Instant security scores for Chrome extensions, VS Code plugins, npm packages, and MCP servers. Catch permission risks and data leaks before you install.
Paste a Chrome extension ID, VS Code extension, npm package name, or MCP server URL
Four scanner engines, one unified trust score
Analyze permissions and data access
Inspect marketplace extensions
Audit dependencies and scripts
Evaluate Model Context Protocol tools
Three steps to a safer AI stack
Drop in a Chrome extension ID, VS Code plugin name, npm package, or MCP server config.
Permissions, data flows, developer history, privacy policies, and known vulnerabilities — all scored automatically.
A 0–10 score with full breakdown, risk flags, and safer alternatives — so you can decide with confidence.
Whether you're an individual dev or a security team
Vet extensions and packages before installing. Get a quick risk assessment on anything you add to your stack.
Monitor your org's approved tool list. Get alerts when risk profiles change. Export compliance reports.
Team dashboards, API integration for CI/CD, and GitHub Actions to block risky tools before they ship.
No credit card required. Scan up to 10 tools per day on the free plan. Upgrade anytime for unlimited scans and team features.