What Is Aescut?

AI agents are unusually sensitive install surfaces. A prompt bundle or MCP server can inherit the same filesystem, network, shell, and secret access that your coding agent already has. That means "just try it" is a poor security model.

Aescut exists to make that decision legible. The registry records what a tool is, who maintains it, what permissions it needs, how it is reviewed, and whether there are staleness or supply-chain warnings you should care about before enabling it.

• A public website for browsing reviewed entries and maintainers.
• A machine-readable catalog for teams that want to build internal checks or sync registry data into their own systems.
• A read-only MCP server so agents can query the registry at runtime before recommending or using a tool.
• A small installer package that helps users wire the Aescut MCP into their preferred client without hardcoding one host forever.

Yes. The content is published under CC BY-SA 4.0, which is why you can reuse the catalog as long as you attribute Aescut and share derivative data under the same terms.

The important nuance is that "current" is not just about freshness timestamps. Aescut also tracks whether a repository has moved since the last review, because a tool that changed after a review is not equivalent to a tool that is still pinned to the audited commit.