agent-security-scanner
MCP ServerFreeSecurity scanner MCP server that protects AI coding agents from generating vulnerable code. Features: • 275+ security rules for Python, JavaScript, TypeScript, Java, Go, Ruby, PHP, C/C++, Rust, C#, Terraform, Kubernetes • AST-based detection with tree-sitter (falls back to regex when unav
Capabilities5 decomposed
ast-based vulnerability scanning
Medium confidenceThis capability utilizes AST (Abstract Syntax Tree) parsing via tree-sitter to analyze code for vulnerabilities across multiple programming languages. It allows for more accurate detection of security issues by understanding the code structure rather than relying solely on regex patterns, which are less reliable. When tree-sitter is unavailable, it falls back to regex, ensuring flexibility in various environments.
Utilizes tree-sitter for AST parsing, enabling more accurate vulnerability detection compared to regex-based tools.
More precise than traditional regex-based scanners, especially for complex code structures.
taint analysis for user input tracking
Medium confidenceThis capability implements taint analysis to track the flow of user input through the code, identifying potential security risks when user data reaches sensitive operations or functions. By analyzing the data flow, it can pinpoint where user input may compromise security, allowing developers to take corrective actions.
Employs a comprehensive taint analysis approach to track user input, which is often overlooked in simpler tools.
More thorough than basic input validation tools, providing deeper insights into data flow.
automatic vulnerability fix suggestions
Medium confidenceThis capability analyzes detected vulnerabilities and provides automatic fix suggestions based on established security patterns and best practices. By leveraging a database of common vulnerabilities and their remedies, it assists developers in quickly addressing security issues in their code.
Combines vulnerability detection with contextual fix suggestions, enhancing developer efficiency in remediation.
Faster and more context-aware than generic fix suggestion tools that lack integration with vulnerability databases.
package hallucination detection
Medium confidenceThis capability scans and verifies package existence across multiple repositories, including npm, PyPI, and others, to detect hallucinated packages that may not exist. By cross-referencing a database of over 4.3 million packages, it ensures that developers are not misled by incorrect package names or versions.
Cross-references a vast database of packages to ensure accuracy, reducing the risk of dependency issues.
More extensive than typical package managers that do not check for hallucinated packages.
prompt injection attack detection
Medium confidenceThis capability analyzes AI agent prompts to detect potential prompt injection attacks that could manipulate the agent's behavior. By examining the structure and content of prompts, it identifies suspicious patterns that may indicate an attack, allowing developers to secure their AI interactions.
Focuses specifically on analyzing AI prompts for injection risks, a niche often neglected in broader security tools.
More specialized than general security tools that do not address AI prompt vulnerabilities.
Capabilities are decomposed by AI analysis. Each maps to specific user intents and improves with match feedback.
Related Artifactssharing capabilities
Artifacts that share capabilities with agent-security-scanner, ranked by overlap. Discovered automatically through the match graph.
Input
AI-powered teammate that can collaborate on code
Kwaipilot: KAT-Coder-Pro V2
KAT-Coder-Pro V2 is the latest high-performance model in KwaiKAT’s KAT-Coder series, designed for complex enterprise-grade software engineering and SaaS integration. It builds on the agentic coding strengths of earlier versions,...
Devon
Autonomous AI software engineer for full dev workflows.
Mutable AI
AI agent for accelerated software development.
RunSybil
Revolutionize cybersecurity: AI-driven, rapid, accurate pentesting...
Claude 4, DeepSeek R1, ChatGPT, Copilot, Cursor AI and Cline, AI Agents, AI Copilot, and Debugger, Code Assistants, Code Chat, Code Completion, Code Generator, Autocomplete, Codestral, Generative AI
Bugzi: Multi-Agent AI and Code Scanning. Your AI Partner for Development. Bugzi is a powerful AI assistant that seamlessly integrates into your VS Code workflow, designed to enhance productivity and streamline your entire development process. While Bugzi includes a realtime security scanner to prote
Best For
- ✓developers ensuring code security in multi-language projects
- ✓security-focused developers working on data-sensitive applications
- ✓developers looking to streamline their security remediation process
- ✓developers managing dependencies in large projects
- ✓developers building AI agents with security in mind
Known Limitations
- ⚠Performance may degrade with very large codebases due to AST parsing overhead.
- ⚠May require manual configuration for complex data flows.
- ⚠Suggestions may not cover all edge cases and require manual review.
- ⚠Dependent on the accuracy of the package database.
- ⚠Detection may not cover all possible attack vectors.
Requirements
Input / Output
UnfragileRank
UnfragileRank is computed from adoption signals, documentation quality, ecosystem connectivity, match graph feedback, and freshness. No artifact can pay for a higher rank.
About
Security scanner MCP server that protects AI coding agents from generating vulnerable code. Features: • 275+ security rules for Python, JavaScript, TypeScript, Java, Go, Ruby, PHP, C/C++, Rust, C#, Terraform, Kubernetes • AST-based detection with tree-sitter (falls back to regex when unavailable) • Taint analysis for tracking user input to dangerous sinks • Package hallucination detection across 4.3M+ packages (npm, PyPI, RubyGems, crates.io, pub.dev, CPAN, Raku) • Prompt injection detection for AI agent security • Automatic fix suggestions for common vulnerabilities • CWE/OWASP metadata for compliance Tools: • scan_security - Scan files for vulnerabilities • fix_security - Auto-fix security issues • check_package - Verify if a package exists or is hallucinated • scan_agent_prompt - Detect prompt injection attacks • list_security_rules - View all available rules • list_package_stats - Package database statistics Zero config - works instantly with npx.
Categories
Alternatives to agent-security-scanner
Search the Supabase docs for up-to-date guidance and troubleshoot errors quickly. Manage organizations, projects, databases, and Edge Functions, including migrations, SQL, logs, advisors, keys, and type generation, in one flow. Create and manage development branches to iterate safely, confirm costs
Compare →AI-optimized web search and content extraction via Tavily MCP.
Compare →Scrape websites and extract structured data via Firecrawl MCP.
Compare →Are you the builder of agent-security-scanner?
Claim this artifact to get a verified badge, access match analytics, see which intents users search for, and manage your listing.
Get the weekly brief
New tools, rising stars, and what's actually worth your time. No spam.
Data Sources
Looking for something else?
Search →