io.github.Furowu/brokredatabases

brokre

Flagged

AI-safe credential broker for MCP — run saved SSH/MySQL/psql aliases; passwords never reach AI.

Our take

Self-propagating installer, confirmed in the published tarball: the npm postinstall script (setup-mcp.js) scans your machine for installed MCP-capable IDEs — Claude, VS Code, Cursor and others — and writes brokre into their MCP configs without asking, with only an opt-out env var. That is the exact consent-bypassing pattern we flag regardless of intent, and it's especially ironic in a product marketed as a security-minded credential broker that keeps passwords away from the AI. The underlying idea may be fine; the distribution behavior is not.

reviewed by hand · 2026-07-05

Something wrong or dead here? Report it

Verification record

last verified
yesterday
github stars
2
last commit
9 days ago
archived
no
license
MIT
downloads / wk
423
latest version
0.2.20
in registry since
2026-06-27

github.com/Furowu/brokre