Code Security Scanner

MCP Server for local code security scanning - detects secrets, vulnerable dependencies, and insecure code patterns

Code Security Scanner MCP Server

Scan your local codebase for security vulnerabilities, hardcoded secrets, and insecure coding patterns — all from your AI assistant via MCP (Model Context Protocol).

Features

🔑 Secrets Detection (24+ patterns)

AWS Access Keys & Secret Keys
GitHub tokens (personal, OAuth, app)
Stripe API keys (live/test)
Slack tokens & webhooks
Google Cloud / Firebase credentials
Database connection strings
JWT tokens & private keys (RSA, DSA, EC)
npm auth tokens, Telegram bot tokens, SendGrid API keys
Generic API keys & password assignments

📦 Dependency Vulnerability Scanning

Automatically detects and parses:

package.json (npm/yarn/pnpm)
requirements.txt, Pipfile, pyproject.toml (Python)
go.mod (Go)
Cargo.toml (Rust)
pom.xml, build.gradle (Java)

Checks against a built-in database of 45+ CVEs across JavaScript, Python, Java, Go, and Rust ecosystems.

🛡️ Insecure Code Pattern Detection

SQL Injection: String concatenation in queries, raw SQL builders
XSS: innerHTML, dangerouslySetInnerHTML, v-html
Command Injection: os.system, subprocess shell=True, eval/exec, child_process.exec
Path Traversal: Unsanitized file paths
Insecure Deserialization: pickle, yaml.load, marshal
Configuration Issues: Debug mode, CORS wildcard, hardcoded JWT secrets
Information Leakage: Stack trace exposure, directory listing

Tools

Tool	Description
`scan_secrets`	Scan for hardcoded API keys, tokens, and passwords
`scan_dependencies`	Check dependencies against known vulnerability database
`scan_code_patterns`	Detect SQLi, XSS, command injection, and other patterns
`scan_file`	Comprehensive scan of a single file (secrets + code patterns)
`scan_directory`	Full project audit (secrets + dependencies + code patterns)

Quick Start

Prerequisites

Python 3.11+
pip install mcp pydantic

Run with MCP Inspector

git clone https://github.com/214070779/code-scanner-mcp.git
cd code-scanner-mcp
pip install mcp pydantic
npx @modelcontextprotocol/inspector python3 server.py

Configure in your AI Client

Add to your MCP settings:

{
  "mcpServers": {
    "code-scanner": {
      "command": "python3",
      "args": ["/path/to/code-scanner-mcp/server.py"]
    }
  }
}

Example Usage

"Scan my project for security issues" → AI calls scan_directory(path="./my-project")

"Check this file for secrets before committing" → AI calls scan_file(path="./src/config.ts")

"Are there any vulnerable npm packages?" → AI calls scan_dependencies(path=".")

Supported Platforms

MCPize
Smithery
PulseMCP
MCP.so
All MCP-compatible AI clients

Development

# Clone and install
git clone https://github.com/214070779/code-scanner-mcp.git
cd code-scanner-mcp
pip install mcp pydantic

# Run tests
python3 -c "from server import mcp; print('OK:', list(mcp._tool_manager._tools.keys()))"

# Run with inspector
npx @modelcontextprotocol/inspector python3 server.py

License

MIT

Related Servers

Alpha Vantage MCP Server

sponsor

Access financial market data: realtime & historical stock, ETF, options, forex, crypto, commodities, fundamentals, technical indicators, & more

Devcontainers

Integrates with the devcontainers CLI to manage development containers. Requires Docker.

VoteShip

MCP server for VoteShip - manage feature requests, votes, roadmaps, and changelogs from any MCP client. 22 tools, 5 resources, 4 workflow prompts. Triage feedback, detect duplicates, plan sprints, and generate changelogs with AI.

TokRepo MCP Server

Search, install, and share AI skills, prompts, and MCP configs from a curated registry of 200+ assets via CLI or MCP protocol.

MCP Emulator Controller

Control emulators by opening/closing apps, capturing screenshots, and interacting with the screen.

MCP_Agent:RE

Fetches requirements and defect data from the TAPD platform to provide data support for AI clients.

Unimus MCP Server

A read-only server for the Unimus network configuration management system.

SilbercueSwift

iOS simulator automation MCP server — build, test, screenshot (20ms), UI interaction, logging, git. Direct WDA integration, no Appium overhead. 55 tools, Free + Pro tier.

Overleaf MCP Server

MCP Server for Overleaf (Latex)

Revit MCP

Interact with Autodesk Revit using the MCP protocol. This server provides AI tools and requires the corresponding Revit plugin to function.

Clelp MCP Server

Discover and rate 1,700+ MCP servers and AI agent skills with community ratings from real usage.