servers, commands, env keys
Gemma 4 install review
Review this tool before you add it
Paste a GitHub repo. See the install call before an agent touches shell, files, browser, or secrets.
- Fetching repo
- Scanning config
- Reviewing install posture
Paste link
Run scan
$ agent-surface-map
read-only scan
Loading...
read-only local scan + Gemma 4 review
--
Evidence in. Install call out.
Gemma reads the redacted map and returns the posture plus agent constraints.
Paste repo -> review risk -> copy constraints.
scan_github_tool(url) -> install_context -> safe agent constraints
Install-facing signals
terminal and process paths
automation and profile reuse
local paths and mounts
secret names, values redacted
repo-controlled prompts
Common MCP installs to review before adding
Templates for comparison only.
Core review
Gemma 4 install verdict
Install posture pending
Waiting on report.
Loading report...
Loading comparison...
Top Risks
Hardening Plan
Copy install context
Waiting on scan.
Top risk signals
The three signals that matter most right now.
What the tool can access
Commands, args, and env key names found in config.
Why we flagged it
Source snippets and the safer workflow to use.