API Overview
The brin REST API scores packages, web pages, repos, MCP servers, and skills with a single GET request. No auth, no signup, no SDK. Free.
the brin API scores any external context your agent might touch. no auth, no signup, no SDK.
##base URL
##entity types
brin scores 9 origin types across 6 context categories:
| Origin | Example |
|---|---|
npm | npm/express |
pypi | pypi/requests |
crate | crate/tokio |
repo | repo/expressjs/express |
domain | domain/example.com |
page | page/example.com/path |
mcp | mcp/owner/repo |
skill | skill/owner/repo |
##quick example
every response also includes headers for lightweight checks:
##verdicts
| Verdict | Meaning |
|---|---|
safe | proceed |
caution | review before using |
suspicious | likely malicious |
dangerous | do not use |
##new artifacts
if an artifact hasn't been scanned yet, brin returns a preliminary score immediately and queues a full 3-tier scan in the background. subsequent requests return the full result. pass a webhook to get notified when the scan finishes:
##safety tolerance
tolerance controls how the numeric score (0–100) maps to a verdict. the raw score never changes.
| Score | Conservative (default) | Lenient | Yolo |
|---|---|---|---|
| 80–100 | safe | safe | safe |
| 60–79 | caution | safe | safe |
| 50–59 | caution | caution | safe |
| 40–49 | suspicious | caution | safe |
| 20–39 | suspicious | suspicious | caution |
| 0–19 | dangerous | dangerous | suspicious |
##authentication
none. the API is public and free.
##rate limits
300 requests per minute per IP. contact us for higher limits.
##availability
if brin is unreachable, your agent keeps working as normal — zero downtime risk. brin is designed to sit in the critical path without becoming a single point of failure. all integrations fail open by default.
On this page