# Vibescan Mcp Server > MCP server for VibeScan — scan projects for leaked secrets and security issues - **Type:** MCP server - **Install:** `agentstack add mcp-aguantar-vibescan-mcp-server` - **Verified:** Pending review - **Seller:** [Aguantar](https://agentstack.voostack.com/s/aguantar) - **Installs:** 0 - **Category:** [Security](https://agentstack.voostack.com/c/security) - **Latest version:** 0.1.0 - **License:** MIT - **Upstream author:** [Aguantar](https://github.com/Aguantar) - **Source:** https://github.com/Aguantar/vibescan-mcp-server ## Install ```sh agentstack add mcp-aguantar-vibescan-mcp-server ``` Requires the [AgentStack CLI](https://agentstack.voostack.com/docs/cli). Works with Claude Code, Cursor, and any MCP-compatible agent. ## About # vibescan-mcp-server mcp-name: io.github.Aguantar/vibescan-mcp-server MCP server for [VibeScan](https://github.com/Aguantar/vibescan) — scan projects for leaked secrets and security issues directly from Claude Code. ## Features - **`vibescan_scan`** — Scan a project for secrets, dangerous patterns, and git hygiene issues - **`vibescan_rules`** — List all 17 detection rules ### What VibeScan detects - **14 secret categories**: env files, config hardcodes, cloud credentials, Docker/infra, CI/CD pipelines, IDE settings, SSH keys, hardcoded patterns, frontend env vars, data files, doc secrets, mobile files, system configs, editor remnants - **Dangerous code patterns**: eval(), exec(), shell injection, SQL injection, pickle, innerHTML - **Git hygiene**: missing .gitignore, unignored .env/.pem/.key files All scanning runs locally — your code never leaves your machine. ## Installation ```bash pip install vibescan-mcp-server ``` ## Usage with Claude Code Add to your `.mcp.json`: ```json { "mcpServers": { "vibescan": { "command": "vibescan-mcp-server" } } } ``` Then ask Claude: "scan this project for security issues" or "check for leaked secrets". ## License MIT ## Source & license This open-source MCP server is cataloged on AgentStack and links to its original source — we do not rehost the code. - **Author:** [Aguantar](https://github.com/Aguantar) - **Source:** [Aguantar/vibescan-mcp-server](https://github.com/Aguantar/vibescan-mcp-server) - **License:** MIT Install and usage instructions live in the source repository linked above. ## Pricing - **Free** — Free ## Versions - **0.1.0** — security scan: flagged — Imported from the upstream source. ## Links - Listing page: https://agentstack.voostack.com/l/mcp-aguantar-vibescan-mcp-server - Seller: https://agentstack.voostack.com/s/aguantar - Browse the marketplace: https://agentstack.voostack.com/browse --- Listed on AgentStack — the marketplace for AI agent skills and MCP servers. Every listing is security-reviewed. Creators keep 70%.