polygraph.so
Login
A

npm/nocturnusai-mcp

graded version 0.3.13 · litmus-v11 · 2026-07-02

Adoption 25/100 · 230 npm/mo · as of 2026-07-04

C-01 Tool-output injection
pass
C-02 Permission / egress overreach
pass
C-03 Sensitive-data handling
pass
C-04 Adversarial-input handling
pass

tool-defs fingerprint · 0x6ec5f6…ede86

Why A: All four categories passed. No injection, no data leak, no egress overreach, and adversarial inputs were handled cleanly (A means no overreach, not no network).

Watch for new-version regrades

This grade is a snapshot of 0.3.13. Get an email when npm/nocturnusai-mcp ships a new version and polygraph re-runs the litmus on it — one message per new version, one-click unsubscribe.

Monitor this server

Adoption signals

The 25 / 100 adoption score blends the raw signals below — downloads, stars, dependents and release velocity — normalized across every tracked server. It measures reach, not safety; the litmus grade is the safety verdict. See the methodology.

npm downloads (30d)
230
GitHub stars
2
Forks
0
Contributors
3
Dependents (deps.dev)
0
Last published
2026-04-17

Reproduce this grade

The harness is open and deterministic. Re-run it against the same server and compare the grade and fingerprint — a false grade is falsifiable, not merely disputable.

npx -p @polygraphso/litmus polygraphso-litmus npm/nocturnusai-mcp

Embed this badge

Drop it in a README, docs site, or package page. It always shows the current published grade and links back here.

polygraph grade A
Markdown — badge
[![polygraph](https://polygraph.so/api/badge?server=npm/nocturnusai-mcp)](https://polygraph.so/mcp/npm/nocturnusai-mcp)
HTML — badge
<a href="https://polygraph.so/mcp/npm/nocturnusai-mcp"><img src="https://polygraph.so/api/badge?server=npm/nocturnusai-mcp" alt="polygraph grade"></a>
Markdown — card
[![polygraph](https://polygraph.so/api/badge/card?server=npm/nocturnusai-mcp)](https://polygraph.so/mcp/npm/nocturnusai-mcp)

Questions

What does polygraph's A grade mean for npm/nocturnusai-mcp?
It’s a behavioral grade on an A–F scale. polygraph connected to npm/nocturnusai-mcp the way an agent would, exercised its tools, and watched what it did — whether it tried to hijack the caller, send data off-box, leak planted secrets, or mishandle adversarial input. A is where that evidence placed it. It describes behavior on the day it ran, not a guarantee.
What did polygraph test?
Four probe categories, run against the live server in a sandbox: C-01 tool-output injection, C-02 permission and egress overreach, C-03 sensitive-data handling, and C-04 adversarial-input handling. The full battery is in the methodology.
How do I reproduce this grade?
Run npx -p @polygraphso/litmus polygraphso-litmus npm/nocturnusai-mcp. The harness is open and deterministic, so anyone can re-run it against the same server and disprove a false grade — reproducibility is what the grade rests on.
Can a server pay polygraph for a better grade?
No. Independence is disclosure-based: material support must be publicly registered, and no graded party gets review or approval rights over its letter. The grade is set by the evidence, not the relationship.