Labsco
214070779 logo

Code Security Scanner

β˜… 1

from 214070779

MCP Server for local code security scanning - detects secrets, vulnerable dependencies, and insecure code patterns

πŸ”₯πŸ”₯πŸ”₯βœ“ VerifiedFreeQuick setup

Code Security Scanner MCP Server

Scan your local codebase for security vulnerabilities, hardcoded secrets, and insecure coding patterns β€” all from your AI assistant via MCP (Model Context Protocol).

Features

πŸ”‘ Secrets Detection (24+ patterns)

  • AWS Access Keys & Secret Keys
  • GitHub tokens (personal, OAuth, app)
  • Stripe API keys (live/test)
  • Slack tokens & webhooks
  • Google Cloud / Firebase credentials
  • Database connection strings
  • JWT tokens & private keys (RSA, DSA, EC)
  • npm auth tokens, Telegram bot tokens, SendGrid API keys
  • Generic API keys & password assignments

πŸ“¦ Dependency Vulnerability Scanning

Automatically detects and parses:

  • package.json (npm/yarn/pnpm)
  • requirements.txt, Pipfile, pyproject.toml (Python)
  • go.mod (Go)
  • Cargo.toml (Rust)
  • pom.xml, build.gradle (Java)

Checks against a built-in database of 45+ CVEs across JavaScript, Python, Java, Go, and Rust ecosystems.

πŸ›‘οΈ Insecure Code Pattern Detection

  • SQL Injection: String concatenation in queries, raw SQL builders
  • XSS: innerHTML, dangerouslySetInnerHTML, v-html
  • Command Injection: os.system, subprocess shell=True, eval/exec, child_process.exec
  • Path Traversal: Unsanitized file paths
  • Insecure Deserialization: pickle, yaml.load, marshal
  • Configuration Issues: Debug mode, CORS wildcard, hardcoded JWT secrets
  • Information Leakage: Stack trace exposure, directory listing

Tools

ToolDescription
scan_secretsScan for hardcoded API keys, tokens, and passwords
scan_dependenciesCheck dependencies against known vulnerability database
scan_code_patternsDetect SQLi, XSS, command injection, and other patterns
scan_fileComprehensive scan of a single file (secrets + code patterns)
scan_directoryFull project audit (secrets + dependencies + code patterns)

Supported Platforms

Development

# Clone and install
git clone https://github.com/214070779/code-scanner-mcp.git
cd code-scanner-mcp
pip install mcp pydantic

# Run tests
python3 -c "from server import mcp; print('OK:', list(mcp._tool_manager._tools.keys()))"

# Run with inspector
npx @modelcontextprotocol/inspector python3 server.py