# AI Scanner > Scan codebases for LLM/AI SDK usage, exposed API tokens, and hardcoded secrets. - **Type:** MCP server - **Install:** `agentstack add mcp-aakashbhardwaj27-ai-scanner-mcp` - **Verified:** Yes — security-reviewed for prompt injection and unsafe behavior - **Seller:** [sky-in-code](https://agentstack.voostack.com/s/sky-in-code) - **Installs:** 0 - **Category:** [AI & ML](https://agentstack.voostack.com/c/ai-and-ml) - **Latest version:** 1.0.2 - **License:** MIT - **Upstream author:** [sky-in-code](https://github.com/sky-in-code) - **Source:** https://github.com/sky-in-code/ai-scanner-mcp - **Website:** https://aakashbhardwaj27.github.io/ai-scanner/ ## Install ```sh agentstack add mcp-aakashbhardwaj27-ai-scanner-mcp ``` Requires the [AgentStack CLI](https://agentstack.voostack.com/docs/cli). Works with Claude Code, Cursor, and any MCP-compatible agent. ## About ai-scanner-mcp MCP server for ai-scanner - let AI agents scan codebases for LLM usage, AI frameworks, and exposed secrets. An [MCP](https://modelcontextprotocol.io) server that exposes [ai-scanner](https://github.com/Aakashbhardwaj27/ai-scanner) as tools for AI agents. Works with Claude Code, Claude Desktop, Cursor, Windsurf, and any MCP-compatible client. ## Tools | Tool | Description | |---|---| | `scan_directory` | Full scan — LLM SDKs, AI frameworks, exposed tokens, and hardcoded secrets with severity levels | | `check_secrets` | Security check — pass/fail scan for exposed credentials only. Perfect for pre-commit checks | | `ai_inventory` | AI stack overview — which SDKs, frameworks, models, and API endpoints are used (no secret detection) | ## Setup ### Claude Code ```bash claude mcp add ai-scanner npx ai-scanner-mcp ``` ### Claude Desktop Add to your `claude_desktop_config.json`: ```json { "mcpServers": { "ai-scanner": { "command": "npx", "args": ["ai-scanner-mcp"] } } } ``` Config file location: - macOS: `~/Library/Application Support/Claude/claude_desktop_config.json` - Windows: `%APPDATA%\Claude\claude_desktop_config.json` ### Cursor Add to `.cursor/mcp.json` in your project: ```json { "mcpServers": { "ai-scanner": { "command": "npx", "args": ["ai-scanner-mcp"] } } } ``` ### Windsurf Add to `~/.windsurf/mcp.json`: ```json { "mcpServers": { "ai-scanner": { "command": "npx", "args": ["ai-scanner-mcp"] } } } ``` ## Example Usage Once connected, you can ask your AI agent: - *"Scan this project for any exposed API keys"* - *"Check if there are any hardcoded secrets before I commit"* - *"What AI SDKs and frameworks does this codebase use?"* - *"Run a security scan on ./src and tell me if it's safe to push"* - *"Give me an AI inventory of this project"* ## Tool Details ### scan_directory Full scan with all detection categories. Parameters: | Parameter | Type | Default | Description | |---|---|---|---| | `directory` | string | *required* | Path to scan | | `ai_only` | boolean | `false` | Skip generic secrets (Stripe, GitHub, etc.) | | `scan_env` | boolean | `false` | Include .env files | | `include_endpoints` | boolean | `true` | Detect LLM API endpoint URLs | | `include_models` | boolean | `true` | Detect model name references | ### check_secrets Security-focused pass/fail check. Parameters: | Parameter | Type | Default | Description | |---|---|---|---| | `directory` | string | *required* | Path to scan | | `ai_only` | boolean | `false` | Only check AI tokens | | `scan_env` | boolean | `false` | Include .env files | ### ai_inventory AI stack awareness (no secret detection). Parameters: | Parameter | Type | Default | Description | |---|---|---|---| | `directory` | string | *required* | Path to scan | ## Detection Coverage - **AI Tokens (20+)** — OpenAI, Anthropic, Google, AWS, HuggingFace, Groq, Replicate, and more - **Generic Secrets (59)** — Stripe, Twilio, GitHub, Slack, Discord, database URIs, private keys, JWTs - **LLM SDKs (23)** — OpenAI, Anthropic, Google Gemini, LiteLLM, AWS Bedrock, and more - **AI Frameworks (24)** — LangChain, LlamaIndex, CrewAI, AutoGen, DSPy, Vercel AI SDK, and more - **145 total detection patterns** ## License [MIT](https://github.com/Aakashbhardwaj27/ai-scanner/blob/main/LICENSE) ## Source & license This open-source MCP server is cataloged on AgentStack and links to its original source — we do not rehost the code. - **Author:** [sky-in-code](https://github.com/sky-in-code) - **Source:** [sky-in-code/ai-scanner-mcp](https://github.com/sky-in-code/ai-scanner-mcp) - **License:** MIT - **Homepage:** https://aakashbhardwaj27.github.io/ai-scanner/ Install and usage instructions live in the source repository linked above. ## Pricing - **Free** — Free ## Versions - **1.0.2** — security scan: passed — Imported from the upstream source. ## Links - Listing page: https://agentstack.voostack.com/l/mcp-aakashbhardwaj27-ai-scanner-mcp - Seller: https://agentstack.voostack.com/s/sky-in-code - Browse the marketplace: https://agentstack.voostack.com/browse --- Listed on AgentStack — the marketplace for AI agent skills and MCP servers. Every listing is security-reviewed. Creators keep 70%.