README.md
March 31, 2026 · View on GitHub
brin
credit score for context
ai agents are only as safe as the context they consume. brin scores each piece before your agent acts, detecting malware, prompt injection, phishing, and supply chain attacks across packages, repos, mcp servers, skills, and urls.
this dataset contains open-source threat scan records from brin's scoring pipeline. free for research, red-teaming, and model training.
- docs: brin.sh/docs
- cli: brin-cli
- cursor plugin: included in this repo (see plugins/cursor)
schema
each record is a single brin scan result. the fields are:
| field | type | description |
|---|---|---|
origin | string | source type: npm, pypi, crate, domain, page, repo, skill, mcp, contributor, commit, pr |
identifier | string | identifier within the origin (e.g. express, example.com) |
version | string | version or ref (optional) |
score | integer | 0–100 safety score. higher is safer |
confidence | string | low, medium, or high |
verdict | string | safe, caution, suspicious, or malicious |
sub_scores | object | breakdown across four dimensions (see below) |
threats | array | detected threat signals with type and description (optional, omitted if none) |
scanned_at | string | ISO 8601 timestamp of when the scan was run |
sub_scores
| dimension | description |
|---|---|
identity | publisher reputation, domain age, ownership signals |
behavior | runtime behavior, network calls, install scripts |
content | source code, prompt content, instruction analysis |
graph | dependency graph, transitive risk, maintainer overlap |
example record
{
"origin": "npm",
"identifier": "express",
"version": "4.18.2",
"score": 81,
"confidence": "medium",
"verdict": "safe",
"sub_scores": {
"identity": 95.0,
"behavior": 40.0,
"content": 100.0,
"graph": 30.0
},
"scanned_at": "2026-02-25T09:00:00Z"
}
coverage
| origin | what is scored | threats detected |
|---|---|---|
npm / pypi / crate | open source packages | install-time attacks, credential harvesting, typosquatting |
domain / page | websites and web pages | prompt injection, phishing, cloaking, exfiltration via hidden content |
repo | github repositories | agent config injection, malicious commits, compromised dependencies |
skill | agent skills | description injection, output poisoning, instruction override |
mcp | mcp servers | tool shadowing, schema abuse, silent capability escalation |
contributor | github contributors | impersonation, typosquatting, suspicious commit patterns |
commit | github commits | malicious code injection, backdoor insertion, unauthorized changes |
pr | github pull requests | supply chain attacks via PRs, malicious contributions, social engineering |
format
records are stored as jsonl (newline-delimited json) - one record per line. this makes the dataset trivially streamable and parseable without loading everything into memory.
files are organized by origin under data/:
data/
npm.jsonl
pypi.jsonl
crate.jsonl
domain.jsonl
page.jsonl
repo.jsonl
skill.jsonl
mcp.jsonl
contributor.jsonl
commit.jsonl
pr.jsonl
contributing
see CONTRIBUTING.md for details.
license
MIT
built by superagent - ai security for the agentic era