Scan agent repos for repo-poisoning, unsafe AI config files, and MCP attack surfaces with MEDUSA
Run a focused preflight scan over agent and MCP repositories to catch poisoned instruction files, dangerous configs, and AI-specific supply-chain risks before merge or deployment.
What it does
Scan agent repos for repo-poisoning, unsafe AI config files, and MCP attack surfaces with MEDUSA
Run a focused preflight scan over agent and MCP repositories to catch poisoned instruction files, dangerous configs, and AI-specific supply-chain risks before merge or deployment.
Prerequisites
Python 3 environment, pip, MEDUSA package, access to the local repo or target GitHub repository, and optional external linters for expanded coverage
Installation
Use the upstream install or setup path that matches your environment:
- pip install medusa-security
- git clone https://github.com/yourusername/medusa.git
- pip install -e ".[dev]"
Requirements and caveats from upstream:
- | --quick | Quick scan (changed files only, requires git) |
- name: Set up Python
Basic usage or getting-started notes:
-
🚀 Quick Start
-
bash
-
Run your first scan - that's it!
-
Extracted from upstream docs: https://raw.githubusercontent.com/Pantheon-Security/medusa/HEAD/README.md
Documentation
Source
Capabilities
Install
Quality
deterministic score 0.45 from registry signals: · indexed on github topic:agent-skills · 8 github stars · SKILL.md body (1,375 chars)