Documentation

Everything you need to know about using ClineTools, submitting tools, and integrating with your workflow.

What is ClineTools?

ClineTools is a curated directory of security-verified tools for Claude Code and other AI coding assistants. Every tool in our directory has been through a rigorous 4-phase security audit to ensure it's safe for your codebase.

Tool Directory

Browse verified MCP servers, extensions, and libraries with security ratings and detailed reports.

Tutorials

Step-by-step guides from beginner to advanced, covering setup, MCP servers, security, and production workflows.

Security Reports

Transparent audit reports showing exactly what we tested and what we found for every listed tool.

Quick Start

Getting started with ClineTools takes just a few steps:

  1. Browse the Tool Directory — Find tools filtered by category, rating, or search
  2. Check the security rating — Each tool has an A+ to C rating based on our audit
  3. Read the audit report — Understand exactly what we tested and found
  4. Install with confidence — Follow the tool's installation instructions knowing it's been vetted

Browsing Tools

The tool directory supports several ways to find what you need:

  • Category filters — MCP Servers, Extensions, Libraries, Security, Productivity
  • Search — Type any keyword to filter tools by name or description
  • Security rating — Filter by minimum security grade

Understanding Ratings

Our security ratings are based on the 4-phase audit detailed on the Security Reports page:

  • A+ — Excellent. Passes all checks, minimal attack surface, fully open source
  • A — Good. Passes critical checks, minor notes, well-maintained
  • B — Acceptable. Passes critical checks but has improvement areas
  • C — Caution. Notable concerns, listed with warnings

Note: Tools rated below C are not listed in our directory. We only list tools we'd be comfortable using ourselves.

Using Tools

Most tools in our directory are MCP servers. To use them with Claude Code:

{
  "mcpServers": {
    "tool-name": {
      "command": "npx",
      "args": ["-y", "@package/mcp-server"]
    }
  }
}

Add this configuration to your Claude Desktop config or Claude Code settings. Each tool page includes specific installation instructions.

Tool Categories

  • MCP Servers — Model Context Protocol servers that extend Claude's capabilities
  • Extensions — IDE extensions and plugins for AI-assisted development
  • Libraries — Code libraries for building AI-powered applications
  • Security — Tools focused on security scanning, auditing, and protection
  • Productivity — Workflow automation and efficiency tools

Submit a Tool for Review

We welcome tool submissions from the community. To submit a tool for our security review:

  1. Visit the Contact page and select "Tool Submission"
  2. Provide the tool name, repository URL, and a brief description
  3. Our team will acknowledge receipt within 48 hours
  4. The full review process typically takes 1-2 weeks
  5. You'll receive the audit report and listing decision by email

Open source preferred: We strongly prefer open-source tools because we can verify the source code directly. Closed-source tools undergo additional scrutiny.

Review Process

Every submitted tool goes through our 4-phase security verification:

  1. Phase 1: Code Analysis — Static review of source code
  2. Phase 2: Sandbox Testing — Runtime behavior monitoring
  3. Phase 3: Attack Simulation — Active exploitation attempts
  4. Phase 4: Ongoing Monitoring — Continuous watching after listing

Badge Program

Tools that pass our verification receive the ClineTools Verified badge, which they can display on their repository and documentation. The badge includes the security rating and links back to the full audit report.

Security Methodology

For full details on our security verification process, see the Security Reports page. Our methodology covers:

  • Command injection prevention
  • Prompt injection resistance
  • Path traversal protection
  • Data exfiltration detection
  • Dependency vulnerability scanning
  • Network request analysis
  • Permission scope audit
  • Code execution sandboxing

Reporting Security Issues

If you discover a security issue with any tool listed on ClineTools:

  1. Do not publicly disclose the vulnerability
  2. Email security@clinetools.com with details
  3. Include: tool name, description of the issue, steps to reproduce
  4. We will acknowledge within 24 hours and begin investigation

Urgent issues: If you believe a listed tool is actively compromised or malicious, email us immediately and we will delist it within hours pending investigation.