toolbooth / tools / dependency_risk_score

dependency_risk_score

$0.10 USDC per call

Score the security risk of software dependencies before using them. Checks each package against OSV.dev (Google's vulnerability database) and deps.dev for metadata. Returns per-package CVE counts, max severity, abandonment signals, and a hallucination check — HALLUCINATED means the package was not found and may be an AI-invented name or typosquat. Supports npm, pypi, go, maven, cargo, and nuget. Accepts up to 20 packages per call.

Parameters
NameTypeRequiredDescription
packages string required JSON array of packages to scan. Each entry: {"name": "lodash", "ecosystem": "npm", "version": "4.17.19"} — version is optional. Ecosystems: npm, pypi, go, maven, cargo, nuget. Example: [{"name":"lodash","ecosystem":"npm"},{"name":"requests","ecosystem":"pypi"}]
Example Call
// MCP tool call
{
  "name": "dependency_risk_score",
  "arguments": {
    "packages": ""
}
}
Connect
// Add to your MCP config — this tool is immediately available
{
  "mcpServers": {
    "toolbooth": { "url": "https://toolbooth.io/mcp" }
  }
}
Related Tools
token_price wallet_profile token_risk_score transaction_parse

Try it live in the playground