{ "name": "mcp-blast-radius", "version": "0.2.4", "display_name": "MCP Blast-Radius Auditor", "category": "security / compliance / MCP observability", "description": "See what any MCP server can actually touch — before you add it to your agent. No manifest? You still get the full blast-radius report. Add a manifest to also catch divergences.", "limitations": "Static analysis only; findings use confidence labels (observed-static, inferred). Default scan scope excludes tests/, docs/, examples/, scripts/, benchmarks/, .github/, and test_*.py unless --include-peripheral is set.", "aos_compliant": true, "capabilities": { "filesystem": "Static extraction of file paths touched by MCP server code", "network": "Static extraction of network endpoints and imports", "subprocess": "Static extraction of subprocess invocations", "env": "Static extraction of environment variable access" }, "tools": [ { "name": "aos_compliance_validate", "description": "Scan one MCP server directory (target_dir required)" }, { "name": "aos_compliance_self_test", "description": "Wiring smoke test" } ], "install": "pip install mcp-blast-radius==0.2.4", "usage": { "cli": "mcp-blast-radius-gate --gate-mode advisory --target-dir /path/to/mcp-server", "gate_mode": { "advisory": "Information only (default)", "blocking": "Fail CI when manifest divergences are detected" } }, "mcp": { "command": "mcp-blast-radius", "transport": "stdio" }, "links": { "pypi": "https://pypi.org/project/mcp-blast-radius/", "repository": "https://github.com/aos-standard/mcp-blast-radius", "agent_card": "https://raw.githubusercontent.com/aos-standard/mcp-blast-radius/main/packaging/agent_card.json" }, "homepage": "https://github.com/aos-standard/mcp-blast-radius", "issues": "https://github.com/aos-standard/mcp-blast-radius/issues", "repository": "https://github.com/aos-standard/mcp-blast-radius" }