Hound FAQs

Question 1

What is the 'Hound Score' and what does it measure?

Accepted Answer

The 'Hound Score' is a comprehensive 0–100 risk assessment that combines multiple factors: vulnerability severity (40 pts), OpenSSF Scorecard data (25 pts), release recency (20 pts), and license risk (15 pts). It provides a quick letter grade (A–F) and a detailed breakdown for any package.

Question 2

What is Hound and how does it help AI coding agents?

Accepted Answer

Hound is a free, open-source MCP server that provides AI coding agents with essential supply chain security insights. It scans software packages and their dependencies for vulnerabilities, security risks, and license compliance, empowering AI to make safer coding decisions.

Question 3

Does Hound require API keys or accounts to use?

Accepted Answer

No. Hound is designed for 'zero API keys, zero config, and zero cost'. It exclusively uses public, unauthenticated APIs like deps.dev (Google Open Source Insights) and OSV.dev (Google Open Source Vulnerabilities) for all its data.

Question 4

What types of security and compliance checks can Hound perform?

Accepted Answer

Hound offers comprehensive checks including scanning for package vulnerabilities with fix suggestions, inspecting license compliance, detecting potential typosquatting attacks, analyzing full dependency trees, and computing a combined 'Hound Score' for overall package risk.

Question 5

Which AI clients and package ecosystems does Hound support?

Accepted Answer

Hound integrates seamlessly with various AI clients such as Claude Code, Claude Desktop, Cursor, Windsurf, and VS Code (Copilot). It supports major ecosystems like npm, PyPI, Go, Maven, Cargo (Rust), NuGet (.NET), and RubyGems.

Hound

Hound

主な機能

ユースケース

主な機能

ユースケース