MistEye Security Gate

Core Rules

• Single detection endpoint: POST https://app-api.misteye.io/functions/v1/detect
• Single authentication method: the x-api-key request header (the MISTEYE_API_KEY environment variable is recommended)
• Official docs: https://app.misteye.io/api-docs
• Currently available detection types: ip, ip:port, domain, url, email, file_hash, md5, sha1, sha256, package:npm, package:pypi, package:nuget, package:rubygems, package:go, package:cratesio
• Types officially marked as Coming Soon (for example repo:*, extension:*, ai-tool:*, mobile-app:*) must not be used as the sole basis for a hard gate
• Highest-priority scenarios: dependency installation pre-checks, and domain or URL access pre-checks
• In Skill/MCP installation scenarios, only inspect "dependency-installation related objects" and do not classify the Skill/MCP itself as malicious
• First step of daily patrol: check whether the upstream repository has a new version, and strongly remind the user when one is found
• Daily patrol must include "scanning the dependencies of installed Skill/MCP items" (this is mandatory, not optional)
• Before any external request during daily patrol, a network reachability pre-check must be performed first (for app-api.misteye.io and raw.githubusercontent.com)
• Daily patrol must also perform an MISTEYE_API_KEY credential pre-check; never hardcode the API key in cron payloads or messages

Trigger Rules (Prevent Missed Checks)

If any of the following appear, MistEye detection must be performed before answering the main request: