Doramagic.ai Chinese

MCP Tool Integration · Public

decoy-scan

MCP tool integration project for safely connecting external tools, services, or data sources to an AI host.

MCPTool callingHost configurationPermission boundariesAcceptance checks

Last verification date: 2026-07-09 Verification method: source evidence, semantic profile, public page gate, and static build acceptance.

Publication status · 2026-07-09

What is decoy-scan?

01

Quick decision

Use this section to decide whether the project is worth a deeper read.
Best forDevelopers who need Claude, Cursor, Codex, or another MCP-capable AI host to call external tools safely.

Match the project to your task before installing it.

CapabilityMCP setup guidance, host configuration checks, tool permission boundaries, recovery steps, and acceptance checks

MCP tool integration project for safely connecting external tools, services, or data sources to an AI host.

Repositorydecoy-run/decoy-scan

1 stars · 0 forks

02

What it can do

Translate the upstream project into concrete capabilities the user can judge before installing.
1

Introduction and Getting Started

Related topics: System Architecture and Source Modules, CLI, GitHub Action, and Library API

Source: https://github.com/decoy-run/decoy-scan / Human Manual
2

System Architecture and Source Modules

Related topics: Introduction and Getting Started, Security Checks, Patterns, and Detection Rules

Source: https://github.com/decoy-run/decoy-scan / Human Manual
3

Security Checks, Patterns, and Detection Rules

Related topics: System Architecture and Source Modules, CLI, GitHub Action, and Library API

Source: https://github.com/decoy-run/decoy-scan / Human Manual
4

CLI, GitHub Action, and Library API

Related topics: Introduction and Getting Started, Security Checks, Patterns, and Detection Rules

Source: https://github.com/decoy-run/decoy-scan / Human Manual
5

Doramagic Pitfall Log

Source-linked risks stay visible on the manual page so the preview does not read like a recommendation.

Source: Doramagic discovery, validation, and Project Pack records

Sources: https://github.com/decoy-run/decoy-scan, Human Manual, Project Pack evidence, and downstream validation signals.

03

Community Discussion Evidence

Project-level external discussion stays visible on the detail page, not only inside the manual.
Stars1 stars
Forks0 forks
Contributors1 contributors
Licenseunknown

04

How to start

Only source-backed commands are shown here. Verify them in an isolated environment first.
1

Try the prompt first

Test the workflow without installing the upstream project.

preview
2

Read the Human Manual

Understand inputs, outputs, limits, and failure modes.

manual
3

Take context to your AI host

Use the compiled assets in your preferred AI environment.

context
4

Run sandbox verification

Confirm install commands and rollback before using a primary environment.

verify
npx decoy-scan

Official start command · https://github.com/decoy-run/decoy-scan#readme · verified: yes

05

Human Manual

The English page must expose the real manual, not a short placeholder.

8+ sections · Human Manual

decoy-scan Manual

Security scanner for MCP server configurations. Like npm audit, but for your AI agent tool servers. Finds risky tools, input validation gaps, transport vulnerabilities, and over-permissioned capability chains. Open source, zero dependencies.

Open the full manual
  1. https://github.com/decoy-run/decoy-scan Project Manual
  2. Table of Contents
  3. Introduction and Getting Started
  4. Related Pages
  5. Purpose and Scope
  6. Prerequisites and Installation
  7. Scan Workflow
  8. Interpreting Output and Exit Codes
1

Introduction and Getting Started

Related topics: System Architecture and Source Modules, CLI, GitHub Action, and Library API

Source: https://github.com/decoy-run/decoy-scan / Human Manual
2

System Architecture and Source Modules

Related topics: Introduction and Getting Started, Security Checks, Patterns, and Detection Rules

Source: https://github.com/decoy-run/decoy-scan / Human Manual
3

Security Checks, Patterns, and Detection Rules

Related topics: System Architecture and Source Modules, CLI, GitHub Action, and Library API

Source: https://github.com/decoy-run/decoy-scan / Human Manual
4

CLI, GitHub Action, and Library API

Related topics: Introduction and Getting Started, Security Checks, Patterns, and Detection Rules

Source: https://github.com/decoy-run/decoy-scan / Human Manual
5

Doramagic Pitfall Log

Source-linked risks stay visible on the manual page so the preview does not read like a recommendation.

Source: Doramagic discovery, validation, and Project Pack records

06

AI Context Pack and portable assets

After deciding to continue, take the project context into your own AI host.

Complete pack plus user-owned assets

These files are planning and verification assets for Claude Code, Codex, Gemini, Cursor, ChatGPT, and other AI hosts.

07

Preflight checks

Treat this page as a planning asset, not proof that your local environment is ready.

08

Pitfall Log and verification risks

Doramagic surfaces high-risk items before users treat a candidate capability as verified.
medium

Configuration risk requires verification

May increase setup, validation, or first-run risk for the user.

medium

Capability evidence risk requires verification

May increase setup, validation, or first-run risk for the user.

medium

Maintenance risk requires verification

May increase setup, validation, or first-run risk for the user.

medium

Security or permission risk requires verification

May increase setup, validation, or first-run risk for the user.

medium

Security or permission risk requires verification

May increase setup, validation, or first-run risk for the user.

low

Maintenance risk requires verification

May increase setup, validation, or first-run risk for the user.

low

Maintenance risk requires verification

May increase setup, validation, or first-run risk for the user.