AI signals · VDB

🪤

Slopsquatting candidates — names attackers will target next

What is it?: A database of package names that multiple LLMs repeatedly hallucinate, combined with a realtime npm/PyPI/crates/Go registry probe. Catches both "already in our DB" and "freshly registered suspect".
How do I use it?: Paste an LLM's package suggestions into the bulk checker on the page, one per line. Or call POST /v1/ai/check-packages from your own AI pipeline. Wire up the MCP server and your agent validates recommendations automatically before installing.
Why does it matter?: Following AI coding suggestions blindly means installing names that don't exist, or names that an attacker has already squatted on. Slop is targeting intel — it tells you which names attackers will register next.

🔌

What is it?: A registry of community MCP servers with their declared scopes (file R/W, network, exec), trust tier, and known security advisories. Four tiers: official / partner / community / unverified.
How do I use it?: Before adding an MCP server to Claude Desktop / Cursor / Continue, look it up here to confirm scope and trust. Use the IDs as a whitelist when defining allowed servers in a corporate setting.
Why does it matter?: MCP servers can run arbitrary code inside your IDE/agent. A server with file + network + exec scopes is effectively RCE — installing one is a trust decision. Run unverified servers in a container or VM at minimum.