Config is the same across clients — only the file and path differ.
{
"mcpServers": {
"ai-scanner": {
"args": [
"ai-scanner-mcp"
],
"command": "npx"
}
}
}Are you the author?
Add this badge to your README to show your security score and help users find safe servers.
MCP server for ai-scanner - let AI agents scan codebases for LLM usage, AI frameworks, and exposed secrets.
Run this in your terminal to verify the server starts. Then let us know if it worked — your result helps other developers.
npx -y 'ai-scanner-mcp' 2>&1 | head -1 && echo "✓ Server started successfully"
After testing, let us know if it worked:
Five weighted categories — click any category to see the underlying evidence.
No known CVEs.
Checked ai-scanner-mcp against OSV.dev.
Click any tool to inspect its schema.
Be the first to review
Have you used this server?
Share your experience — it helps other developers decide.
Sign in to write a review.
Others in security
AI-powered reverse engineering assistant that bridges IDA Pro with language models through MCP.
Proof primitive for AI agents on MultiversX. Anchor file hashes on-chain as verifiable proofs.
Model Context Protocol for WinDBG
Security scanner for GitHub repos, Agent Skills, Plugins, and MCP servers. 18 scanners. Zero dependencies.
MCP Security Weekly
Get CVE alerts and security updates for Ai Scanner MCP Server and similar servers.
Start a conversation
Ask a question, share a tip, or report an issue.
Sign in to join the discussion.
MCP server for ai-scanner - let AI agents scan codebases for LLM usage, AI frameworks, and exposed secrets.
An MCP server that exposes ai-scanner as tools for AI agents. Works with Claude Code, Claude Desktop, Cursor, Windsurf, and any MCP-compatible client.
| Tool | Description |
|---|---|
scan_directory | Full scan — LLM SDKs, AI frameworks, exposed tokens, and hardcoded secrets with severity levels |
check_secrets | Security check — pass/fail scan for exposed credentials only. Perfect for pre-commit checks |
ai_inventory | AI stack overview — which SDKs, frameworks, models, and API endpoints are used (no secret detection) |
claude mcp add ai-scanner npx ai-scanner-mcp
Add to your claude_desktop_config.json:
{
"mcpServers": {
"ai-scanner": {
"command": "npx",
"args": ["ai-scanner-mcp"]
}
}
}
Config file location:
~/Library/Application Support/Claude/claude_desktop_config.json%APPDATA%\Claude\claude_desktop_config.jsonAdd to .cursor/mcp.json in your project:
{
"mcpServers": {
"ai-scanner": {
"command": "npx",
"args": ["ai-scanner-mcp"]
}
}
}
Add to ~/.windsurf/mcp.json:
{
"mcpServers": {
"ai-scanner": {
"command": "npx",
"args": ["ai-scanner-mcp"]
}
}
}
Once connected, you can ask your AI agent:
Full scan with all detection categories. Parameters:
| Parameter | Type | Default | Description |
|---|---|---|---|
directory | string | required | Path to scan |
ai_only | boolean | false | Skip generic secrets (Stripe, GitHub, etc.) |
scan_env | boolean | false | Include .env files |
include_endpoints | boolean | true | Detect LLM API endpoint URLs |
include_models | boolean | true | Detect model name references |
Security-focused pass/fail check. Parameters:
| Parameter | Type | Default | Description |
|---|---|---|---|
directory | string | required | Path to scan |
ai_only | boolean | false | Only check AI tokens |
scan_env | boolean | false | Include .env files |
AI stack awareness (no secret detection). Parameters:
| Parameter | Type | Default | Description |
|---|---|---|---|
directory | string | required | Path to scan |