Labsco
google-gemini logo

SafeDep

โœ“ Official

from google-gemini

Real-time malicious package protection for AI coding agents

๐Ÿ”ฅ๐Ÿ”ฅ๐Ÿ”ฅ๐Ÿ”ฅโœ“ VerifiedAccount requiredQuick setup

SafeDep MCP Server

Protect your AI coding agents against malicious packages using SafeDep MCP

The SafeDep CLI is the fastest way to get started. One command signs you in, sets up your API key, and configures SafeDep in every AI coding agent it finds on your machine. To configure things manually, see Manual Setup .

SafeDep monitors npm, PyPI, and other package registries in real time. It stays invisible when packages are safe and surfaces only when it blocks something dangerous.

SafeDep MCP has a free tier. See pricing for details.

Endpoints

Endpoint Description https://mcp.safedep.io/model-context-protocol/threats/v1/mcp SafeDep MCP endpoint (HTTP) https://mcp.safedep.io/model-context-protocol/threats/v1/sse Legacy SSE endpoint

Authentication

The MCP server requires API key authentication. The following HTTP headers are required:

Header Description Authorization <API Key> X-Tenant-ID your-tenant-domain (e.g. default-team.your-domain.safedep.io)

Your tenant domain is shown in SafeDep Cloud settings after you sign in.

Testing

After setup, verify the integration by asking your coding agent to install one of the following test packages:

Package Ecosystem safedep-test-pkg npm safedep-test-pkg PyPI

These packages are harmless but are marked as malicious in the SafeDep database for testing purposes. Your coding agent should block the installation and warn that the package is flagged.

For example, try prompting your agent with:

Copy & paste โ€” that's it
Install the npm package safedep-test-pkg

If the MCP server is configured correctly, the agent will check the package against SafeDep's threat intelligence and refuse to install it.