sswp-mcp

SSWP MCP — Deterministic software attestation for AI-augmented development. Witness any repo through a 5-gate pipeline, adversarially probe dependencies, and produce self-verifying .sswp.json attestations. Fleet registry across 131 nodes with tamper-proof audit ledger and FTS5 search. Agent-native — one tool call from Hermes, Claude, or Cline.

→ VrtxOmega/sswp-mcp · listed on glama

Is this your MCP?

Claim it to get a verified publisher badge, a free copy of our full audit findings, and direct contact for any high-priority issues we find.

Install from

Glama

M8ven verifies MCPs across every public registry — install directly from whichever one you prefer.

// key findings

⚠️

Known vulnerabilities in dependencies: 2 high

Affects packages this MCP installs at runtime. Upgrade or remove the affected dependency.

✅

No credential exfiltration, no sensitive file access, no obfuscation

Static analysis found nothing flowing your secrets to unexpected places.

✅

Open source with a license and README

Anyone can audit the code, the license is declared, and the publisher documents what it does.

🔐

You'll be asked for 2 credentials: OLLAMA_API_KEY, OLLAMA_CLOUD_API_KEY

These are read from process.env at runtime. Make sure you trust where they’ll be sent.

// known CVEs in dependencies2 high1 medium

Disclosed vulnerabilities in this server's declared npm dependencies (via OSV). Whether each is reachable depends on the installed versions.

high@modelcontextprotocol/sdk@1.0.0GHSA-8r9q-7v3j-jr4g

Anthropic's MCP TypeScript SDK has a ReDoS vulnerability

high@modelcontextprotocol/sdk@1.0.0GHSA-w48q-cv73-mx4w

Model Context Protocol (MCP) TypeScript SDK does not enable DNS rebinding protection by default

mediumajv@8.0.0GHSA-2g4f-4pwh-qvx6

ajv has ReDoS when using `$data` option

Depend on this server? Get alerted when its CVEs change.Watch this server free →

// required environment variables

This server reads these from process.env. You'll be asked to provide them before it can run.

🔐 secretOLLAMA_API_KEY

🔐 secretOLLAMA_CLOUD_API_KEY— Optional Kimi K2 reasoning (KIMI_REASONING probe) deepens the analysis when is set. Aggregate overallRisk = (CRITICAL_count × 0.4 + WARN_count × 0.15) / dep_count, clamped to [0, 1].

configSSWP_REGISTRY_PATH

// full audit trail

The full breakdown of what we checked, the deductions that landed, the network hosts, the dependency advisories, and concrete fix guidance is available to verified publishers.

// improvement guidance — verified publishers only

We have 3 concrete improvements we can share with the publisher of this MCP. Each comes with specific guidance to raise the trust score.

// embed badge in your README

[![M8ven Score](https://m8ven.ai/badge/mcp/vrtxomega-sswp-mcp-e48dsn)](https://m8ven.ai/mcp/vrtxomega-sswp-mcp-e48dsn)

commit: 2a381aa208167bb5feb8f19e65a2c7536ce3b260

code hash: 3f41d8a32b6ccb8acaf72d9749ecde112b045cbc90e2b72c784f14b7be04a4f6

verified: 6/10/2026, 11:44:15 AM

view raw JSON →