$ timeahead.in

npm

plugin-hunter

ph — Scan Claude Code / Codex CLI / Gemini CLI plugins for malicious hooks, poisoned SKILL.md, and MCP tool-poisoning *before* you install. Uses your local LLM CLI as the judge — no API key required.

↓ 53/wkupdated 23d agogithub ↗

☆ Watch this server 📋 Install guide ⚡ Compare ⚑ Claim listing

40poor

⚠ 7 credentials detected in repository history via Gitleaks

▣ Score BreakdownMCPScore = Σ(raw × weight)

DimensionRawWeighted

Security

35%

0.0

Freshness

25%

21.3

Adoption

20%

4.2

Quality

10%

100

10.0

Trust

10%

5.0

Total

40.4

⚿ Capabilities & Risk Explainer

fs readfs writenetworkexecsecrets

◆ Risk level: high

fs read + fs write + network + exec + secrets active — can execute code, access credentials, and make external network calls.

⚙ Install config

Claude Desktop · Cursor · Windsurf · VS Code (Copilot) · Claude Code

add to your MCP client config:

{
  "mcpServers": {
    "plugin-hunter": {
      "command": "npx",
      "args": [
        "-y",
        "plugin-hunter"
      ]
    }
  }
}

per-client install guide (claude desktop · cursor · windsurf · vscode) →

⚙ Maintenance health

maintenance data not yet available — check back later.

⛁ Raw data

weekly downloads53

github stars0

forks0

open issues0

license✓ present

readme length9496 chars

last publish23d ago

last commit23d ago

last updated7d ago

owner of this server? claim your listing to get a verified badgeclaim →

🔔 Score drop alerts

get notified by email when this server's score drops 5+ points