Hound Mcp
@tiluckdave
About Hound Mcp
The dependency bloodhound for AI coding agents.
Basic information
Config
Add this server to your MCP-compatible client using the configuration below.
{
"mcpServers": {
"hound": {
"command": "npx",
"args": [
"-y",
"hound-mcp"
]
}
}
}Tools
110–100 Hound Score (vulns + scorecard + recency + license) with letter grade
Side-by-side comparison of two packages with a recommendation
GO / CAUTION / NO-GO verdict before installing a package
Find the minimum safe version upgrade that resolves all known vulns
Scan a lockfile for license compliance against a policy
All known vulnerabilities for a package version, grouped by severity
Full package profile — license, vulns, scorecard, stars, dep count
Full resolved dependency tree with transitive deps
Detect typosquatting variants of a package name
Full advisory details by GHSA, CVE, or OSV ID
Scan popular packages for known vulnerabilities
Overview
What is Hound MCP?
Hound MCP is a dependency security scanner built specifically for AI coding agents. It checks for vulnerabilities, licenses, typosquatting, and audits dependency trees across seven ecosystems (npm, PyPI, Go, Cargo, Maven, NuGet, RubyGems) using free, unauthenticated public APIs (deps.dev and OSV). It requires zero configuration, zero API keys, and zero cost.
How to use Hound MCP?
Install and configure Hound MCP as a stdio MCP server. For Claude Code, run claude mcp add hound -- npx -y hound-mcp. For Claude Desktop, Cursor, Windsurf, or VS Code (Copilot), add a JSON entry to the respective MCP config file pointing to npx -y hound-mcp. After setup, invoke its 12 tools (e.g., hound_audit, hound_preinstall) or its 3 built-in prompts (security_audit, package_evaluation, pre_release_check) directly from your AI client.
Key features of Hound MCP
- Scans lockfiles for vulnerabilities across all dependencies
- Provides 0–100 Hound Score with letter grade
- Side-by-side comparison of two packages with recommendation
- Pre-installation verdict: GO, CAUTION, or NO-GO
- Finds minimum safe version upgrade that resolves known vulns
- Detects typosquatting variants of a package name
- Supports npm, PyPI, Go, Maven, Cargo, NuGet, RubyGems
Use cases of Hound MCP
- Scanning a lockfile diff before merging a PR to catch new vulnerabilities
- Auditing an inherited codebase with
hound_auditfor a full report - Checking a package before adding it using
hound_preinstallfor a verdict - Running
hound_license_checkto ensure no GPL/AGPL packages in a commercial project - Using a security audit as part of every release check in CI
FAQ from Hound MCP
How does Hound MCP work without API keys or accounts?
It uses two fully free, unauthenticated public APIs: deps.dev (Google Open Source Insights) and OSV (Google Open Source Vulnerabilities).
What ecosystems does Hound MCP support?
npm, PyPI, Go, Cargo, Maven, NuGet, and RubyGems.
How do I install and configure Hound MCP?
Use npx -y hound-mcp as the command in your MCP config file, or for Claude Code run claude mcp add hound -- npx -y hound-mcp. Config file locations are provided for Claude Desktop, Cursor, and Windsurf.
Does Hound MCP require any dependencies or runtime?
It requires Node.js and runs via npx. No other dependencies, API keys, or accounts are needed.
What tools does Hound MCP offer?
12 tools including hound_audit, hound_score, hound_compare, hound_preinstall, hound_upgrade, hound_license_check, hound_vulns, hound_inspect, hound_tree, hound_typosquat, hound_advisories, and hound_popular.
More Other MCP servers
Mcp
browsermcpBrowser MCP is a Model Context Provider (MCP) server that allows AI applications to control your browser

EverArt
modelcontextprotocolModel Context Protocol Servers
Awesome-MCP-ZH
yzflyMCP 资源精选, MCP指南,Claude MCP,MCP Servers, MCP Clients
XcodeBuildMCP
cameroncookeA Model Context Protocol (MCP) server and CLI that provides tools for agent use when working on iOS and macOS projects.
ICSS
chokcoco不止于 CSS
Comments