DepScope MCP Server

Package intelligence MCP for AI agents — 22 tools, 19 ecosystems, AGPL SDK, free.

Tools

Last Updated

Jun 14, 2026

What is the DepScope MCP Server?

The DepScope MCP server gives AI agents structured, permission-aware access to DepScope through the Model Context Protocol. With 22 pre-built actions, agents can read, create, and update DepScope data on behalf of authorized users.

Willow ships the DepScope MCP server as part of an enterprise control plane. Every call runs behind SSO (Okta, Azure AD), enforces RBAC and least-privilege at runtime, writes to a full audit trail, and integrates with Splunk and Loki for SIEM visibility. Connect from Claude Desktop, Claude Code, Cursor, ChatGPT, VS Code, n8n, or any custom agent. Install once, distribute org-wide, and see exactly how DepScope is being used by every AI agent in your stack.

Tools

check_malicious

Supply-chain malware check against OpenSSF/OSV. USE WHEN: about to suggest install of an unvetted/unfamiliar package; name came from a blog/tutorial. Call BEFORE check_package for untrusted pkgs. RETURNS: {is_malicious, threat_tier, source}.

check_typosquat

Typosquat detector. USE WHEN: name differs from a well-known package by 1-2 chars (`lodsh`, `reqeusts`); copy-paste from unreliable source; downloads near zero but name looks familiar. RETURNS: {is_typosquat, likely_target, confidence}.

check_bulk

Fast pre-flight filter for a batch of (ecosystem, package) pairs. DB-only, <100ms for 100 items. USE WHEN: about to emit `npm install a b c …` or `pip install a b c …` — catches hallucinated names, stdlib, typos, and known-bad in ONE call. NOT a dep-tree audit (use scan_project for that). RETURNS: per-item {status: exists|stdlib|malicious|typosquat_suspect|historical_incident|unknown}.

package_exists

Boolean registry existence check. USE WHEN: about to emit a package name in an install command but unsure it exists; verifying a name generated from training data. RETURNS: {exists}.

get_latest_version

Latest published version + deprecation flag — the cheapest call. USE WHEN: only a version string matters (pinning a dep, answering 'what version of X'). If you also need health/vulns use check_package. RETURNS: {latest, deprecated, published_at}.

get_health_score

Single 0-100 health score — cheapest go/no-go gate (>=70 safe). USE WHEN: CI gating or pkg already screened for malware/typos. NOT a first screen — run check_malicious + check_typosquat first. For a verbal verdict use get_package_prompt. RETURNS: {score, verdict}.

install_command

Canonical install command(s) across every package manager of the ecosystem (npm/pnpm/yarn/bun, pip/uv/poetry, cargo, go, composer, maven+gradle, nuget, …). USE WHEN: emitting an install line and you want correct flags. RETURNS: {primary, variants[]}.

get_package_prompt

LLM-optimised package brief — plain text ~300 tokens (~75% cheaper than JSON). Verdict (SAFE/AVOID/URGENT/MALICIOUS) + health + vulns + alternatives + maintainer alerts. USE WHEN: you want to reason over a package and drop the output directly in context; 'is X safe'. PREFER THIS over check_package in 95% of LLM cases. RETURNS: plain-text brief.

check_package

Full machine-readable JSON report (~2k tokens). USE WHEN: you need to programmatically parse specific fields (CI gating, UI, sub-field extraction). Otherwise prefer get_package_prompt. RETURNS: {package, health:{score}, vulnerabilities[], latest, deprecated, maintainers, recommendation}.

get_vulnerabilities

CVE/OSV advisories affecting the latest (or specified) version. USE WHEN: security-sensitive project; user asks 'any CVEs in X'; you already know the pkg exists. RETURNS: {vulnerability_count, vulnerabilities[]: {id, severity, cvss, fixed_in}}.

1 2 3

1–10 of 22 tools

Customize Tools

Edit descriptions, modify arguments, select tools, or add new ones

Set Up Your DepScope MCP Server in Minutes

Add the following configuration to your MCP client. Authentication is handled via OAuth. Compatible with Claude Desktop, Claude Code, Cursor, ChatGPT, VS Code, n8n, and any MCP-compatible agent.

Claude Desktop

claude_desktop_config.json

{
  "mcpServers": {
    "willow-depscope": {
      "type": "http",
      "url": "https://<org>.mcp-s.com/mcp/mcp/depscope"
    }
  }
}

Cursor

.cursor/mcp.json

{
  "mcpServers": {
    "willow-depscope": {
      "type": "http",
      "url": "https://<org>.mcp-s.com/mcp/mcp/depscope"
    }
  }
}

Claude Code

CLI

claude mcp add willow-depscope --transport http https://<org>.mcp-s.com/mcp/mcp/depscope

n8n

HTTP Request Node

{
  "url": "https://<org>.mcp-s.com/mcp/mcp/depscope",
  "method": "POST"
}

Or click "Install with Willow" above to set up automatically with SSO and RBAC preconfigured.

Enterprise Governance for DepScope

Willow adds the layer DepScope and every other SaaS doesn't ship out of the box: every call runs behind SSO (Okta, Azure AD), enforces RBAC and least-privilege at runtime, writes to full audit logs, and detects shadow AI usage across your stack. One MCP gateway. Any agent. Every tool.

DepScope MCP Server FAQ

What is the DepScope MCP server?

The DepScope MCP server is a Model Context Protocol implementation that lets AI agents like Claude, Cursor, and ChatGPT read and write DepScope data through a standardized interface. Willow hosts and governs this server so enterprises can roll it out without a security review backlog.

How is Willow's DepScope MCP server different from the official one?

The official DepScope MCP server is scoped to a single user's account and does not include enterprise governance. Willow's version adds SSO, RBAC, audit logging, shadow AI detection, and centralized control over which actions agents can take across the entire org.

Which AI clients work with the DepScope MCP server?

Claude Desktop, Claude Code, Cursor, ChatGPT, VS Code with MCP support, n8n, and any custom agent built with OpenAI Agents SDK, LangChain, Vercel AI SDK, or Anthropic SDK.

Is the DepScope MCP server secure? How does Willow handle authentication?

Every call runs behind your existing SSO (Okta, Azure AD). Per-user OAuth scopes the agent to exactly what that user can do in DepScope, nothing more. No credentials reach the LLM. Every action writes to an audit trail.

Can I limit which DepScope actions agents can take?

Yes. Willow lets you scope agents to specific actions, specific projects, or specific environments. Toggle actions on or off in the dashboard, or enforce policy via infrastructure-as-code through GitHub.

How do I detect shadow DepScope MCP servers in my org?

Willow's browser extension and discovery service surface unmanaged MCP servers, skills, and AI agents across the org. If a developer installed an unapproved DepScope MCP locally, you'll see it.

What does the DepScope MCP server cost?

Pricing depends on org size and deployment model (SaaS, dedicated cloud, self-host). See withwillow.ai/pricing or contact sales for a quote.

How do I install the DepScope MCP server with Willow?

Install via the Willow Connect Panel in one click, or paste the JSON snippet above into your Claude Desktop, Cursor, or Claude Code config. SSO and RBAC inherit from your existing Willow setup.