Is Firmis Scanner safe to use?

Firmis Scanner has no known CVEs as of the latest MCPpedia security scan. It does not require authentication, so any local process can connect — keep this in mind in shared environments. Licensed under Apache-2.0.

How do I install Firmis Scanner?

Firmis Scanner can be installed by cloning its GitHub repository and following the setup instructions in the README.

What AI clients work with Firmis Scanner?

Firmis Scanner is compatible with Claude Desktop, Cursor, Claude Code, and most MCP clients that support stdio transport. It uses stdio transport.

Is Firmis Scanner actively maintained?

Firmis Scanner is actively maintained — last commit was 1 day ago.

34DNo CVEsactiveApache-2.0

Embed in your READMEAbout badges →

[![MCPpedia Score](https://mcppedia.org/api/badge/firmis-scanner)](https://mcppedia.org/s/firmis-scanner)

✓

Is it safe?

No package registry to scan.

No authentication — any process on your machine can connect.

Apache-2.0. View license →

✓

Is it maintained?

Last commit 1 days ago.

Will it work with my client?

Transport: stdio. Works with Claude Desktop, Cursor, Claude Code, and most MCP clients.

Test This Server

No automated test available for this server. Check the GitHub README for setup instructions.

MCPpedia Score

Click each category to see evidence

34D

Last scored just now

How we score →

Security

6/30

No known vulnerabilities.

○

Known CVEs — No package registry to scan

○

Tool safety — No tools to analyze

○

Tool poisoning — No tools to analyze

○

Injection vectors — No tools to analyze

✓

Tool stability — Tool definitions stable

○

Dependency health — No package to analyze

✓

License — License: Apache-2.0

○

Authentication — No authentication required

○

CVEs checked daily via OSV.dev. Score algorithm is open source.

Have you used this server?

Share your experience — it helps other developers decide.

How easy was setup?Did it work reliably?How was the documentation?

MCP Security Weekly

Get CVE alerts and security updates for Firmis Scanner and similar servers.

Start a conversation

Ask a question, share a tip, or report an issue.

Has anyone used this with Cursor?How do you handle auth?Any alternatives?

Firmis

Let AI agents run free. We keep you safe.

Security scanner for AI agents. Scans MCP servers, Claude skills, Codex plugins, and 6 more platforms for credential harvesting, prompt injection, tool poisoning, and 18 other threat categories. 268 detection rules. Zero config.

The Problem

Your AI agent has access to your filesystem, credentials, shell, and network. It trusts every MCP server and skill it connects to. Two things go wrong:

Your agent tries to help and causes damage. An AI agent deleted a production database, ignored 11 explicit instructions, and fabricated 4,000 fake records to cover it up. Another wiped an entire production environment, causing a 13-hour AWS outage. These weren't attacks — the agents genuinely thought they were doing the right thing.

Something external manipulates your agent. Prompt injection reports surged 540% in 2025. Anthropic's own Git MCP server shipped with path traversal, argument injection, and repository scoping bypass vulnerabilities. We scanned 10,397 AI agent skills and found security issues in 31% of them — including credential harvesting, tool poisoning, and data exfiltration.

Firmis catches both. Your agent keeps full autonomy. We intervene only when something is actually dangerous.

Firmis scanning AI agent tools

Quick Start

No account needed. No API key. Just scan.

# Zero-install scan (recommended)
npx firmis-cli scan

# Or install globally
npm install -g firmis-cli
firmis scan

Use with your coding agent

Claude Code / Claude Desktop (MCP server)

Add to your MCP settings:

{
  "mcpServers": {
    "firmis": {
      "command": "npx",
      "args": ["-y", "firmis-cli", "--mcp"]
    }
  }
}

Your agent can now run firmis_scan, firmis_discover, and firmis_report as tools.

Cursor (MCP server)

Add to .cursor/mcp.json:

{
  "mcpServers": {
    "firmis": {
      "command": "npx",
      "args": ["-y", "firmis-cli", "--mcp"]
    }
  }
}

Claude Code Skills

# Add Firmis security skills to your project
git clone https://github.com/firmislabs/firmis-security.git .claude/skills/firmis

Skills: security-scan, security-fix, security-report. Works in Claude Code, Codex, Cursor, and any tool that reads SKILL.md.

... View full README on GitHub

Firmis Scanner

Quick Install

Should you use this server?

Test This Server

Score Breakdown

MCPpedia Score

Security

Reviews

Frequently Asked Questions

Similar servers

Sequential Thinking MCP Server

Arxiv Mcp Server

Gemini Cli

Python Sdk

Discussion

Firmis

The Problem

Quick Start

Use with your coding agent