$ timeahead.in
/servers/blog/about
/ servers/npm/plugin-hunter
npm

plugin-hunter

ph — Scan Claude Code / Codex CLI / Gemini CLI plugins for malicious hooks, poisoned SKILL.md, and MCP tool-poisoning *before* you install. Uses your local LLM CLI as the judge — no API key required.

53/wkupdated 23d agogithub ↗
☆ Watch this server📋 Install guide⚡ Compare⚑ Claim listing
40poor
7 credentials detected in repository history via Gitleaks
▣ Score BreakdownMCPScore = Σ(raw × weight)
DimensionRawWeighted
Security
35%
0
0.0
Freshness
25%
85
21.3
Adoption
20%
21
4.2
Quality
10%
100
10.0
Trust
10%
50
5.0
Total
40.4
⚿ Capabilities & Risk Explainer
fs readfs writenetworkexecsecrets
◆ Risk level: high
fs read + fs write + network + exec + secrets active — can execute code, access credentials, and make external network calls.
⚙ Install config
Claude Desktop · Cursor · Windsurf · VS Code (Copilot) · Claude Code
add to your MCP client config:
{
  "mcpServers": {
    "plugin-hunter": {
      "command": "npx",
      "args": [
        "-y",
        "plugin-hunter"
      ]
    }
  }
}
⚙ Maintenance health
maintenance data not yet available — check back later.
⛁ Raw data
weekly downloads53
github stars0
forks0
open issues0
license✓ present
readme length9496 chars
last publish23d ago
last commit23d ago
last updated7d ago
owner of this server? claim your listing to get a verified badgeclaim →
🔔 Score drop alerts
get notified by email when this server's score drops 5+ points