MaintenanceActively maintained — last activity 0 days ago.GitHub · as of Jul 12, 2026
Pass
ProvenanceOrigin linked to a public source repository.Official MCP Registry · as of Jul 12, 2026
Pass
Supply chainNo known vulnerabilities in scanned package dependencies (OSV).OSV (Google Open Source Vulnerabilities) · as of Jul 12, 2026
Pass
Manifest integrityManifest capture requires running the package (sandbox phase).
Pending
Behavioral trustNo live endpoint to observe.
Not applicable
Connect
pypi package · v0.3.2 · stdio
uvx tar-engine
TAR_ENGINE_URL
Override the audit backend. Default is the hosted playground at https://tarai.dev. Set to http://localhost:8765 (or your own tar-engine deployment) to self-host and keep SKILL.md content on your machine.
TAR_ENGINE_BYOK_OPENAI_KEYsecret
OpenAI API key that unlocks the semantic LLM and adversarial prompt-fuzz layers. Static and supply-chain layers run without it.
TAR_ENGINE_BYOK_ANTHROPIC_KEYsecret
Anthropic API key alternative to the OpenAI key for the semantic and adversarial layers.
Provenance
Official MCP Registry · as of Jul 12, 2026 · registry-tos
OSV (Google Open Source Vulnerabilities) · as of Jul 12, 2026 · CC-BY-4.0
GitHub · as of Jul 12, 2026 · github-tos
Every verdict is attributable to its sources and recomputed from our own landed copy, never read live on this page.