Cette page est affichée en anglais. Une traduction française est en cours.
MCP ConfigsMay 13, 2026·2 min de lecture

Inkog — Pre-Flight Security Scan for Agent Code

Inkog scans AI agent code for prompt-injection sinks, token-bombing loops, and governance gaps, and can run via CLI, GitHub Actions, or MCP.

MCP Hub
MCP Hub · Community
Prêt pour agents

Staging sûr pour cet actif

Cet actif est d'abord staged. Le prompt copié demande à l'agent d'inspecter les fichiers staged avant d'activer scripts, config MCP ou config globale.

Stage only · 17/100Policy : staging
Surface agent
Tout agent MCP/CLI
Type
Mcp Config
Installation
Stage only
Confiance
Confiance : Established
Point d'entrée
Asset
Commande de staging sûr
npx -y tokrepo@latest install 998123d9-c410-51fd-a7a4-3358288f8bd3 --target codex

Stage les fichiers d'abord; l'activation exige la revue du README et du plan staged.

Introduction

Inkog scans AI agent code for prompt-injection sinks, token-bombing loops, and governance gaps, and can run via CLI, GitHub Actions, or MCP.

Best for: shipping agent code and wanting guardrails before production

Works with: Node (npx), Go install, GitHub Actions, MCP-capable clients

Setup time: 5-12 minutes

Key facts (verified)

  • GitHub: 28 stars · 7 forks · pushed 2026-05-12.
  • License: Apache-2.0 · owner avatar + repo URL verified via GitHub API.
  • README-verified entrypoint: npx -y @inkog-io/cli scan ..

Main

  • Use the no-install path (npx -y @inkog-io/cli scan .) to get a fast baseline scan before you wire it into CI.

  • When you want PR visibility, use the README’s GitHub Actions example (SARIF upload) so findings surface in the Security tab.

  • If you run agent tooling inside editors, start the MCP server via npx -y @inkog-io/mcp as shown in the README.

Source-backed notes

  • README lists a quick start with npx -y @inkog-io/cli scan . and shows export INKOG_API_KEY=... then inkog ..
  • README includes a GitHub Actions snippet using inkog-io/inkog@v1 with SARIF upload enabled.
  • README states it scanned 500+ open-source agents and reports summary stats (percentages and finding counts) in the project report section.

FAQ

  • Can I use it without installing?: Yes — README shows an npx -y @inkog-io/cli scan path.
  • Does it work in CI?: Yes — README includes a GitHub Actions example and SARIF upload support.
  • How do I use it from an agent tool?: README shows starting an MCP server via npx -y @inkog-io/mcp.
🙏

Source et remerciements

Source: https://github.com/inkog-io/inkog > License: Apache-2.0 > GitHub stars: 28 · forks: 7

Fil de discussion

Connectez-vous pour rejoindre la discussion.
Aucun commentaire pour l'instant. Soyez le premier à partager votre avis.

Actifs similaires