Big News: Socket raises $60M Series C at a $1B valuation to secure software supply chains for AI-driven development.Announcement
Sign In

@morphllm/morph-setup

Package Overview
Dependencies
Maintainers
2
Versions
35
Alerts
File Explorer

Advanced tools

License
Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

@morphllm/morph-setup

Install Morph MCP and bundled skills onto coding agents

Source
npmnpm
Version
1.0.23
Version published
Weekly downloads
911
13.59%
Maintainers
2
Weekly downloads
 
Created
Source

@morphllm/morph-setup

One-line installer for Morph MCP and bundled skills. Also includes a2a-review, which creates an AI "twin" that reviews PRs in your style.

Install

npx -y @morphllm/morph-setup

The CLI will guide you through selecting which apps to install to.

With API Key

npx -y @morphllm/morph-setup --morph-api-key <your-key>

Or set the environment variable:

MORPH_API_KEY=<your-key> npx -y @morphllm/morph-setup

Non-interactive

npx -y @morphllm/morph-setup -y

a2a-review: Agent Twin Code Review

Set up an AI twin that reviews PRs using your coding preferences, learned from your CLAUDE.md files.

Quick start

npx -y @morphllm/morph-setup --morph-api-key <your-key> --a2a-review

The CLI will:

  • Verify your API key
  • Auto-detect your GitHub username (from gh CLI or git config)
  • Scan for CLAUDE.md files (global, project, and agent definitions)
  • Sanitize content (strips API keys, replaces absolute paths)
  • Upload to generate a review personality via Anthropic

Non-interactive mode

All arguments can be passed explicitly to skip prompts:

npx -y @morphllm/morph-setup \
  --morph-api-key sk-... \
  --a2a-review \
  --github-username octocat \
  --claude-md ~/.claude/CLAUDE.md ./CLAUDE.md

File scanning

When --claude-md is not provided, the CLI scans automatically:

  • ~/.claude/CLAUDE.md (global config, highest priority)
  • <cwd>/CLAUDE.md and parent directories (walks up to root)
  • ~/.claude/**/CLAUDE.md (recursive, any nested CLAUDE.md)
  • ~/.claude/**/agents/*.md (agent definition files)

Skipped directories: plans, cache, skills, plugins, memory, worktrees, node_modules, .git

Combined content is truncated at ~100k tokens if it exceeds the limit.

Options

FlagDescription
--a2a-reviewEnter a2a-review setup mode
--github-username <name>GitHub username (skips auto-detection)
--claude-md <paths...>Explicit CLAUDE.md file paths (skips auto-scan)
--morph-api-key <key>Morph API key (or set MORPH_API_KEY env var)

What it generates

A ~500-word review personality profile covering:

  • Code review priorities (correctness, performance, security, readability)
  • Strictness level and what they consider nitpicky vs important
  • Communication style (direct, explanatory, socratic)
  • Language/framework expertise
  • Red flags they focus on

This personality is injected into the system prompt when the twin reviews PRs, steering its focus areas and tone to match the developer.

Invite your team

Each developer runs the CLI with their own API key:

npx -y @morphllm/morph-setup --morph-api-key <THEIR_KEY> --a2a-review

Manage twins at: https://morphllm.com/dashboard/integrations/github

License

MIT

Keywords

cli
agent-skills
skills
ai-agents
amp
antigravity

FAQs

Package last updated on 02 May 2026

Did you know?

Socket

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Install

Related posts

npm Tooling Bug Incorrectly Marks One-Character Packages as Security Holders

Security News

npm Tooling Bug Incorrectly Marks One-Character Packages as Security Holders

npm confirmed a tooling bug incorrectly marked several one-character packages as security holders and said it was working on a rollback.

By Sarah Gooding  -  Jun 09, 2026