io.github.jamesdfinance-dev/lazaretto
https://lazaretto.dev/mcpskills: {'id': 'known_bad_lookup', 'name': 'known_bad_lookup', 'description': "Check a SHA-256 against Lazaretto's known-bad indicator set (refreshed daily from abuse.ch). Free and anonymous. A miss only means this exact hash is not in the indicator set; it is not a clean verdict on the artifact.", 'tags': [], 'examples': None, 'input_modes': None, 'output_modes': None}, {'id': 'scan_artifact', 'name': 'scan_artifact', 'description': 'Deterministically analyze a package, repo, skill, or file for malicious behavior (credential theft, data exfiltration, obfuscation, prompt injection aimed at the agent, install scripts) and return a verdict (malicious, flagged, clear, error) with the exact evidence and a hash of what was scanned. Requires prepaid credits presented as an X-API-Key request header; consumes one credit per successful scan. Buy credits at POST https://lazaretto.dev/v1/credits/topup. For a free check, use known_bad_lookup.', 'tags': [], 'examples': None, 'input_modes': None, 'output_modes': None}; uptime_30d 1.0%; p95 147.5ms; conformance: pass
How to connect
https://lazaretto.dev/mcp
curl -X POST https://lazaretto.dev/mcp \
-H 'Content-Type: application/json' \
-H 'Accept: application/json, text/event-stream' \
-d '{"jsonrpc":"2.0","id":1,"method":"initialize","params":{}}'