{"id":"pantheon-security-medusa","name":"medusa","homepage":"https://pantheonsecurity.io","repo_url":"https://github.com/Pantheon-Security/medusa","category":"security","subcategories":[],"tags":["security","sast","ai-security","llm-security","prompt-injection","mcp","agent-security","supply-chain","cve","cli","python"],"what_it_does":"MEDUSA is an open-source (Python) AI-first security scanner/CLI that detects vulnerabilities and insecure patterns in traditional code as well as AI/ML and agent/LLM application artifacts (including prompt-injection style rules, RAG pipeline risks, MCP server configurations, and repo poisoning via editor/agent configuration files). It also supports scanning local directories and (optionally) cloning/scanning GitHub repos via a --git flag, producing reports in multiple formats (JSON/HTML/Markdown/SARIF).","use_cases":["Scanning repositories for AI supply-chain attacks (e.g., poisoned editor/agent configs) using CLI","Pre-commit/CI security checks for LLM/agent projects (prompt injection, tool poisoning, MCP config risks, RAG issues)","Detecting known CVEs mapped to AI/agent ecosystems (e.g., Log4Shell and related categories) via pattern rules","Generating CI-friendly machine-readable SARIF/JSON reports for security workflows","Baseline SAST for many languages using built-in analyzer integrations and optional external linters"],"not_for":["Runtime vulnerability validation (it is primarily static/pattern-based scanning of code/configs)","Being used as the sole authority for incident response or exploitation attempts without corroborating evidence","Use as a hosted SaaS (based on provided data, it is distributed as a local CLI tool)"],"best_when":"You need automated, repeatable static analysis of both code and AI/agent-related artifacts before deployment, especially in CI pipelines for ML/LLM projects and repos with MCP/tooling configurations.","avoid_when":"You require guarantees equivalent to dynamic testing, or you cannot tolerate false positives/heuristics inherent to static pattern scanning without review and tuning.","alternatives":["Semgrep (rule-based static analysis with CI integration)","Bandit/CodeQL/Semantic SAST tools for traditional SAST","Trivy (secret/container scanning where applicable)","Gitleaks (secret scanning)","Custom policy scanners for AI/LLM artifacts (in-house rules)","Other SAST/LSA tools supporting SARIF exports"],"af_score":45.2,"security_score":32.5,"reliability_score":32.5,"package_type":"mcp_server","discovery_source":["github"],"priority":"high","status":"evaluated","version_evaluated":null,"last_evaluated":"2026-03-30T13:38:56.152479+00:00","interface":{"has_rest_api":false,"has_graphql":false,"has_grpc":false,"has_mcp_server":false,"mcp_server_url":null,"has_sdk":false,"sdk_languages":[],"openapi_spec_url":null,"webhooks":false},"auth":{"methods":[],"oauth":false,"scopes":false,"notes":"No authentication mechanism is described because MEDUSA is presented as a local CLI scanner. A --git option implies Git clone access to public repositories; no token/auth flow details are provided in the supplied README/manifest."},"pricing":{"model":null,"free_tier_exists":false,"free_tier_limits":null,"paid_tiers":[],"requires_credit_card":false,"estimated_workload_costs":null,"notes":"No hosted pricing is described; distribution appears as an installable Python package."},"requirements":{"requires_signup":false,"requires_credit_card":false,"domain_verification":false,"data_residency":[],"compliance":[],"min_contract":null},"agent_readiness":{"af_score":45.2,"security_score":32.5,"reliability_score":32.5,"mcp_server_quality":0.0,"documentation_accuracy":65.0,"error_message_quality":0.0,"error_message_notes":null,"auth_complexity":95.0,"rate_limit_clarity":0.0,"tls_enforcement":10.0,"auth_strength":20.0,"scope_granularity":20.0,"dependency_hygiene":70.0,"secret_handling":55.0,"security_notes":"Runs locally as a CLI; no server-side auth model is described. For network/remote scanning, TLS requirements and secret-safety behaviors are not documented in the provided content. Dependencies include common libraries (requests/urllib3/defusedxml/psutil/pyyaml); using defusedxml is a positive signal against XML-related attacks, but overall dependency CVE status and secret-handling/logging behavior are not verifiable from the provided text.","uptime_documented":0.0,"version_stability":55.0,"breaking_changes_history":40.0,"error_recovery":35.0,"idempotency_support":"true","idempotency_notes":"Scanning a local directory is expected to be idempotent given stable inputs; README mentions caching and options like --quick/--force, suggesting repeatable results. No explicit idempotency guarantees are documented for remote --git cloning.","pagination_style":"none","retry_guidance_documented":false,"known_agent_gotchas":["Static scanning can produce false positives; agents should review outputs and possibly tune configuration via .medusa.yml.","Remote repo scanning via --git may depend on network access/clone permissions; agents may need to handle transient network failures.","Optional external linters are environment-dependent; results may vary based on installed tooling."]}}