Skip to main content
MCP Advisor lists the packages your AI coding agents checked through the SafeDep MCP server and the verdict each one got. Once the MCP server is set up, SafeDep records an advisory each time an agent vets a package, with no extra configuration.
MCP Advisor is a SafeDep Cloud feature and requires endpoint sync. If your endpoint has no Advisor tab, it is not enabled for your tenant yet. Contact the SafeDep team to join early access.

Prerequisites

The SafeDep CLI is the fastest way to configure the MCP server: npx @safedep/cli setup mcp install.

View advisories

1

Open Endpoint Hub

Go to app.safedep.io and select Endpoint Hub in the sidebar.
2

Pick an endpoint

Choose the endpoint from the list.
3

Open the Advisor tab

Select the Advisor tab to see that endpoint’s advisories.
The tab shows summary counts, then the advisory list.

Summary counts

CardCounts
AdvisoriesAll advisories for this endpoint
MaliciousPackages flagged as malicious
SuspiciousPackages showing suspicious signals
VulnerablePackages with known vulnerabilities
CleanPackages that came back safe
Last advisoryWhen the most recent advisory was recorded

Advisory list

Each row is one package an agent asked about:
ColumnDescription
PackageName, version, and ecosystem
VerdictThe verdict SafeDep returned (see Verdicts)
AgentThe AI coding agent that asked
AnalysedWhen the advisory was recorded
Filter by verdict or date range, for example only Malicious results in the last week. Select a row to see the package, the verdict, the MCP call, and the source endpoint.

Verdicts

VerdictMeaning
SafeNo known security issues
SuspiciousSignals suggest the package may be risky
MaliciousConfirmed malicious by SafeDep
VulnerableHas one or more known vulnerabilities
Newly registeredPublished very recently, a common trait of malicious packages
UnknownNot enough information to classify it

SafeDep MCP Server

Configure the MCP server that produces these advisories.

Endpoint Hub

Browse all the views available for your endpoints.

Package Guard

See package installs captured by PMG on each endpoint.

Endpoint

What an endpoint is and what it reports.