agent-security-scanner

Security scanner MCP server that protects AI coding agents from generating vulnerable code. Features: • 275+ security rules for Python, JavaScript, TypeScript, Java, Go, Ruby, PHP, C/C++, Rust, C#, Terraform, Kubernetes • AST-based detection with tree-sitter (falls back to regex when unavailable) • Taint analysis for tracking user input to dangerous sinks • Package hallucination detection across 4.3M+ packages (npm, PyPI, RubyGems, crates.io, pub.dev, CPAN, Raku) • Prompt injection detection for AI agent security • Automatic fix suggestions for common vulnerabilities • CWE/OWASP metadata for compliance Tools: • scan_security - Scan files for vulnerabilities • fix_security - Auto-fix security issues • check_package - Verify if a package exists or is hallucinated • scan_agent_prompt - Detect prompt injection attacks • list_security_rules - View all available rules • list_package_stats - Package database statistics Zero config - works instantly with npx.