the credit score for context
your agents are at risk every time they use external context. brin pre-scans packages, skills, and web pages to detect malware, prompt injection, and supply chain attacks.
this repo contains the brin cli — a thin Rust client over the brin API. no sdk, no auth, no signup. a single command returns a score, verdict, and threat data.
npm install -g brincurl -fsSL https://brin.sh/install.sh | shbrin check <origin>/<identifier>
before your agent acts on any external context, make a single call. brin returns a score, verdict, and any detected threats.
brin check npm/express
brin check npm/lodash@4.17.21
brin check pypi/requests
brin check crate/serde{
"origin": "npm",
"name": "express",
"score": 81,
"confidence": "medium",
"verdict": "safe",
"tolerance": "conservative",
"scanned_at": "2026-02-25T09:00:00Z",
"url": "https://api.brin.sh/npm/express"
}brin check repo/expressjs/expressbrin check mcp/modelcontextprotocol/serversbrin check skill/owner/repobrin check domain/example.com
brin check page/example.com/loginbrin check commit/owner/repo@abc123def| flag | description |
|---|---|
--details |
include sub-scores (identity, behavior, content, graph) |
--webhook <url> |
receive tier-completion events as the deep scan progresses |
--headers |
print only the X-Brin-* response headers instead of the JSON body |
brin check npm/express --details{
"origin": "npm",
"name": "express",
"score": 81,
"verdict": "safe",
"sub_scores": {
"identity": 95.0,
"behavior": 40.0,
"content": 100.0,
"graph": 30.0
}
}brin runs a 3-tier analysis — the LLM tier takes 20–30s. pass a webhook url to receive results as each tier completes rather than waiting:
brin check npm/express --webhook https://your-server.com/brin-callbackevents posted to your endpoint:
| event | description |
|---|---|
tier1_complete |
identity + registry metadata done |
tier2_complete |
static analysis done |
tier3_complete |
LLM threat analysis done |
scan_complete |
final score with graph analysis |
for fast, scriptable checks without JSON parsing:
brin check npm/express --headersX-Brin-Score: 81
X-Brin-Verdict: safe
X-Brin-Confidence: medium
X-Brin-Tolerance: conservative
flags can be combined:
brin check npm/express --details --webhook https://your-server.com/cbsix types of external context that agents consume autonomously — each with a distinct threat model and scoring methodology.
| origin | example | threats detected |
|---|---|---|
npm / pypi / crate |
npm/express |
install-time attacks, credential harvesting, typosquatting |
domain / page |
domain/example.com |
prompt injection, phishing, cloaking, exfiltration via hidden content |
repo |
repo/owner/repo |
agent config injection, malicious commits, compromised dependencies |
skill |
skill/owner/repo |
description injection, output poisoning, instruction override |
mcp |
mcp/owner/server |
tool shadowing, schema abuse, silent capability escalation |
commit |
commit/owner/repo@sha |
PR injection, security sabotage, backdoor introduction |
before your agent acts on any external context, make a single GET request. brin returns a score, verdict, and any detected threats. pre-scanned results return in under 10ms — fast enough to sit in the critical path of every agent action, no queues, no cold starts.
brin check npm/express
|
v
GET https://api.brin.sh/npm/express
|
v
score · verdict · threats
if brin is unreachable, the agent continues as normal — zero risk to your existing workflow.
| variable | default | description |
|---|---|---|
BRIN_API_URL |
https://api.brin.sh |
override the API endpoint |
git clone https://github.com/superagent-ai/brin
cd brin
cargo build
cargo testsee CONTRIBUTING.md for details.
MIT
built by superagent — ai security for the agentic era