sinewaveai

sinewaveai / agent-security-scanner-mcp

Public

Security scanner MCP server for AI coding agents. Prompt injection firewall, package hallucination detection (4.3M+ packages), 1000+ vulnerability rules with AST & taint analysis, auto-fix.

www.npmjs.compackageagent-security-scanner-mcp agent-security ai-security auto-fix claude-code cline
71
5
100% credibility
Found Feb 17, 2026 at 27 stars 3x -- GitGems finds repos before they trend. Get early access to the next one.
Sign Up Free
AI Analysis
JavaScript
AI Summary

A security scanner for AI-generated code that detects vulnerabilities in 12 languages, hallucinated packages across 7 ecosystems, and prompt injections, usable via AI coding tool integrations or command line.

How It Works

1
🔍 Discover the security helper

You find a friendly tool that checks code from your AI coding buddy for sneaky problems.

2
🛡️ Connect it easily

With one quick setup, link it to your coding app so it watches your work automatically.

3
📝 Write some code

As your AI suggests code, you let the helper scan it right away to spot risks.

4
⚠️ See clear warnings

It lights up dangers like unsafe data mixing or fake add-ons, with simple explanations.

5
🔧 Fix issues fast

Click to apply safe fixes, turning risky spots into secure ones effortlessly.

6
📦 Check new helpers

Before adding packages, verify they're real and not invented by the AI.

Code safely ever after

Your AI now builds secure projects, and tricky instructions get blocked—peace of mind!

Sign up to see the full architecture

5 more

Sign Up Free

Star Growth

See how this repo grew from 27 to 71 stars Sign Up Free
Repurpose This Repo

Repurpose is a Pro feature

Generate ready-to-use prompts for X threads, LinkedIn posts, blog posts, YouTube scripts, and more -- with full repo context baked in.

Unlock Repurpose
AI-Generated Review

What is agent-security-scanner-mcp?

This JavaScript-based MCP server secures AI coding agents by scanning code across 12 languages for 1700+ vulnerabilities using AST and taint analysis, detecting AI-hallucinated packages against 4.3M+ real ones, and blocking prompt injections with 59 hardened rules. It offers CLI tools like `scan_security`, `fix_security`, `check_package`, and `scan_agent_prompt`, plus SARIF output for github security scanning and github security alerts integration. Auto-fixes 120 common issues, making it a firewall for tools like Claude Code, Cursor, and OpenClaw.

Why is it gaining traction?

Unlike generic scanners, it tackles AI-specific risks—prompt injections, fake deps, agent backdoors—with token-optimized outputs (minimal: 50 tokens) that fit tight AI contexts, plus daemon caching for 4000x faster rescans. Easy one-command init hooks into Cursor or Windsurf, git diff scanning for PRs, and project grading (A-F) beat traditional tools for dev workflows. Benchmarks show 97.7% precision on real vulns.

Who should use this?

Devs relying on AI agents like Claude Code or Cursor for code gen, who hit package hallucinations or injection risks. OpenClaw users needing autonomous agent guardrails, or teams adding security github actions to CI/CD for github security advisories. Ideal for auditing imports before commits or scanning external prompts in security scanner github repos.

Verdict

Promising for AI-driven dev but early-stage: 24 stars and 1.0% credibility score mean test thoroughly despite solid docs, benchmarks, and MIT license. Grab it via npx for agent security scanning if you're in the AI loop—skip for production without your own validation.

(198 words)

Sign up to read the full AI review Sign Up Free

Similar repos coming soon.