About Vigile
Vigile is the security layer for the AI agent supply chain. We build tools that help developers scan, monitor, and trust the MCP servers and agent skills they install.
The Problem
AI agents are becoming the new software supply chain. MCP servers, agent skills, and tool definitions are installed from community registries with little to no security review. A malicious MCP server can exfiltrate sensitive data, inject hidden instructions, or establish covert communication channels — all while appearing perfectly legitimate.
Our Approach
Static Scanning
Pattern-matching engine with 50 detection rules across tool poisoning, exfiltration, permission abuse, and obfuscation categories.
Trust Scoring
5-factor weighted model (code analysis, dependency health, permission safety, behavioral stability, transparency) producing a 0-100 trust score.
Runtime Monitoring
Sentinel watches what MCP servers actually do on the network — detecting C2 beaconing, data exfiltration, DNS tunneling, and credential theft in real time.
Community Registry
Crowdsourced trust database for MCP servers and agent skills, with automated crawling from npm and GitHub.
Free CLI Scanner
The Vigile CLI scanner is free and open source (Apache 2.0), available on npm. Run npx vigile-scan to scan your local MCP servers and agent skills with zero configuration.