Live · 1.13M+ IOCs · HMAC-signed verdicts

Vet an MCP repo before you install it.

Paste any GitHub repo URL. Dredd fetches its package manifest, cross-checks every dependency against the DugganUSA threat-intel corpus, and returns a verdict in under two seconds. ALLOW / ADVISORY / BLOCK. HMAC-signed.

Try:

Add a Dredd badge to your repo

Drop this in your README. The badge updates live with the current verdict.

[![Dredd](https://analytics.dugganusa.com/api/v1/dredd/badge?url=https://github.com/OWNER/REPO)](https://analytics.dugganusa.com/scan?url=https://github.com/OWNER/REPO)

Live preview after a scan: the badge below shows the verdict for the URL you scanned.

scan something to see your badge