74
/ 100
1 month ago
glama

Mund

MCP security scanner for AI agents - detects prompt injection, secrets, PII, and vets MCP servers before installation

Is this your MCP?

Claim it to get a verified publisher badge, a free copy of our full audit findings, and direct contact for any high-priority issues we find.

Install from

M8ven verifies MCPs across every public registry — install directly from whichever one you prefer.

// key findings
38 tools verified — handlers match their declared behaviour
1 read-only tool verified — handlers contain no write/delete/exec
No credential exfiltration, no sensitive file access, no obfuscation
Static analysis found nothing flowing your secrets to unexpected places.
Open source with a license and README
Anyone can audit the code, the license is declared, and the publisher documents what it does.
🔐
You'll be asked for 7 credentials: HORD_MASTER_KEY, HORD_MUND_API_KEY, HORD_USE_HARDWARE_KEY, MUND_API_KEY, MUND_EMAIL_SMTP_PASS, WEAVE_API_KEY, WEAVE_SIGNING_KEY
These are read from process.env at runtime. Make sure you trust where they’ll be sent.
// required environment variables
This server reads these from process.env. You'll be asked to provide them before it can run.
configANTIGRAVITY_CONFIG_DIR
configCLAUDE_CONFIG_DIR
configHORD_ATTESTATION_CERT_FILE
configHORD_ATTESTATION_KEY_FILE
configHORD_CHAIN_ATTESTATIONS
configHORD_DATABASE_URL
configHORD_HOST
configHORD_KEY_ROTATION_DAYS
configHORD_LOG_LEVEL
🔐 secretHORD_MASTER_KEY
configHORD_MASTER_KEY_FILE
🔐 secretHORD_MUND_API_KEY
configHORD_MUND_URL
configHORD_PORT
configHORD_SANDBOX_IMAGE
configHORD_SANDBOX_MEMORY_MB
configHORD_SANDBOX_RUNTIME
configHORD_SANDBOX_TIMEOUT_MS
configHORD_STORAGE
configHORD_TRANSPORT
🔐 secretHORD_USE_HARDWARE_KEY
🔐 secretMUND_API_KEY
configMUND_BLOCK_MODE
configMUND_DATABASE_URL
configMUND_EMAIL_FROM
configMUND_EMAIL_MIN_SEVERITY
configMUND_EMAIL_SMTP_HOST
🔐 secretMUND_EMAIL_SMTP_PASS
configMUND_EMAIL_SMTP_PORT
configMUND_EMAIL_SMTP_SECURE
configMUND_EMAIL_SMTP_USER
configMUND_EMAIL_TO
configMUND_HOST
configMUND_LOG_LEVEL
configMUND_PORT
configMUND_SLACK_CHANNEL
configMUND_SLACK_EMOJI
configMUND_SLACK_MIN_SEVERITY
configMUND_SLACK_USERNAME
configMUND_SLACK_WEBHOOK
configMUND_STORAGE
configMUND_TEAMS_MIN_SEVERITY
configMUND_TEAMS_WEBHOOK
configMUND_TRANSPORT
configMUND_WEBHOOK_HEADERS
configMUND_WEBHOOK_MIN_SEVERITY
configMUND_WEBHOOK_URL
configNO_COLOR
configTERM
🔐 secretWEAVE_API_KEY
configWEAVE_PORT
🔐 secretWEAVE_SIGNING_KEY
configWEAVE_WARD_PATHIf you have a WARD.md in your home directory or set $, Hundredmen will auto-enforce it.
// full audit trail
The full breakdown of what we checked, the deductions that landed, the network hosts, the dependency advisories, and concrete fix guidance is available to verified publishers.
// improvement guidance — verified publishers only
We have 7 concrete improvements we can share with the publisher of this MCP. Each comes with specific guidance to raise the trust score.
// embed badge in your README
[![M8ven Score](https://m8ven.ai/badge/mcp/tyox-all-weave-protocol-1jwtua)](https://m8ven.ai/mcp/tyox-all-weave-protocol-1jwtua)
commit: b84c203f9264a5f7c5b0a39aa27a80e40a80eb81
code hash: 0e0b7bcf8173b7ad02b5e941edfeb39a0890a470300e987cc233b4d47ca72717
verified: 6/11/2026, 11:20:18 AM
view raw JSON →
Mund · M8ven Trust Score | M8ven