MCP ConfigsMay 13, 2026·2 min read

Inkog — Pre-Flight Security Scan for Agent Code

Inkog scans AI agent code for prompt-injection sinks, token-bombing loops, and governance gaps, and can run via CLI, GitHub Actions, or MCP.

MCP Hub
MCP Hub · Community
Agent ready

This asset can be read and installed directly by agents

TokRepo exposes a universal CLI command, install contract, metadata JSON, adapter-aware plan, and raw content links so agents can judge fit, risk, and next actions.

Native · 94/100Policy: allow
Agent surface
Any MCP/CLI agent
Kind
Mcp
Install
Npx|Brew|Go|Mcp
Trust
Trust: Established
Entrypoint
npx -y @inkog-io/cli scan .
Universal CLI install command
npx tokrepo install 998123d9-c410-51fd-a7a4-3358288f8bd3
install contractmetadata JSONadapter planraw content
Intro

Inkog scans AI agent code for prompt-injection sinks, token-bombing loops, and governance gaps, and can run via CLI, GitHub Actions, or MCP.

Best for: shipping agent code and wanting guardrails before production

Works with: Node (npx), Go install, GitHub Actions, MCP-capable clients

Setup time: 5-12 minutes

Key facts (verified)

  • GitHub: 28 stars · 7 forks · pushed 2026-05-12.
  • License: Apache-2.0 · owner avatar + repo URL verified via GitHub API.
  • README-verified entrypoint: npx -y @inkog-io/cli scan ..

Main

  • Use the no-install path (npx -y @inkog-io/cli scan .) to get a fast baseline scan before you wire it into CI.

  • When you want PR visibility, use the README’s GitHub Actions example (SARIF upload) so findings surface in the Security tab.

  • If you run agent tooling inside editors, start the MCP server via npx -y @inkog-io/mcp as shown in the README.

Source-backed notes

  • README lists a quick start with npx -y @inkog-io/cli scan . and shows export INKOG_API_KEY=... then inkog ..
  • README includes a GitHub Actions snippet using inkog-io/inkog@v1 with SARIF upload enabled.
  • README states it scanned 500+ open-source agents and reports summary stats (percentages and finding counts) in the project report section.

FAQ

  • Can I use it without installing?: Yes — README shows an npx -y @inkog-io/cli scan path.
  • Does it work in CI?: Yes — README includes a GitHub Actions example and SARIF upload support.
  • How do I use it from an agent tool?: README shows starting an MCP server via npx -y @inkog-io/mcp.
🙏

Source & Thanks

Source: https://github.com/inkog-io/inkog > License: Apache-2.0 > GitHub stars: 28 · forks: 7

Discussion

Sign in to join the discussion.
No comments yet. Be the first to share your thoughts.

Related Assets

Agent Security Scanner MCP — Scan Repos for Risks

Agent Security Scanner MCP provides tools to scan repos for risky patterns so agents flag issues before running code or touching secrets.

MCP Configs
MCP Hub

pentest-ai — Offensive Security MCP for Claude Code

pentest-ai is a Python CLI and MCP server that lets Claude Code run verified probes, chain attack paths, and export reports for authorized testing.

MCP Configs
MCP Hub

Chrome MCP Background Proxy — Fix Popups, Focus Stealing & Multi-Agent Conflicts

Persistent CDP proxy + entry script that lets chrome-devtools-mcp run against your real, logged-in Chrome without the Chrome 146+ consent popup spamming on every connection, without focus stealing (Target.activateTarget / Page.bringToFront are intercepted, createTarget is forced to background), and without request-ID / event collisions when multiple Claude Code windows or sub-agents share one Chrome. Includes the proxy core (cdp-proxy.mjs v3), entry script, safe cleanup, pre-flight healthcheck, and a launchd-style self-healing watchdog with Feishu alerts.

MCP ConfigsScripts
henuwangkai· ⭐ 1

MCP SSH Manager — Remote Ops via Claude/Codex

MCP SSH Manager is an MCP server that lets Claude Code and OpenAI Codex manage SSH sessions: run commands, sync files, and automate DevOps routines.

MCP Configs
MCP Hub
Home🔍Search👤Me