Scans your repository's dependency manifests (package.json, requirements.txt, go.mod, Cargo.toml, pom.xml, and more) and checks them against OSV.dev's CVE database. Exposes six tools: discover_dependencies to find all pinned packages, check_cves to query for vulnerabilities with severity filtering, enrich_cve to pull CVSS scores and CISA KEV exploitation status from NVD, plus accept_risk and remove_accepted_risk to manage exceptions with expiry dates. Ships with a /ghostfree.scan prompt that walks through discovery, triage, and remediation in a conversational flow. Accepted risks live in .ghostfree/accepted.yml so your team can commit suppression decisions to version control. Runs locally via npx with no signup or API keys required.
claude mcp add --transport stdio shane-js-ghostfree uvx ghostfree