Vibescan Mcp Server
MCP server for VibeScan — scan projects for leaked secrets and security issues
Install
$ agentstack add mcp-aguantar-vibescan-mcp-server Open-source listing — not yet scanned by AgentStack. Follow the source repository for install instructions.
Security review
⚠ Flagged1 finding(s); flagged for manual review. · v0.1.0 How review works →
- • Prompt-injection patterns
- • Secret / credential exfiltration
- • Dangerous shell & filesystem operations
- • Untrusted network calls
- • Known-malicious package signatures
- high Dangerous shell/eval execution.
About
vibescan-mcp-server
mcp-name: io.github.Aguantar/vibescan-mcp-server
MCP server for VibeScan — scan projects for leaked secrets and security issues directly from Claude Code.
Features
vibescan_scan— Scan a project for secrets, dangerous patterns, and git hygiene issuesvibescan_rules— List all 17 detection rules
What VibeScan detects
- 14 secret categories: env files, config hardcodes, cloud credentials, Docker/infra, CI/CD pipelines, IDE settings, SSH keys, hardcoded patterns, frontend env vars, data files, doc secrets, mobile files, system configs, editor remnants
- Dangerous code patterns: eval(), exec(), shell injection, SQL injection, pickle, innerHTML
- Git hygiene: missing .gitignore, unignored .env/.pem/.key files
All scanning runs locally — your code never leaves your machine.
Installation
pip install vibescan-mcp-serverUsage with Claude Code
Add to your .mcp.json:
{
"mcpServers": {
"vibescan": {
"command": "vibescan-mcp-server"
}
}
}Then ask Claude: "scan this project for security issues" or "check for leaked secrets".
License
MIT
Source & license
This open-source MCP server is cataloged on AgentStack and links to its original source — we do not rehost the code.
- Author: Aguantar
- Source: Aguantar/vibescan-mcp-server
- License: MIT
Install and usage instructions live in the source repository linked above.
Reviews
No reviews yet — be the first.
Write a review
Versions
- v0.1.0 Imported from the upstream source.