Slopsquat Guard MCP
An MCP server that intercepts every package install an agent attempts and verifies the package actually exists, has reasonable downloads, and matches a real maintainer.
- Target market
- Indie devs and small engineering teams using Claude Code, Cursor, or OpenCode that let agents run package installs autonomously.
Problem snapshot
What this solves
Trend Micro and BleepingComputer reported that ~20% of AI-generated code references packages that do not exist, and attackers have already published 128 phantom packages with 121,000 downloads. When Claude Code runs 'npm install react-router-helpers' or 'pip install fastapi-utils-plus', there is currently zero check that the package is legitimate before it…
Full ProvenTools analysis
Unlock the full analysis and build prompt
Unlock the solution, revenue model, feature scope, technical approach, user flow, and 13-section AI build prompt.
Already have access? Sign in
Related ideas
Explore similar problems
Agent Canary Task Monitor
Runs a handful of known-good canary tasks against your live agent on a schedule and alerts the moment its output, tool path, latency, or cost drifts from baseline.
Agent Context Drift Alarm
Scans the assembled context (retrieved chunks, memory, task) for contradictions and topic mismatch before the agent answers, so it clarifies or prefers the authoritative source instead of confidently resolving a confl...
Agent Evaluation and Benchmarking Platform
A platform for systematically evaluating AI agent performance against custom test suites.