Code Pathfinder
Static Code Analysis for security teams with Inter file taint analysis. Built for finding vulnerabilities, advanced structural search, derive insights and supports MCP
What is Code Pathfinder?
Code Pathfinder is a Model Context Protocol (MCP) server that allows AI assistants like Claude, Cursor, and VS Code to static code analysis for security teams with inter file taint analysis. built for finding vulnerabilities, advanced structural search, derive insights and supports mcp
Static Code Analysis for security teams with Inter file taint analysis. Built for finding vulnerabilities, advanced structural search, derive insights and supports MCP
This server falls under the Security category on MCPgee, the world's largest MCP server directory with 33,000+ servers.
Features
- Static Code Analysis for security teams with Inter file tain
Use Cases
Maintainer
Works with
Installation
PIP
pip install codepathfinderManual Installation
pip install codepathfinderConfiguration
Configuration Details
claude_desktop_config.json
Performance
Response Metrics
Resource Usage
How to Set Up and Use Code Pathfinder
Code Pathfinder is an open-source static analysis engine that builds a graph of your codebase and traces how data flows through it across file boundaries, making it purpose-built for finding security vulnerabilities through taint analysis and structural code search. It ships with over 190 pre-built security rules for Python, Docker, and Docker Compose, and can be run as an MCP server that gives AI assistants like Claude Code and Cursor direct access to call graphs, data flow traces, pattern searches, and security rule execution during code review. Security teams and developers use it to detect injection vulnerabilities, misconfigurations, and inter-file taint flows that single-file linters miss.
Prerequisites
- Python 3.12+ if using pip installation or writing custom rules
- Docker if using the containerized scanning workflow
- Homebrew on macOS for the recommended binary installation
- An MCP-compatible AI client such as Claude Code, Cursor, or Cline
- A codebase to analyze (Python projects have the broadest rule coverage)
Install Code Pathfinder
Install the pathfinder CLI using your preferred method. Homebrew is the easiest on macOS; pip is cross-platform.
# macOS via Homebrew (recommended)
brew install shivasurya/tap/pathfinder
# Or via pip
pip install codepathfinderRun a security scan on your project
Perform an initial scan to verify the installation and see what issues Code Pathfinder finds in your codebase. The tool downloads rule definitions automatically from CDN on first run.
pathfinder scan --ruleset python/all --project .Export results in machine-readable format
For CI/CD integration or further processing, export scan results as JSON or SARIF. Use --fail-on to make the command exit non-zero on critical findings.
pathfinder scan --ruleset python/all --project . \
--output sarif --output-file results.sarif \
--fail-on critical,highStart the MCP server for AI assistant integration
Launch Code Pathfinder in MCP server mode so AI assistants can query code graphs, trace data flows, and run security rules interactively during development or code review.
pathfinder serve --project .Configure your MCP client
Add Code Pathfinder to your Claude Code or other MCP client configuration. The server runs via stdio transport.
{
"mcpServers": {
"code-pathfinder": {
"command": "pathfinder",
"args": ["serve", "--project", "/absolute/path/to/your/project"]
}
}
}Code Pathfinder Examples
Client configuration
Claude Code configuration for Code Pathfinder MCP server pointing at the current project directory.
{
"mcpServers": {
"code-pathfinder": {
"command": "pathfinder",
"args": ["serve", "--project", "/Users/yourname/myproject"]
}
}
}Prompts to try
Prompts for using Code Pathfinder with AI assistants to find security issues and understand code structure.
- "Scan my project for SQL injection vulnerabilities"
- "Show me all the places where user input flows into a database query"
- "Find all functions that call os.system or subprocess with unsanitized input"
- "Run the python/all ruleset and summarize critical and high severity findings"
- "Trace the data flow from the HTTP request handler to the database layer"
- "What external modules does the authentication module depend on?"Troubleshooting Code Pathfinder
pathfinder command not found after installation
After Homebrew installation, ensure /opt/homebrew/bin (Apple Silicon) or /usr/local/bin (Intel) is in your PATH. After pip installation, make sure the Python scripts directory is in your PATH. Run `brew doctor` or check your shell profile (.zshrc/.bashrc).
Scan produces no results or 'no rules found' error
Code Pathfinder downloads rule definitions from CDN on first run — ensure you have internet access. If behind a proxy, configure HTTP_PROXY and HTTPS_PROXY environment variables. Also verify the --ruleset argument matches your language (python/all, docker/all, etc.).
MCP server mode exits immediately without serving
The --project path must be an absolute path to an existing directory. Relative paths like '.' may not resolve correctly when Claude Code spawns the process. Use the full absolute path, e.g. /home/user/myproject.
Frequently Asked Questions about Code Pathfinder
What is Code Pathfinder?
Code Pathfinder is a Model Context Protocol (MCP) server that static code analysis for security teams with inter file taint analysis. built for finding vulnerabilities, advanced structural search, derive insights and supports mcp It connects AI assistants to external tools and data sources through a standardized interface.
How do I install Code Pathfinder?
Install via pip with: pip install codepathfinder. Then configure your AI client to connect to this MCP server.
Which AI clients work with Code Pathfinder?
Code Pathfinder works with all major MCP-compatible AI clients including Claude Desktop, Claude Code, Cursor, VS Code (GitHub Copilot), Windsurf, and Cline.
Is Code Pathfinder free to use?
Yes, Code Pathfinder is open source and available under the Apache-2.0 license. You can use it freely in both personal and commercial projects.
Code Pathfinder Alternatives — Similar Security Servers
Looking for alternatives to Code Pathfinder? Here are other popular security servers you can use with Claude, Cursor, and VS Code.
Casdoor
★ 13.6kAn open-source Agent-first Identity and Access Management (IAM) /LLM MCP & agent gateway and auth server with web UI supporting OpenClaw, MCP, OAuth, OIDC, SAML, CAS, LDAP, SCIM, WebAuthn, TOTP, MFA, Face ID, Google Workspace, Azure AD
ghidraMCP
★ 9.0kAn Model Context Protocol server that enables LLMs to autonomously reverse engineer applications by exposing Ghidra's decompilation and analysis tools. It allows AI agents to list code structures, rename methods, and analyze binaries directly through
HexStrike AI
★ 8.9kHexStrike AI MCP Agents is an advanced MCP server that lets AI agents (Claude, GPT, Copilot, etc.) autonomously run 150+ cybersecurity tools for automated pentesting, vulnerability discovery, bug bounty automation, and security research. Seamlessly b
IDA Pro MCP
★ 8.7kEnables AI-assisted reverse engineering in IDA Pro by providing tools to analyze binaries, decompile functions, manage comments, search patterns, and interact with the IDA database through natural language.
Anthropic Cybersecurity Skills
★ 6.6k754 structured cybersecurity skills for AI agents · Mapped to 5 frameworks: MITRE ATT&CK, NIST CSF 2.0, MITRE ATLAS, D3FEND & NIST AI RMF · agentskills.io standard · Works with Claude Code, GitHub Copilot, Codex CLI, Cursor, Gemini CLI & 20+ platform
Hooker
★ 5.1k🔥🔥 hooker is a Frida-based reverse engineering toolkit for Android. It offers a user-friendly CLI, universal scripts, auto hook generation, memory roaming to detect activities/services, one-click SOCKS5 proxy setup, Frida JustTrustMe, and BoringSSL u
Browse More Security MCP Servers
Explore all security servers available in the MCPgee directory. Each server includes setup guides for Claude, Cursor, and VS Code.
Set Up Code Pathfinder in Your Editor
Choose your AI client for step-by-step setup instructions.
Quick Config Preview
Add this to your claude_desktop_config.json or .cursor/mcp.json
Ready to use Code Pathfinder?
Browse our complete directory of 33,000+ MCP servers, read setup guides for your editor, and start building with the Model Context Protocol.