oathe-mcp
MCP server for Oathe AI security audits. Check trust scores before installing MCP servers, plugins, or AI agent skills.
Quick Start
npx oathe-mcp
No API key required. No configuration needed.
MCP Client Configuration
Claude Desktop
Add to your claude_desktop_config.json:
{
"mcpServers": {
"oathe": {
"command": "npx",
"args": ["-y", "oathe-mcp"]
}
}
}
Claude Code
claude mcp add oathe -- npx -y oathe-mcp
Tools
submit_audit
Submit a GitHub or ClawHub URL for a security audit.
{ "skill_url": "https://github.com/owner/repo" }
Returns audit_id to track progress. Rate limited: one submission per 60 seconds per IP.
check_audit_status
Check the status of a submitted audit.
{ "audit_id": "uuid-from-submit" }
Poll every 5 seconds. Terminal statuses: complete, failed.
get_audit_report
Get the full security audit report for a repository.
{ "owner": "anthropics", "repo": "claude-code" }
Returns trust score, verdict, findings, category scores, and recommendation.
get_skill_summary
Get a lightweight summary (score + verdict) without full findings.
{ "owner": "anthropics", "repo": "claude-code" }
Returns score, verdict, recommendation, and finding counts.
search_audits
Search completed audits by verdict or minimum trust score.
{ "verdict": "SAFE", "min_score": 80, "sort": "trust_score", "order": "DESC" }
Returns up to 100 results.
Configuration
| Environment Variable | Default | Description |
|---|---|---|
OATHE_API_BASE | https://audit-engine.oathe.ai | Override the API base URL |
Setting an invalid OATHE_API_BASE will produce a clear error at startup.
License
MIT