the credit score for context
your agents are at risk every time they use external context. brin pre-scans packages, skills, and web pages to detect malware, prompt injection, and supply chain attacks.
this repo contains the brin cli — a thin Rust client over the brin API. no sdk, no auth, no signup. a single command returns a score, verdict, and threat data.
install
via npm
via shell script
curl -fsSL https://brin.sh/install.sh | shusage
brin check <origin>/<identifier>
before your agent acts on any external context, make a single call. brin returns a score, verdict, and any detected threats.
packages
brin check npm/express brin check npm/lodash@4.17.21 brin check pypi/requests brin check crate/serde
{
"origin": "npm",
"name": "express",
"score": 81,
"confidence": "medium",
"verdict": "safe",
"tolerance": "conservative",
"scanned_at": "2026-02-25T09:00:00Z",
"url": "https://api.brin.sh/npm/express"
}repositories
brin check repo/expressjs/express
MCP servers
brin check mcp/modelcontextprotocol/servers
agent skills
brin check skill/owner/repo
domains and pages
brin check domain/example.com brin check page/example.com/login
commits
brin check commit/owner/repo@abc123def
flags
| flag | description |
|---|---|
--details |
include sub-scores (identity, behavior, content, graph) |
--webhook <url> |
receive tier-completion events as the deep scan progresses |
--headers |
print only the X-Brin-* response headers instead of the JSON body |
--details
brin check npm/express --details
{
"origin": "npm",
"name": "express",
"score": 81,
"verdict": "safe",
"sub_scores": {
"identity": 95.0,
"behavior": 40.0,
"content": 100.0,
"graph": 30.0
}
}--webhook
brin runs a 3-tier analysis — the LLM tier takes 20–30s. pass a webhook url to receive results as each tier completes rather than waiting:
brin check npm/express --webhook https://your-server.com/brin-callback
events posted to your endpoint:
| event | description |
|---|---|
tier1_complete |
identity + registry metadata done |
tier2_complete |
static analysis done |
tier3_complete |
LLM threat analysis done |
scan_complete |
final score with graph analysis |
--headers
for fast, scriptable checks without JSON parsing:
brin check npm/express --headers
X-Brin-Score: 81
X-Brin-Verdict: safe
X-Brin-Confidence: medium
X-Brin-Tolerance: conservative
flags can be combined:
brin check npm/express --details --webhook https://your-server.com/cb
what we score
six types of external context that agents consume autonomously — each with a distinct threat model and scoring methodology.
| origin | example | threats detected |
|---|---|---|
npm / pypi / crate |
npm/express |
install-time attacks, credential harvesting, typosquatting |
domain / page |
domain/example.com |
prompt injection, phishing, cloaking, exfiltration via hidden content |
repo |
repo/owner/repo |
agent config injection, malicious commits, compromised dependencies |
skill |
skill/owner/repo |
description injection, output poisoning, instruction override |
mcp |
mcp/owner/server |
tool shadowing, schema abuse, silent capability escalation |
commit |
commit/owner/repo@sha |
PR injection, security sabotage, backdoor introduction |
how it works
before your agent acts on any external context, make a single GET request. brin returns a score, verdict, and any detected threats. pre-scanned results return in under 10ms — fast enough to sit in the critical path of every agent action, no queues, no cold starts.
brin check npm/express
|
v
GET https://api.brin.sh/npm/express
|
v
score · verdict · threats
if brin is unreachable, the agent continues as normal — zero risk to your existing workflow.
for ai agents
environment variables
| variable | default | description |
|---|---|---|
BRIN_API_URL |
https://api.brin.sh |
override the API endpoint |
local development
git clone https://github.com/superagent-ai/brin-cli cd brin cargo build cargo test
contributing
see CONTRIBUTING.md for details.
license
MIT
built by superagent — ai security for the agentic era