check_ai_supply_chain_risk
ActiveTool of TensorFeed
Check the TensorFeed AI/MCP/LLM supply-chain IOC feed. Returns publicly-disclosed malicious npm/PyPI packages whose name or summary signals relevance to AI agent operators. With no args, returns the whole snapshot (typically a small number of entries). With "package_name", returns only entries matching that name (substring, case-insensitive) so an agent can ask "is X risky right now?" before installing. Each entry cites its GHSA primary source. Posture: TF republishes already-public advisories; the listed primary source is authoritative.
Parameters schema
{
"type": "object",
"properties": {
"ecosystem": {
"type": "string",
"description": "Optional ecosystem filter: \"npm\" or \"pip\""
},
"package_name": {
"type": "string",
"description": "Optional case-insensitive substring of the package name (e.g. \"mistralai\" or \"@mistralai/mistralai-gcp\"). If omitted, returns all current entries."
}
}
}No endpoints wrapped at confidence ≥ 0.70.
Parent server
TensorFeed
https://github.com/RipperMercs/tensorfeed
1/7 registries