AI & AutomationMedium

Slopsquat Guard MCP

An MCP server that intercepts every package install an agent attempts and verifies the package actually exists, has reasonable downloads, and matches a real maintainer.

Target market
Indie devs and small engineering teams using Claude Code, Cursor, or OpenCode that let agents run package installs autonomously.

Problem snapshot

What this solves

Trend Micro and BleepingComputer reported that ~20% of AI-generated code references packages that do not exist, and attackers have already published 128 phantom packages with 121,000 downloads. When Claude Code runs 'npm install react-router-helpers' or 'pip install fastapi-utils-plus', there is currently zero check that the package is legitimate before it…

Full ProvenTools analysis

Unlock the full analysis and build prompt

Unlock the solution, revenue model, feature scope, technical approach, user flow, and 13-section AI build prompt.

Already have access? Sign in

See ProvenTools plans

Related ideas

Explore similar problems

Browse all