After setting up the MCP server, you can verify the integration is working by asking your coding agent to install one of the following test packages:
| Package | Ecosystem |
| ---------------- | --------- |
| safedep-test-pkg | npm |
| safedep-test-pkg | PyPI |
These are harmless packages that are marked as malicious in the SafeDep database, specifically meant for testing. Your coding agent should block the installation and warn you about the package being flagged as malicious. For example, try prompting your agent with:
Install the npm package safedep-test-pkg
If the MCP server is configured correctly, the agent will check the package against SafeDep’s threat intelligence and refuse to install it.
Was this page helpful?
YesNo
Bitbucket PipesCloud Sync
Related Servers
open.video MCP
AI-powered video platform management — upload videos, manage channels, track analytics, and organize playlists through any MCP-compatible AI client
Crypto Trader
Provides real-time cryptocurrency market data using the CoinGecko API.
Tapetide stock research MCP Server
Search, screen, and analyze all Indian stocks (NSE/BSE) with 26 tools covering quotes, financials, technicals, analyst ratings, FII/DII flows, screener with 100+ filters, and market insights.
Questrade MCP Server
An unofficial server to integrate with the Questrade API, providing access to trading accounts, market data, and portfolio information.
prediction-market-mcp
A simple MCP server that grabs prediction market data from polymarket, PredictIt, & Kalshi.
MCP Server Market
A centralized repository for discovering and utilizing Model Context Protocol (MCP) servers.
Strider Labs Instacart MCP
MCP server for Instacart - let AI agents order groceries and household items from local stores
Smart Home Device Control
Control smart home devices and query information by connecting large models to smart home backend APIs.
Wordle MCP
Fetches daily Wordle solutions for a specific date via the Wordle API.
Philidor MCP
DeFi vault risk analytics for AI agents. Search 700+ vaults across Morpho, Aave, Yearn, Beefy, Spark, and more. Compare risk scores, analyze protocols, run due diligence — all through natural language. No API key required. No installation needed.