The SlowMist security team has released MistEye Security Gate, an open-source front-end security gateway for AI coding agents such as Claude Code, Cursor, and OpenAI GPT. It provides pre-execution security detection for dependency installation and domain access, targeting three core risk scenarios: supply chain poisoning, malicious external links, and third-party Skill/MCP installation. MistEye Security Gate ensures that high-risk operations (e.g., installing Python/Node.js/Go packages or visiting URLs) must pass a real-time threat intelligence check via the MistEye API before execution. If a malicious result is returned, the operation is hard-blocked. The system covers 15 detection types grouped into three categories: network and identity types (IP, domain, URL, email), file hashes (MD5, SHA1, SHA256), and supply chain packages (npm, PyPI, NuGet, RubyGems, Go, Crates.io). A blocking decision matrix enforces strict rules, defaulting to hard-block when detection fails. To address dynamic threats, MistEye also supports daily automated inspections that re-scan installed dependencies for newly discovered malicious items. The core workflow parses dependency declarations, generates detection tasks, calls the API, and outputs block/allow decisions. Coverage thresholds ensure every parsed dependency is independently checked. MistEye Security Gate is designed to cut off risks at the source, with support for false positive feedback via GitHub or official channels.

Key facts

• MistEye Security Gate is designed for AI coding agents like Claude Code, Cursor, and GPT.
• It blocks malicious dependency installs and external URLs before execution via API.
• Covers 15 detection types: IPs, domains, file hashes, and supply chain packages.
• Supports daily automated re-scan of installed dependencies for new threats.
• Defaults to hard-block when detection fails; can be bypassed manually after review.