brandguard
Scans npm, PyPI, and GitHub for typosquatting and brand impersonation, risk-scores findings, and drafts takedown notices.
README
brandguard š”ļø
Brand impersonation & typosquat monitor for AI agents and brand owners.
Feed brandguard a brand or product name and it scans npm, PyPI and GitHub for packages and repos that typosquat or impersonate you ā each risk-scored ā plus a ready-to-review takedown / trademark-notice draft.
brandguard reports from public sources. It does not file claims on anyone's behalf and is not a law firm or your agent. The takedown notice is a draft for the rights-holder to review, complete and file themselves.
Live: https://brandguard.djrorrok.workers.dev
Why an agent can't do this alone (the moat)
An LLM coding/brand agent, on its own, doesn't know:
- the typosquat surface of a name (omissions, doubling, homoglyphs
oā0 lā1, deceptive-js/-sdk/-officialaffixes); - which listings across three registries actually exist right now;
- how to separate the real brand / legit integrations (own npm scope, high adoption, third-party org scopes like
@types/*) from parked squats ā without crying wolf.
brandguard does the cross-registry lookups and the calibrated scoring so the
verdict is trustworthy: LIKELY_ABUSE is only raised with a signal beyond
the name match (a "this is the official X" claim, or a parked-squat download
pattern). Bare name matches are SUSPECT ā human review, never a false accusation.
Use it
Free HTTP API
GET /scan?brand=acme&official=acme-inc # top 5 findings, risk-scored (npm + PyPI)
MCP (over HTTP)
POST /mcp ā tools: scan_brand, draft_takedown.
Pay-per-call (x402) ā full scan + takedown drafts
GET /pro/scan?brand=acme&official=acme-inc # 402 -> pay $0.15 USDC (Base) -> full report + drafts
Settles in USDC on Base via x402. No sign-up, no API key.
Sources (all public / ToS-compliant)
- npm public registry search + downloads API
- PyPI JSON API
- GitHub Search API (server-side token)
Develop / deploy
node src/test.mjs # unit + live tests
npx wrangler deploy # Cloudflare Worker
MIT. Not legal advice.
Recommended Servers
playwright-mcp
A Model Context Protocol server that enables LLMs to interact with web pages through structured accessibility snapshots without requiring vision models or screenshots.
Magic Component Platform (MCP)
An AI-powered tool that generates modern UI components from natural language descriptions, integrating with popular IDEs to streamline UI development workflow.
Audiense Insights MCP Server
Enables interaction with Audiense Insights accounts via the Model Context Protocol, facilitating the extraction and analysis of marketing insights and audience data including demographics, behavior, and influencer engagement.
VeyraX MCP
Single MCP tool to connect all your favorite tools: Gmail, Calendar and 40 more.
graphlit-mcp-server
The Model Context Protocol (MCP) Server enables integration between MCP clients and the Graphlit service. Ingest anything from Slack to Gmail to podcast feeds, in addition to web crawling, into a Graphlit project - and then retrieve relevant contents from the MCP client.
Kagi MCP Server
An MCP server that integrates Kagi search capabilities with Claude AI, enabling Claude to perform real-time web searches when answering questions that require up-to-date information.
E2B
Using MCP to run code via e2b.
Neon Database
MCP server for interacting with Neon Management API and databases
Exa Search
A Model Context Protocol (MCP) server lets AI assistants like Claude use the Exa AI Search API for web searches. This setup allows AI models to get real-time web information in a safe and controlled way.
Qdrant Server
This repository is an example of how to create a MCP server for Qdrant, a vector search engine.