Dive is an open-source MCP Host Desktop Application that seamlessly integrates with any LLMs supporting function calling capabilities. ✨
# Add to your Claude Code skills
git clone https://github.com/OpenAgentPlatform/DiveLast scanned: 4/26/2026
{
"issues": [
{
"type": "npm-audit",
"message": "@aws-sdk/client-bedrock: Vulnerability found",
"severity": "high"
},
{
"type": "npm-audit",
"message": "@aws-sdk/client-sso: Vulnerability found",
"severity": "high"
},
{
"type": "npm-audit",
"message": "@aws-sdk/core: Vulnerability found",
"severity": "high"
},
{
"type": "npm-audit",
"message": "@aws-sdk/credential-provider-env: Vulnerability found",
"severity": "high"
},
{
"type": "npm-audit",
"message": "@aws-sdk/credential-provider-http: Vulnerability found",
"severity": "high"
},
{
"type": "npm-audit",
"message": "@aws-sdk/credential-provider-ini: Vulnerability found",
"severity": "high"
},
{
"type": "npm-audit",
"message": "@aws-sdk/credential-provider-node: Vulnerability found",
"severity": "high"
},
{
"type": "npm-audit",
"message": "@aws-sdk/credential-provider-process: Vulnerability found",
"severity": "high"
},
{
"type": "npm-audit",
"message": "@aws-sdk/credential-provider-sso: Vulnerability found",
"severity": "high"
},
{
"type": "npm-audit",
"message": "@aws-sdk/credential-provider-web-identity: Vulnerability found",
"severity": "high"
},
{
"type": "npm-audit",
"message": "@aws-sdk/middleware-user-agent: Vulnerability found",
"severity": "high"
},
{
"type": "npm-audit",
"message": "@aws-sdk/nested-clients: Vulnerability found",
"severity": "high"
},
{
"type": "npm-audit",
"message": "@aws-sdk/token-providers: Vulnerability found",
"severity": "high"
},
{
"type": "npm-audit",
"message": "@aws-sdk/util-user-agent-node: Vulnerability found",
"severity": "high"
},
{
"type": "npm-audit",
"message": "@chevrotain/cst-dts-gen: Vulnerability found",
"severity": "medium"
},
{
"type": "npm-audit",
"message": "@chevrotain/gast: Vulnerability found",
"severity": "medium"
},
{
"type": "npm-audit",
"message": "@electron/rebuild: Vulnerability found",
"severity": "high"
},
{
"type": "npm-audit",
"message": "@hono/node-server: @hono/node-server has authorization bypass for protected static paths via encoded slashes in Serve Static Middleware",
"severity": "high"
},
{
"type": "npm-audit",
"message": "@isaacs/brace-expansion: @isaacs/brace-expansion has Uncontrolled Resource Consumption",
"severity": "high"
},
{
"type": "npm-audit",
"message": "@mermaid-js/parser: Vulnerability found",
"severity": "medium"
},
{
"type": "npm-audit",
"message": "@modelcontextprotocol/sdk: @modelcontextprotocol/sdk has cross-client data leak via shared server/transport instance reuse",
"severity": "high"
},
{
"type": "npm-audit",
"message": "@remix-run/router: React Router vulnerable to XSS via Open Redirects",
"severity": "high"
},
{
"type": "npm-audit",
"message": "@smithy/config-resolver: AWS SDK for JavaScript v3 adopted defense in depth enhancement for region parameter value",
"severity": "low"
},
{
"type": "npm-audit",
"message": "@smithy/middleware-retry: Vulnerability found",
"severity": "medium"
},
{
"type": "npm-audit",
"message": "@xmldom/xmldom: xmldom: Uncontrolled recursion in XML serialization leads to DoS",
"severity": "high"
},
{
"type": "npm-audit",
"message": "ajv: ajv has ReDoS when using `$data` option",
"severity": "medium"
},
{
"type": "npm-audit",
"message": "app-builder-lib: Vulnerability found",
"severity": "high"
},
{
"type": "npm-audit",
"message": "brace-expansion: brace-expansion Regular Expression Denial of Service vulnerability",
"severity": "medium"
},
{
"type": "npm-audit",
"message": "chevrotain: Vulnerability found",
"severity": "medium"
},
{
"type": "npm-audit",
"message": "dmg-builder: Vulnerability found",
"severity": "high"
},
{
"type": "npm-audit",
"message": "dompurify: DOMPurify contains a Cross-site Scripting vulnerability",
"severity": "medium"
},
{
"type": "npm-audit",
"message": "electron: Electron: Context Isolation bypass via contextBridge VideoFrame transfer",
"severity": "high"
},
{
"type": "npm-audit",
"message": "electron-builder: Vulnerability found",
"severity": "high"
},
{
"type": "npm-audit",
"message": "electron-builder-squirrel-windows: Vulnerability found",
"severity": "high"
},
{
"type": "npm-audit",
"message": "fast-xml-parser: fast-xml-parser has RangeError DoS Numeric Entities Bug",
"severity": "critical"
},
{
"type": "npm-audit",
"message": "flatted: flatted vulnerable to unbounded recursion DoS in parse() revive phase",
"severity": "high"
},
{
"type": "npm-audit",
"message": "glob: glob CLI: Command injection via -c/--cmd executes matches with shell:true",
"severity": "high"
},
{
"type": "npm-audit",
"message": "hono: Hono JWK Auth Middleware has JWT algorithm confusion when JWK lacks \"alg\" (untrusted header.alg fallback)",
"severity": "high"
},
{
"type": "npm-audit",
"message": "immutable: Immutable is vulnerable to Prototype Pollution",
"severity": "high"
},
{
"type": "npm-audit",
"message": "js-yaml: js-yaml has prototype pollution in merge (<<)",
"severity": "medium"
},
{
"type": "npm-audit",
"message": "langium: Vulnerability found",
"severity": "medium"
},
{
"type": "npm-audit",
"message": "lodash: Lodash has Prototype Pollution Vulnerability in `_.unset` and `_.omit` functions",
"severity": "high"
},
{
"type": "npm-audit",
"message": "lodash-es: Lodash has Prototype Pollution Vulnerability in `_.unset` and `_.omit` functions",
"severity": "high"
},
{
"type": "npm-audit",
"message": "mdast-util-to-hast: mdast-util-to-hast has unsanitized class attribute",
"severity": "medium"
},
{
"type": "npm-audit",
"message": "mermaid: Vulnerability found",
"severity": "medium"
},
{
"type": "npm-audit",
"message": "minimatch: minimatch has a ReDoS via repeated wildcards with non-matching literal in pattern",
"severity": "high"
},
{
"type": "npm-audit",
"message": "patch-package: Vulnerability found",
"severity": "low"
},
{
"type": "npm-audit",
"message": "path-to-regexp: path-to-regexp vulnerable to Denial of Service via sequential optional groups",
"severity": "high"
},
{
"type": "npm-audit",
"message": "picomatch: Picomatch: Method Injection in POSIX Character Classes causes incorrect Glob Matching",
"severity": "high"
},
{
"type": "npm-audit",
"message": "postcss: PostCSS has XSS via Unescaped </style> in its CSS Stringify Output",
"severity": "medium"
},
{
"type": "npm-audit",
"message": "prismjs: PrismJS DOM Clobbering vulnerability",
"severity": "medium"
},
{
"type": "npm-audit",
"message": "qs: qs's arrayLimit bypass in comma parsing allows denial of service",
"severity": "medium"
},
{
"type": "npm-audit",
"message": "react-router: Vulnerability found",
"severity": "high"
},
{
"type": "npm-audit",
"message": "react-router-dom: Vulnerability found",
"severity": "high"
},
{
"type": "npm-audit",
"message": "react-syntax-highlighter: Vulnerability found",
"severity": "medium"
},
{
"type": "npm-audit",
"message": "refractor: Vulnerability found",
"severity": "medium"
},
{
"type": "npm-audit",
"message": "rollup: Rollup 4 has Arbitrary File Write via Path Traversal",
"severity": "high"
},
{
"type": "npm-audit",
"message": "tar: node-tar Vulnerable to Arbitrary File Creation/Overwrite via Hardlink Path Traversal",
"severity": "high"
},
{
"type": "npm-audit",
"message": "tmp: tmp allows arbitrary temporary file / directory write via symbolic link `dir` parameter",
"severity": "low"
},
{
"type": "npm-audit",
"message": "underscore: Underscore has unlimited recursion in _.flatten and _.isEqual, potential for DoS attack",
"severity": "high"
},
{
"type": "npm-audit",
"message": "uuid: uuid: Missing buffer bounds check in v3/v5/v6 when buf is provided",
"severity": "medium"
},
{
"type": "npm-audit",
"message": "vite: Vite Vulnerable to Path Traversal in Optimized Deps `.map` Handling",
"severity": "high"
},
{
"type": "npm-audit",
"message": "yaml: yaml is vulnerable to Stack Overflow via deeply nested YAML collections",
"severity": "medium"
}
],
"status": "FAILED",
"scannedAt": "2026-04-26T06:07:31.517Z",
"semgrepRan": false,
"npmAuditRan": true,
"pipAuditRan": true
}Dive is an open-source ai agents skill for AI coding assistants such as Claude Code, Codex CLI, and ChatGPT, built by OpenAgentPlatform. Dive is an open-source MCP Host Desktop Application that seamlessly integrates with any LLMs supporting function calling capabilities. ✨. It has 1,798 GitHub stars.
Dive failed SkillsLLM's automated security scan, which flagged one or more high-severity issues. Review the Security Report section carefully before using it.
Clone the repository with "git clone https://github.com/OpenAgentPlatform/Dive" and add it to your Claude Code skills directory (see the Installation section above).
Dive is primarily written in TypeScript. It is open-source under OpenAgentPlatform on GitHub, so you can review or fork the full source.
Yes. SkillsLLM lists many other AI Agents skills you can browse and compare side by side. Open the AI Agents category from the badge at the top of this page, or use the Related Skills and comparison links further down to weigh Dive against similar tools.
No comments yet. Be the first to share your thoughts!
Requires a passing catalog security scan. Resolve the flagged issues and resubmit to enable featuring.
Dive is an open-source MCP Host Desktop Application that seamlessly integrates with any LLMs supporting function calling capabilities. ✨

model_settings.json⚠️ Note: This feature is currently unstable and may require frequent re-authorization
| Platform | Electron | Tauri |
|---|---|---|
| Windows | ✅ | ✅ |
| macOS | ✅ | 🔜 |
| Linux | ✅ | ✅ |
Migration Note: Existing local MCP/LLM configurations remain fully supported. OAP integration is additive and does not affect current workflows.
Get the latest version of Dive:
Choose between two architectures:
Choose between two architectures:
--no-sandbox parameterchmod +x to make the AppImage executableparu -S dive-aiFor more detailed instructions, please see MCP Servers Setup.
The easiest way to get started! Access enterprise-grade MCP tools instantly:
Benefits:
See BUILD.md for more details.
We welcome contributions from the community! Here's how you can help:
git clone https://github.com/YOUR_USERNAME/Dive.gitnpm installnpm run dev (Electron) or cargo tauri dev (Tauri)Dive is open-source software licensed under the MIT License.