README.md
March 12, 2026 · View on GitHub
brin cli
the credit score for context
your agents are at risk every time they use external context. brin pre-scans packages, skills, and web pages to detect malware, prompt injection, and supply chain attacks.
this repo contains the brin cli — a thin Rust client over the brin API. no sdk, no auth, no signup. a single command returns a score, verdict, and threat data.
install
via npm
npm install -g brin
via shell script
curl -fsSL https://brin.sh/install.sh | sh
usage
brin check <origin>/<identifier>
before your agent acts on any external context, make a single call. brin returns a score, verdict, and any detected threats.
packages
brin check npm/express
brin check npm/lodash@4.17.21
brin check pypi/requests
brin check crate/serde
{
"origin": "npm",
"name": "express",
"score": 81,
"confidence": "medium",
"verdict": "safe",
"tolerance": "conservative",
"scanned_at": "2026-02-25T09:00:00Z",
"url": "https://api.brin.sh/npm/express"
}
repositories
brin check repo/expressjs/express
MCP servers
brin check mcp/modelcontextprotocol/servers
agent skills
brin check skill/owner/repo
domains and pages
brin check domain/example.com
brin check page/example.com/login
commits
brin check commit/owner/repo@abc123def
flags
| flag | description |
|---|---|
--details | include sub-scores (identity, behavior, content, graph) |
--webhook <url> | receive tier-completion events as the deep scan progresses |
--headers | print only the X-Brin-* response headers instead of the JSON body |
--details
brin check npm/express --details
{
"origin": "npm",
"name": "express",
"score": 81,
"verdict": "safe",
"sub_scores": {
"identity": 95.0,
"behavior": 40.0,
"content": 100.0,
"graph": 30.0
}
}
--webhook
brin runs a 3-tier analysis — the LLM tier takes 20–30s. pass a webhook url to receive results as each tier completes rather than waiting:
brin check npm/express --webhook https://your-server.com/brin-callback
events posted to your endpoint:
| event | description |
|---|---|
tier1_complete | identity + registry metadata done |
tier2_complete | static analysis done |
tier3_complete | LLM threat analysis done |
scan_complete | final score with graph analysis |
--headers
for fast, scriptable checks without JSON parsing:
brin check npm/express --headers
X-Brin-Score: 81
X-Brin-Verdict: safe
X-Brin-Confidence: medium
X-Brin-Tolerance: conservative
flags can be combined:
brin check npm/express --details --webhook https://your-server.com/cb
what we score
six types of external context that agents consume autonomously — each with a distinct threat model and scoring methodology.
| origin | example | threats detected |
|---|---|---|
npm / pypi / crate | npm/express | install-time attacks, credential harvesting, typosquatting |
domain / page | domain/example.com | prompt injection, phishing, cloaking, exfiltration via hidden content |
repo | repo/owner/repo | agent config injection, malicious commits, compromised dependencies |
skill | skill/owner/repo | description injection, output poisoning, instruction override |
mcp | mcp/owner/server | tool shadowing, schema abuse, silent capability escalation |
commit | commit/owner/repo@sha | PR injection, security sabotage, backdoor introduction |
how it works
before your agent acts on any external context, make a single GET request. brin returns a score, verdict, and any detected threats. pre-scanned results return in under 10ms — fast enough to sit in the critical path of every agent action, no queues, no cold starts.
brin check npm/express
|
v
GET https://api.brin.sh/npm/express
|
v
score · verdict · threats
if brin is unreachable, the agent continues as normal — zero risk to your existing workflow.
for ai agents
environment variables
| variable | default | description |
|---|---|---|
BRIN_API_URL | https://api.brin.sh | override the API endpoint |
local development
git clone https://github.com/superagent-ai/brin-cli
cd brin
cargo build
cargo test
contributing
see CONTRIBUTING.md for details.
license
MIT
built by superagent — ai security for the agentic era