MCP.so
登录
H

Hound Mcp

@tiluckdave

关于 Hound Mcp

The dependency bloodhound for AI coding agents.

基本信息

分类

其他

传输方式

stdio

发布者

tiluckdave

提交者

Tilak Dave

配置

使用下面的配置,将此服务器添加到你的 MCP 客户端。

{
  "mcpServers": {
    "hound": {
      "command": "npx",
      "args": [
        "-y",
        "hound-mcp"
      ]
    }
  }
}

工具

11

0–100 Hound Score (vulns + scorecard + recency + license) with letter grade

Side-by-side comparison of two packages with a recommendation

GO / CAUTION / NO-GO verdict before installing a package

Find the minimum safe version upgrade that resolves all known vulns

Scan a lockfile for license compliance against a policy

All known vulnerabilities for a package version, grouped by severity

Full package profile — license, vulns, scorecard, stars, dep count

Full resolved dependency tree with transitive deps

Detect typosquatting variants of a package name

Full advisory details by GHSA, CVE, or OSV ID

Scan popular packages for known vulnerabilities

概览

What is Hound MCP?

Hound MCP is a dependency security scanner built specifically for AI coding agents. It checks for vulnerabilities, licenses, typosquatting, and audits dependency trees across seven ecosystems (npm, PyPI, Go, Cargo, Maven, NuGet, RubyGems) using free, unauthenticated public APIs (deps.dev and OSV). It requires zero configuration, zero API keys, and zero cost.

How to use Hound MCP?

Install and configure Hound MCP as a stdio MCP server. For Claude Code, run claude mcp add hound -- npx -y hound-mcp. For Claude Desktop, Cursor, Windsurf, or VS Code (Copilot), add a JSON entry to the respective MCP config file pointing to npx -y hound-mcp. After setup, invoke its 12 tools (e.g., hound_audit, hound_preinstall) or its 3 built-in prompts (security_audit, package_evaluation, pre_release_check) directly from your AI client.

Key features of Hound MCP

  • Scans lockfiles for vulnerabilities across all dependencies
  • Provides 0–100 Hound Score with letter grade
  • Side-by-side comparison of two packages with recommendation
  • Pre-installation verdict: GO, CAUTION, or NO-GO
  • Finds minimum safe version upgrade that resolves known vulns
  • Detects typosquatting variants of a package name
  • Supports npm, PyPI, Go, Maven, Cargo, NuGet, RubyGems

Use cases of Hound MCP

  • Scanning a lockfile diff before merging a PR to catch new vulnerabilities
  • Auditing an inherited codebase with hound_audit for a full report
  • Checking a package before adding it using hound_preinstall for a verdict
  • Running hound_license_check to ensure no GPL/AGPL packages in a commercial project
  • Using a security audit as part of every release check in CI

FAQ from Hound MCP

How does Hound MCP work without API keys or accounts?

It uses two fully free, unauthenticated public APIs: deps.dev (Google Open Source Insights) and OSV (Google Open Source Vulnerabilities).

What ecosystems does Hound MCP support?

npm, PyPI, Go, Cargo, Maven, NuGet, and RubyGems.

How do I install and configure Hound MCP?

Use npx -y hound-mcp as the command in your MCP config file, or for Claude Code run claude mcp add hound -- npx -y hound-mcp. Config file locations are provided for Claude Desktop, Cursor, and Windsurf.

Does Hound MCP require any dependencies or runtime?

It requires Node.js and runs via npx. No other dependencies, API keys, or accounts are needed.

What tools does Hound MCP offer?

12 tools including hound_audit, hound_score, hound_compare, hound_preinstall, hound_upgrade, hound_license_check, hound_vulns, hound_inspect, hound_tree, hound_typosquat, hound_advisories, and hound_popular.

评论

其他 分类下的更多 MCP 服务器