Code Pathfinder

v2.1.1Securitystable

Static Code Analysis for security teams with Inter file taint analysis. Built for finding vulnerabilities, advanced structural search, derive insights and supports MCP

ai-agentsai-sastapplication-securitycode-scanningmcp
Share:
131
Stars
0
Downloads
0
Weekly
0/5

What is Code Pathfinder?

Code Pathfinder is a Model Context Protocol (MCP) server that allows AI assistants like Claude, Cursor, and VS Code to static code analysis for security teams with inter file taint analysis. built for finding vulnerabilities, advanced structural search, derive insights and supports mcp

Static Code Analysis for security teams with Inter file taint analysis. Built for finding vulnerabilities, advanced structural search, derive insights and supports MCP

This server falls under the Security category on MCPgee, the world's largest MCP server directory with 33,000+ servers.

Features

  • Static Code Analysis for security teams with Inter file tain

Use Cases

Perform static code analysis for vulnerabilities
Detect inter-file taint flows
Find security issues via structural search
shivasurya

Maintainer

LicenseApache-2.0
Languagego
Versionv2.1.1
UpdatedMay 22, 2026
Statushealthy
Maintenanceactive

Works with

ClaudeOpenAIwindowsmacoslinux

Installation

PIP

pip install codepathfinder

Manual Installation

pip install codepathfinder

Configuration

Configuration Details

Config File

claude_desktop_config.json

Performance

Response Metrics

Response Time< 200ms
ThroughputMedium

Resource Usage

Memory UsageLow
CPU UsageLow

How to Set Up and Use Code Pathfinder

Code Pathfinder is an open-source static analysis engine that builds a graph of your codebase and traces how data flows through it across file boundaries, making it purpose-built for finding security vulnerabilities through taint analysis and structural code search. It ships with over 190 pre-built security rules for Python, Docker, and Docker Compose, and can be run as an MCP server that gives AI assistants like Claude Code and Cursor direct access to call graphs, data flow traces, pattern searches, and security rule execution during code review. Security teams and developers use it to detect injection vulnerabilities, misconfigurations, and inter-file taint flows that single-file linters miss.

Prerequisites

  • Python 3.12+ if using pip installation or writing custom rules
  • Docker if using the containerized scanning workflow
  • Homebrew on macOS for the recommended binary installation
  • An MCP-compatible AI client such as Claude Code, Cursor, or Cline
  • A codebase to analyze (Python projects have the broadest rule coverage)
1

Install Code Pathfinder

Install the pathfinder CLI using your preferred method. Homebrew is the easiest on macOS; pip is cross-platform.

# macOS via Homebrew (recommended)
brew install shivasurya/tap/pathfinder

# Or via pip
pip install codepathfinder
2

Run a security scan on your project

Perform an initial scan to verify the installation and see what issues Code Pathfinder finds in your codebase. The tool downloads rule definitions automatically from CDN on first run.

pathfinder scan --ruleset python/all --project .
3

Export results in machine-readable format

For CI/CD integration or further processing, export scan results as JSON or SARIF. Use --fail-on to make the command exit non-zero on critical findings.

pathfinder scan --ruleset python/all --project . \
  --output sarif --output-file results.sarif \
  --fail-on critical,high
4

Start the MCP server for AI assistant integration

Launch Code Pathfinder in MCP server mode so AI assistants can query code graphs, trace data flows, and run security rules interactively during development or code review.

pathfinder serve --project .
5

Configure your MCP client

Add Code Pathfinder to your Claude Code or other MCP client configuration. The server runs via stdio transport.

{
  "mcpServers": {
    "code-pathfinder": {
      "command": "pathfinder",
      "args": ["serve", "--project", "/absolute/path/to/your/project"]
    }
  }
}

Code Pathfinder Examples

Client configuration

Claude Code configuration for Code Pathfinder MCP server pointing at the current project directory.

{
  "mcpServers": {
    "code-pathfinder": {
      "command": "pathfinder",
      "args": ["serve", "--project", "/Users/yourname/myproject"]
    }
  }
}

Prompts to try

Prompts for using Code Pathfinder with AI assistants to find security issues and understand code structure.

- "Scan my project for SQL injection vulnerabilities"
- "Show me all the places where user input flows into a database query"
- "Find all functions that call os.system or subprocess with unsanitized input"
- "Run the python/all ruleset and summarize critical and high severity findings"
- "Trace the data flow from the HTTP request handler to the database layer"
- "What external modules does the authentication module depend on?"

Troubleshooting Code Pathfinder

pathfinder command not found after installation

After Homebrew installation, ensure /opt/homebrew/bin (Apple Silicon) or /usr/local/bin (Intel) is in your PATH. After pip installation, make sure the Python scripts directory is in your PATH. Run `brew doctor` or check your shell profile (.zshrc/.bashrc).

Scan produces no results or 'no rules found' error

Code Pathfinder downloads rule definitions from CDN on first run — ensure you have internet access. If behind a proxy, configure HTTP_PROXY and HTTPS_PROXY environment variables. Also verify the --ruleset argument matches your language (python/all, docker/all, etc.).

MCP server mode exits immediately without serving

The --project path must be an absolute path to an existing directory. Relative paths like '.' may not resolve correctly when Claude Code spawns the process. Use the full absolute path, e.g. /home/user/myproject.

Frequently Asked Questions about Code Pathfinder

What is Code Pathfinder?

Code Pathfinder is a Model Context Protocol (MCP) server that static code analysis for security teams with inter file taint analysis. built for finding vulnerabilities, advanced structural search, derive insights and supports mcp It connects AI assistants to external tools and data sources through a standardized interface.

How do I install Code Pathfinder?

Install via pip with: pip install codepathfinder. Then configure your AI client to connect to this MCP server.

Which AI clients work with Code Pathfinder?

Code Pathfinder works with all major MCP-compatible AI clients including Claude Desktop, Claude Code, Cursor, VS Code (GitHub Copilot), Windsurf, and Cline.

Is Code Pathfinder free to use?

Yes, Code Pathfinder is open source and available under the Apache-2.0 license. You can use it freely in both personal and commercial projects.

Code Pathfinder Alternatives — Similar Security Servers

Looking for alternatives to Code Pathfinder? Here are other popular security servers you can use with Claude, Cursor, and VS Code.

Casdoor

13.6k

An open-source Agent-first Identity and Access Management (IAM) /LLM MCP & agent gateway and auth server with web UI supporting OpenClaw, MCP, OAuth, OIDC, SAML, CAS, LDAP, SCIM, WebAuthn, TOTP, MFA, Face ID, Google Workspace, Azure AD

ghidraMCP

9.0k

An Model Context Protocol server that enables LLMs to autonomously reverse engineer applications by exposing Ghidra's decompilation and analysis tools. It allows AI agents to list code structures, rename methods, and analyze binaries directly through

HexStrike AI

8.9k

HexStrike AI MCP Agents is an advanced MCP server that lets AI agents (Claude, GPT, Copilot, etc.) autonomously run 150+ cybersecurity tools for automated pentesting, vulnerability discovery, bug bounty automation, and security research. Seamlessly b

IDA Pro MCP

8.7k

Enables AI-assisted reverse engineering in IDA Pro by providing tools to analyze binaries, decompile functions, manage comments, search patterns, and interact with the IDA database through natural language.

Anthropic Cybersecurity Skills

6.6k

754 structured cybersecurity skills for AI agents · Mapped to 5 frameworks: MITRE ATT&CK, NIST CSF 2.0, MITRE ATLAS, D3FEND & NIST AI RMF · agentskills.io standard · Works with Claude Code, GitHub Copilot, Codex CLI, Cursor, Gemini CLI & 20+ platform

Hooker

5.1k

🔥🔥 hooker is a Frida-based reverse engineering toolkit for Android. It offers a user-friendly CLI, universal scripts, auto hook generation, memory roaming to detect activities/services, one-click SOCKS5 proxy setup, Frida JustTrustMe, and BoringSSL u

Browse More Security MCP Servers

Explore all security servers available in the MCPgee directory. Each server includes setup guides for Claude, Cursor, and VS Code.

Quick Config Preview

{ "mcpServers": { "code-pathfinder": { "command": "pip", "args": ["install", "codepathfinder"] } } }

Add this to your claude_desktop_config.json or .cursor/mcp.json

Read the full setup guide →

Ready to use Code Pathfinder?

Browse our complete directory of 33,000+ MCP servers, read setup guides for your editor, and start building with the Model Context Protocol.

33,000+ ServersFree & Open SourceStep-by-Step Guides