← MCPLookup
Packageactivev2.5.0
com.dustforge/demipass
com.dustforge/demipass
Credential custody for agents: use secrets blind (ssh/http/smtp/git/db), never in context.
No blockers found
assessed on 1 of 4 dimensions
- ProvenanceOrigin linked to a public source repository.Official MCP Registry · as of Jul 7, 2026Pass
- MaintenanceRepository maintenance signals not yet ingested.Pending
- Manifest integrityLive manifest not yet captured — the rug-pull baseline begins at first probe.Pending
- Supply chainPackage vulnerability scan not yet run.Pending
- Behavioral trustNo live endpoint to observe.Not applicable
Connect
npm package · v2.5.0 · stdio
npx -y demipass- Dustforge JWT bearer token. Self-onboard at https://dustforge.com/.well-known/silicon or mint via the 2FA email flow.
DEMIPASS_TOKENrequiredsecret - API base URL (default https://api.dustforge.com)
DEMIPASS_URL
Provenance
- Official MCP Registry · as of Jul 7, 2026 · registry-tos
Every verdict is attributable to its sources and recomputed from our own landed copy — never read live on this page.