Agent Security Scanner

v2.0.1Securitystable

Security scanner MCP server for AI coding agents. Prompt injection firewall, package hallucination detection (4.3M+ packages), 1000+ vulnerability rules with AST & taint analysis, auto-fix.

agent-securityai-securityauto-fixclaude-codecline
Share:
102
Stars
0
Downloads
0
Weekly
0/5

What is Agent Security Scanner?

Agent Security Scanner is a Model Context Protocol (MCP) server that allows AI assistants like Claude, Cursor, and VS Code to security scanner mcp server for ai coding agents. prompt injection firewall, package hallucination detection (4.3m+ packages), 1000+ vulnerability rules with ast & taint analysis, auto-fix.

Security scanner MCP server for AI coding agents. Prompt injection firewall, package hallucination detection (4.3M+ packages), 1000+ vulnerability rules with AST & taint analysis, auto-fix.

This server falls under the Security category on MCPgee, the world's largest MCP server directory with 33,000+ servers.

Features

  • Security scanner MCP server for AI coding agents. Prompt inj

Use Cases

Prompt injection detection
Package hallucination prevention
Vulnerability and auto-fix
sinewaveai

Maintainer

LicenseMIT
Languagejavascript
Versionv2.0.1
UpdatedMay 19, 2026
Statushealthy
Maintenanceactive

Works with

ClaudeOpenAIwindowsmacoslinux

Installation

NPM

npx -y agent-security-scanner-mcp

Manual Installation

npx -y agent-security-scanner-mcp

Configuration

Configuration Details

Config File

claude_desktop_config.json

Performance

Response Metrics

Response Time< 200ms
ThroughputMedium

Resource Usage

Memory UsageLow
CPU UsageLow

How to Set Up and Use Agent Security Scanner

Agent Security Scanner is a zero-configuration MCP server that acts as a security firewall for AI coding agents, scanning code and agent actions in real time before they are executed. It provides over 1,700 vulnerability detection rules with AST and taint analysis across 12 languages, checks packages against a database of 4.3 million+ known packages to detect hallucinated imports, and includes 56 prompt-injection detection rules. Auto-fix templates for 120 common vulnerability patterns allow it to not just flag issues but also repair them, making it practical for CI pipelines, Cursor, Cline, Claude Code, and Codex workflows.

Prerequisites

  • Node.js 18.0.0 or higher
  • Python 3.x and the PyYAML package (required by the scanner engine)
  • An MCP-compatible AI coding client such as Claude Code, Cursor, Cline, or Windsurf
  • No API keys required for core scanning; LLM-powered code review requires a separate LLM API key
1

Install the scanner

Install globally via npm or use npx to run without a permanent install. The npx approach is simplest for one-off use.

npm install -g agent-security-scanner-mcp
2

Initialise for your MCP client

Run the init command to auto-configure the scanner for your specific client. It supports claude-code, claude-desktop, cursor, windsurf, cline, and more.

npx agent-security-scanner-mcp init claude-code
3

Create an optional project-level config

Add a .scannerrc.yaml file to your project root to suppress known-safe rules, exclude directories, and set the minimum severity threshold for reports.

version: 1
exclude:
  - "node_modules/**"
  - "dist/**"
severity_threshold: "warning"
context_filtering: true
4

Add to Claude Desktop config manually (if needed)

If the init command did not auto-configure your client, add the server to claude_desktop_config.json manually.

{
  "mcpServers": {
    "agent-security-scanner": {
      "command": "npx",
      "args": ["-y", "agent-security-scanner-mcp"],
      "env": {}
    }
  }
}
5

Run a full project scan

Ask your AI assistant to run a project-wide security audit, or invoke the scan_project tool directly via the CLI.

npx agent-security-scanner-mcp scan-security ./src --verbosity compact
6

Check package legitimacy

Before installing any AI-suggested package, verify it exists in the registry and is not a hallucinated name.

npx agent-security-scanner-mcp check-package flask pypi

Agent Security Scanner Examples

Client configuration

claude_desktop_config.json entry that launches agent-security-scanner-mcp with npx.

{
  "mcpServers": {
    "agent-security-scanner": {
      "command": "npx",
      "args": ["-y", "agent-security-scanner-mcp"],
      "env": {}
    }
  }
}

Prompts to try

Example prompts that exercise the security scanner's tools through an AI coding assistant.

- "Scan the src/ directory for security vulnerabilities and show me a compact summary."
- "Check whether the package 'langchain-helpers' exists on PyPI before we install it."
- "Scan all my imports in app.py for hallucinated or non-existent package names."
- "Analyse this bash command for safety before running it: rm -rf ./build && deploy.sh"
- "Generate a CycloneDX SBOM for this project and check it against the OSV vulnerability database."

Troubleshooting Agent Security Scanner

Scanner fails with 'Python not found' or PyYAML import error

Ensure Python 3 is on your PATH and PyYAML is installed: `pip install pyyaml`. The Node.js package shells out to Python for some analysis tasks.

Too many false positives for known-safe patterns

Add suppress entries in .scannerrc.yaml with the specific rule ID and a justification. Set severity_threshold to 'error' to silence warnings that do not need attention.

init command does not auto-configure Claude Code

Run `npx agent-security-scanner-mcp init claude-code` from your project root. If it still fails, manually add the server block to ~/.claude/claude_desktop_config.json as shown in the configuration example.

Frequently Asked Questions about Agent Security Scanner

What is Agent Security Scanner?

Agent Security Scanner is a Model Context Protocol (MCP) server that security scanner mcp server for ai coding agents. prompt injection firewall, package hallucination detection (4.3m+ packages), 1000+ vulnerability rules with ast & taint analysis, auto-fix. It connects AI assistants to external tools and data sources through a standardized interface.

How do I install Agent Security Scanner?

Install via npm with the command: npx -y agent-security-scanner-mcp. Then add the server configuration to your AI client's JSON config file (e.g., claude_desktop_config.json or .cursor/mcp.json).

Which AI clients work with Agent Security Scanner?

Agent Security Scanner works with all major MCP-compatible AI clients including Claude Desktop, Claude Code, Cursor, VS Code (GitHub Copilot), Windsurf, and Cline.

Is Agent Security Scanner free to use?

Yes, Agent Security Scanner is open source and available under the MIT license. You can use it freely in both personal and commercial projects.

Agent Security Scanner Alternatives — Similar Security Servers

Looking for alternatives to Agent Security Scanner? Here are other popular security servers you can use with Claude, Cursor, and VS Code.

Casdoor

13.6k

An open-source Agent-first Identity and Access Management (IAM) /LLM MCP & agent gateway and auth server with web UI supporting OpenClaw, MCP, OAuth, OIDC, SAML, CAS, LDAP, SCIM, WebAuthn, TOTP, MFA, Face ID, Google Workspace, Azure AD

ghidraMCP

9.0k

An Model Context Protocol server that enables LLMs to autonomously reverse engineer applications by exposing Ghidra's decompilation and analysis tools. It allows AI agents to list code structures, rename methods, and analyze binaries directly through

HexStrike AI

8.9k

HexStrike AI MCP Agents is an advanced MCP server that lets AI agents (Claude, GPT, Copilot, etc.) autonomously run 150+ cybersecurity tools for automated pentesting, vulnerability discovery, bug bounty automation, and security research. Seamlessly b

IDA Pro MCP

8.7k

Enables AI-assisted reverse engineering in IDA Pro by providing tools to analyze binaries, decompile functions, manage comments, search patterns, and interact with the IDA database through natural language.

Anthropic Cybersecurity Skills

6.6k

754 structured cybersecurity skills for AI agents · Mapped to 5 frameworks: MITRE ATT&CK, NIST CSF 2.0, MITRE ATLAS, D3FEND & NIST AI RMF · agentskills.io standard · Works with Claude Code, GitHub Copilot, Codex CLI, Cursor, Gemini CLI & 20+ platform

Hooker

5.1k

🔥🔥 hooker is a Frida-based reverse engineering toolkit for Android. It offers a user-friendly CLI, universal scripts, auto hook generation, memory roaming to detect activities/services, one-click SOCKS5 proxy setup, Frida JustTrustMe, and BoringSSL u

Browse More Security MCP Servers

Explore all security servers available in the MCPgee directory. Each server includes setup guides for Claude, Cursor, and VS Code.

Quick Config Preview

{ "mcpServers": { "agent-security-scanner": { "command": "npx", "args": ["-y", "agent-security-scanner-mcp"] } } }

Add this to your claude_desktop_config.json or .cursor/mcp.json

Read the full setup guide →

Ready to use Agent Security Scanner?

Browse our complete directory of 33,000+ MCP servers, read setup guides for your editor, and start building with the Model Context Protocol.

33,000+ ServersFree & Open SourceStep-by-Step Guides