Gemma 4 install review

Review this tool before you add it

Paste a GitHub repo. See the install call before an agent touches shell, files, browser, or secrets.

Paste link Run scan
$ agent-surface-map read-only scan
Proposed capability Loading...
Review mode read-only local scan + Gemma 4 review
Risk score --
Why Gemma 4

Evidence in. Install call out.

Gemma reads the redacted map and returns the posture plus agent constraints.

Workflow integration

Paste repo -> review risk -> copy constraints.

scan_github_tool(url) -> install_context -> safe agent constraints
What gets checked

Install-facing signals

read-only
MCP config

servers, commands, env keys

Shell access

terminal and process paths

Browser sessions

automation and profile reuse

Filesystems

local paths and mounts

Credentials

secret names, values redacted

Agent instructions

repo-controlled prompts

Example MCP reviews

Common MCP installs to review before adding

Templates for comparison only.

8 templates
Core review

Gemma 4 install verdict

Install posture pending Waiting on report.

Loading report...

Static scan vs model judgment

Loading comparison...

Top Risks

    Hardening Plan

      Copy install context

      Waiting on scan.
      Why the score moved

      Top risk signals

      The three signals that matter most right now.

      Access

      What the tool can access

      Commands, args, and env key names found in config.

      0 servers
      Evidence

      Why we flagged it

      Source snippets and the safer workflow to use.

      0 findings