decoy-run/decoy-scan

Decoy-scan is a very early-stage (23 days old, 0 stars) security utility targeting the nascent Model Context Protocol (MCP) ecosystem. While it addresses a legitimate emerging need—securing the 'tool' interfaces that LLM agents use—it lacks any technical or market moat. The project is currently a thin wrapper around configuration linting rules. The 'zero dependencies' claim suggests a simple rule-based engine that is easily reproducible. The primary risk is that Anthropic (the creator of MCP) or major tool registries like Smithery.ai are incentivized to build native security/linting capabilities directly into their platforms. If MCP achieves mass adoption, a 'mcp-audit' command is a high-probability feature for the official SDK, which would immediately displace this project. Current traction is non-existent, making it a speculative tool rather than a defensible product.