Is Inkog — Pre-Flight Security Scan for Agent Code free to use?

Yes. Inkog — Pre-Flight Security Scan for Agent Code is freely available on TokRepo. Check the Source & Thanks section on the asset page for the specific open-source license.

How do I install Inkog — Pre-Flight Security Scan for Agent Code?

Visit the asset page on TokRepo and click "Copy for agent" to get the installation instructions. Most assets can be installed with a single command.

MCP Configs2026年5月13日·1 分钟阅读

Inkog — Pre-Flight Security Scan for Agent Code

Name: Inkog — Pre-Flight Security Scan for Agent Code
Author: MCP Hub

Inkog scans AI agent code for prompt-injection sinks, token-bombing loops, and governance gaps, and can run via CLI, GitHub Actions, or MCP.

MCP Hub · Community

Agent 就绪

这个资产可以被 Agent 直接读取和安装

TokRepo 同时提供通用 CLI 命令、安装契约、metadata JSON、按适配器生成的安装计划和原始内容链接，方便 Agent 判断适配度、风险和下一步动作。

Native · 94/100策略：允许

Agent 入口

任意 MCP/CLI Agent

类型

Mcp

安装

Npx|Brew|Go|Mcp

信任

信任等级：Established

入口

npx -y @inkog-io/cli scan .

通用 CLI 安装命令

npx tokrepo install 998123d9-c410-51fd-a7a4-3358288f8bd3

安装契约元数据 JSON 适配计划原始内容

介绍

Inkog 是面向 AI agent 代码的静态分析工具，可识别 prompt 注入“落点”、token 轰炸循环与治理缺口，并支持 CLI、GitHub Actions 与 MCP server 方式接入。

Best for: 要上线 agent 代码、希望先做安全兜底的人

Works with: Node（npx）、Go 安装、GitHub Actions、MCP 客户端

Setup time: 5-12 minutes

Key facts (verified)

GitHub：28 stars · 7 forks；最近更新 2026-05-12。
许可证：Apache-2.0；作者头像与仓库链接均已通过 GitHub API 复核。
README 中核对过的入口命令：npx -y @inkog-io/cli scan .。

Main

先用免安装方式（npx -y @inkog-io/cli scan .）跑一遍基线扫描，再逐步接入 CI。
需要在 PR 里可视化时，按 README 的 GitHub Actions 示例（SARIF 上传）把告警写进 Security tab。
在编辑器/agent 工具里接入时，按 README 用 npx -y @inkog-io/mcp 启动 MCP server。

Source-backed notes

README 给出 quick start：npx -y @inkog-io/cli scan .，以及 export INKOG_API_KEY=... 后执行 inkog .。
README 包含 GitHub Actions 示例：inkog-io/inkog@v1 并开启 SARIF 上传。
README 在报告章节写明扫描了 500+ 开源 agent，并给出比例与总发现数等统计。

FAQ

不安装也能用吗？：能。README 给出 npx -y @inkog-io/cli 的扫描方式。
能接 CI 吗？：能。README 提供 GitHub Actions 示例并支持 SARIF 上传。
如何在 agent 工具里使用？：README 展示了用 npx -y @inkog-io/mcp 启动 MCP server。

🙏

来源与感谢

Source: https://github.com/inkog-io/inkog > License: Apache-2.0 > GitHub stars: 28 · forks: 7

讨论

登录后参与讨论。

还没有评论，来写第一条吧。

相关资产

Agent Security Scanner MCP — Scan Repos for Risks

Agent Security Scanner MCP provides tools to scan repos for risky patterns so agents flag issues before running code or touching secrets.

MCP Configs

MCP Hub

pentest-ai — Offensive Security MCP for Claude Code

pentest-ai is a Python CLI and MCP server that lets Claude Code run verified probes, chain attack paths, and export reports for authorized testing.

MCP Configs

MCP Hub

Chrome MCP Background Proxy — Fix Popups, Focus Stealing & Multi-Agent Conflicts

Persistent CDP proxy + entry script that lets chrome-devtools-mcp run against your real, logged-in Chrome without the Chrome 146+ consent popup spamming on every connection, without focus stealing (Target.activateTarget / Page.bringToFront are intercepted, createTarget is forced to background), and without request-ID / event collisions when multiple Claude Code windows or sub-agents share one Chrome. Includes the proxy core (cdp-proxy.mjs v3), entry script, safe cleanup, pre-flight healthcheck, and a launchd-style self-healing watchdog with Feishu alerts.

MCP ConfigsScripts

henuwangkai· ⭐ 1

MCP SSH Manager — Remote Ops via Claude/Codex

MCP SSH Manager is an MCP server that lets Claude Code and OpenAI Codex manage SSH sessions: run commands, sync files, and automate DevOps routines.

MCP Configs

MCP Hub

◈首页 🔍搜索 👤我的