agent-security-scanner

Frequently asked questions

What is agent-security-scanner?

Security scanner MCP server that protects AI coding agents from generating vulnerable code. Features: • 275+ security rules for Python, JavaScript, TypeScript, Java, Go, Ruby, PHP, C/C++, Rust, C#, Terraform, Kubernetes • AST-based detection with tree-sitter (falls back to regex when unavailable) • Taint analysis for tracking user input to dangerous sinks • Package hallucination detection across 4.3M+ packages (npm, PyPI, RubyGems, crates.io, pub.dev, CPAN, Raku) • Prompt injection detection for AI agent security • Automatic fix suggestions for common vulnerabilities • CWE/OWASP metadata for compliance Tools: • scan_security - Scan files for vulnerabilities • fix_security - Auto-fix security issues • check_package - Verify if a package exists or is hallucinated • scan_agent_prompt - Detect prompt injection attacks • list_security_rules - View all available rules • list_package_stats - Package database statistics Zero config - works instantly with npx.

Is agent-security-scanner an official MCP server?

agent-security-scanner is not on the Official MCP Registry. It is listed on Smithery.

How many versions does agent-security-scanner have?

agent-security-scanner ships as a single rolling release with no explicit version metadata.