Is io.github.andrasfe/vulnicheck safe to use?

io.github.andrasfe/vulnicheck has no known CVEs as of the latest MCPpedia security scan. It does not require authentication, so any local process can connect — keep this in mind in shared environments.

How do I install io.github.andrasfe/vulnicheck?

io.github.andrasfe/vulnicheck can be installed by cloning its GitHub repository and following the setup instructions in the README.

What can io.github.andrasfe/vulnicheck do?

io.github.andrasfe/vulnicheck provides 10 tools: check_package_vulnerabilities, scan_dependencies, scan_installed_packages, get_cve_details, scan_for_secrets and 5 more. See the full tools list on the server page for descriptions and parameters.

What AI clients work with io.github.andrasfe/vulnicheck?

io.github.andrasfe/vulnicheck is compatible with claude-desktop, cursor, claude-code. It uses stdio transport.

Is io.github.andrasfe/vulnicheck actively maintained?

io.github.andrasfe/vulnicheck is less actively maintained — last commit was 96 days ago. It has 11 GitHub stars.

io.github.andrasfe/vulnicheck

HTTP MCP Server for comprehensive Python vulnerability scanning and security analysis.

11 10 tools GitHub

No known CVEs

No license

Maintained

Last commit 96d ago

Works with most clients

Transport: stdio

10 tools · ~457 tok

Grade A · 0.2% of 200K ctx

Edit this pageView history

Security

Step 1

Install in your client

Config is the same across clients — only the file and path differ.

Supported in Claude Desktopstdio · Node 18+

Paste into ~/Library/Application Support/Claude/claude_desktop_config.json

{
  "mcpServers": {
    "io-github-andrasfe-vulnicheck": {
      "command": "<see-readme>",
      "args": []
    }
  }
}

Are you the author?

Add this badge to your README to show your security score and help users find safe servers.

Embed in your READMEAbout badges →

[![MCPpedia Score](https://mcppedia.org/api/badge/io-github-andrasfe-vulnicheck)](https://mcppedia.org/s/io-github-andrasfe-vulnicheck)

Read me

What io.github.andrasfe/vulnicheck does

VulniCheck provides comprehensive security analysis for Python projects and GitHub repositories using AI-powered vulnerability detection. It runs as a Docker-based HTTP MCP server with standard HTTP streaming (no SSE required), providing secure containerized deployment with comprehensive vulnerability scanning capabilities.

Test This Server

No automated test available for this server. Check the GitHub README for setup instructions.

Loading README…

Scored, not listed

Why this score

Five weighted categories — click any category to see the underlying evidence.

Score breakdown

64/100across 5 weighted dimensions

How we score →

0255075100

−36

Security

Maintenance

Efficiency

Documentation

Compatibility

Categoriesclick a row to see evidence

Security

OSV.dev

No known CVEs.

No package registry to scan.

Inventory

Tools (10)

Click any tool to inspect its schema.

~457 tokens total

Community

Reviews

Be the first to review

Have you used this server?

Share your experience — it helps other developers decide.

How easy was setup?Did it work reliably?How was the documentation?

Frequently Asked Questions

Is io.github.andrasfe/vulnicheck safe to use?: io.github.andrasfe/vulnicheck has no known CVEs as of the latest MCPpedia security scan. It does not require authentication, so any local process can connect — keep this in mind in shared environments.
How do I install io.github.andrasfe/vulnicheck?: io.github.andrasfe/vulnicheck can be installed by cloning its GitHub repository and following the setup instructions in the README.
What can io.github.andrasfe/vulnicheck do?: io.github.andrasfe/vulnicheck provides 10 tools: check_package_vulnerabilities, scan_dependencies, scan_installed_packages, get_cve_details, scan_for_secrets and 5 more. See the full tools list on the server page for descriptions and parameters.
What AI clients work with io.github.andrasfe/vulnicheck?: io.github.andrasfe/vulnicheck is compatible with claude-desktop, cursor, claude-code. It uses stdio transport.
Is io.github.andrasfe/vulnicheck actively maintained?: io.github.andrasfe/vulnicheck is less actively maintained — last commit was 96 days ago. It has 11 GitHub stars.

Similar servers

Others in security

View all →

Evil Mcp Server93

An evil MCP server used for redteam testing

30 1

io.github.jasonxkensei/xproof92

Proof primitive for AI agents on MultiversX. Anchor file hashes on-chain as verifiable proofs.

1 1

Ida Pro Mcp92

AI-powered reverse engineering assistant that bridges IDA Pro with language models through MCP.

9.0k 3

Nothumanallowed91

Security-first platform for AI agents. 38 specialized agents, 15 AI-powered extensions, zero-knowledge multi-agent orchestration. SENTINEL WAF, Ed25519 auth, 2.6M grounding facts.

97 5

MCP Security Weekly

Get CVE alerts and security updates for io.github.andrasfe/vulnicheck and similar servers.

Community

Discussion

Start a conversation

Ask a question, share a tip, or report an issue.

Has anyone used this with Cursor?How do you handle auth?Any alternatives?

Edit this pageView history

Security

Step 1

Install in your client

Config is the same across clients — only the file and path differ.

Supported in Claude Desktopstdio · Node 18+

Paste into ~/Library/Application Support/Claude/claude_desktop_config.json

{
  "mcpServers": {
    "io-github-andrasfe-vulnicheck": {
      "command": "<see-readme>",
      "args": []
    }
  }
}

Are you the author?

Add this badge to your README to show your security score and help users find safe servers.

Embed in your READMEAbout badges →

[![MCPpedia Score](https://mcppedia.org/api/badge/io-github-andrasfe-vulnicheck)](https://mcppedia.org/s/io-github-andrasfe-vulnicheck)

Read me

What io.github.andrasfe/vulnicheck does

Test This Server

No automated test available for this server. Check the GitHub README for setup instructions.

README

VulniCheck - AI-Powered Security Scanner

Quick Start

1. Pull and Run the Docker Container

# Pull the latest image from Docker Hub
docker pull andrasfe/vulnicheck:latest

# Run with OpenAI API key (for enhanced AI-powered risk assessment)
docker run -d --name vulnicheck-mcp -p 3000:3000 \
  --restart=unless-stopped \
  -e OPENAI_API_KEY=your-openai-api-key \
  andrasfe/vulnicheck:latest

# Or run without API key (basic vulnerability scanning)
docker run -d --name vulnicheck-mcp -p 3000:3000 \
  --restart=unless-stopped \
  andrasfe/vulnicheck:latest

2. Add to Claude Code

claude mcp add --transport http vulnicheck http://localhost:3000/mcp

That's it! VulniCheck is now available in Claude Code.

Usage

Once installed, simply ask Claude:

"Run a comprehensive security check on my project"

"Scan https://github.com/owner/repo for vulnerabilities"

"Check my dependencies for security issues"

"Scan my Dockerfile for vulnerable packages"

VulniCheck will:

✅ Scan dependencies for known vulnerabilities (requirements.txt, pyproject.toml, setup.py)
✅ Detect exposed secrets and credentials
✅ Analyze Dockerfiles for security issues
✅ Validate MCP configurations
✅ Generate AI-powered risk assessments
✅ Provide actionable remediation recommendations

Key Features

Docker Deployment: Secure containerized deployment with HTTP streaming (no SSE/Server-Sent Events required)
Optional Authentication: Supports Google OAuth 2.0 for secure access control (disabled by default)
Production Ready: Scalable HTTP server architecture
Comprehensive Coverage: Queries 5+ vulnerability databases (OSV.dev, NVD, GitHub Advisory, CIRCL, Safety DB)
GitHub Integration: Scan any public/private GitHub repository directly (up to 1GB)
AI-Powered Analysis: Uses OpenAI/Anthropic APIs for intelligent security assessment
Secrets Detection: Finds exposed API keys, passwords, and credentials
Docker Security: Analyzes Dockerfiles for vulnerable dependencies
Smart Caching: Avoids redundant scans with commit-level caching
Space Management: Automatic cleanup prevents disk exhaustion (2GB total limit)
Zero Config: Works out of the box, enhanced with optional API keys

Available Tools

Tool	Description
`check_package_vulnerabilities`	Check a specific Python package for vulnerabilities
`scan_dependencies`	Scan dependency files (requirements.txt, pyproject.toml, etc.)
`scan_installed_packages`	Scan currently installed Python packages
`get_cve_details`	Get detailed information about a specific CVE
`scan_for_secrets`	Detect exposed secrets and credentials in code
`scan_dockerfile`	Analyze Dockerfiles for vulnerable Python dependencies
`scan_github_repo`	Comprehensive security scan of GitHub repositories
`assess_operation_safety`	AI-powered risk assessment for operations
`validate_mcp_security`	Validate MCP server security configurations
`comprehensive_security_check`	Interactive AI-powered security assessment

Optional API Keys

Enhance VulniCheck with API keys for better rate limits and AI features:

docker run -d --name vulnicheck-mcp -p 3000:3000 \
  --restart=unless-stopped \
  -e OPENAI_API_KEY=your-key \           # AI-powered risk assessment
  -e ANTHROPIC_API_KEY=your-key \        # Alternative AI provider
  -e GITHUB_TOKEN=your-token \           # Higher GitHub API rate limits
  -e NVD_API_KEY=your-key \              # Higher NVD rate limits
  andrasfe/vulnicheck:latest

Authentication (Optional)

VulniCheck support

... View full README on GitHub

Loading README…

Scored, not listed

Why this score

Five weighted categories — click any category to see the underlying evidence.

Score breakdown

64/100across 5 weighted dimensions

How we score →

0255075100

−36

Security

Maintenance

Efficiency

Documentation

Compatibility

Categoriesclick a row to see evidence

Security

OSV.dev

No known CVEs.

No package registry to scan.

Inventory

Tools (10)

Click any tool to inspect its schema.

~457 tokens total

Community

Reviews

Be the first to review

Have you used this server?

Share your experience — it helps other developers decide.

How easy was setup?Did it work reliably?How was the documentation?

Frequently Asked Questions

Is io.github.andrasfe/vulnicheck safe to use?: io.github.andrasfe/vulnicheck has no known CVEs as of the latest MCPpedia security scan. It does not require authentication, so any local process can connect — keep this in mind in shared environments.
How do I install io.github.andrasfe/vulnicheck?: io.github.andrasfe/vulnicheck can be installed by cloning its GitHub repository and following the setup instructions in the README.
What can io.github.andrasfe/vulnicheck do?: io.github.andrasfe/vulnicheck provides 10 tools: check_package_vulnerabilities, scan_dependencies, scan_installed_packages, get_cve_details, scan_for_secrets and 5 more. See the full tools list on the server page for descriptions and parameters.
What AI clients work with io.github.andrasfe/vulnicheck?: io.github.andrasfe/vulnicheck is compatible with claude-desktop, cursor, claude-code. It uses stdio transport.
Is io.github.andrasfe/vulnicheck actively maintained?: io.github.andrasfe/vulnicheck is less actively maintained — last commit was 96 days ago. It has 11 GitHub stars.

Similar servers

Others in security

View all →

Evil Mcp Server93

An evil MCP server used for redteam testing

30 1

io.github.jasonxkensei/xproof92

Proof primitive for AI agents on MultiversX. Anchor file hashes on-chain as verifiable proofs.

1 1

Ida Pro Mcp92

AI-powered reverse engineering assistant that bridges IDA Pro with language models through MCP.

9.0k 3

Nothumanallowed91

Security-first platform for AI agents. 38 specialized agents, 15 AI-powered extensions, zero-knowledge multi-agent orchestration. SENTINEL WAF, Ed25519 auth, 2.6M grounding facts.

97 5

MCP Security Weekly

Get CVE alerts and security updates for io.github.andrasfe/vulnicheck and similar servers.

Community

Discussion

Start a conversation

Ask a question, share a tip, or report an issue.

Has anyone used this with Cursor?How do you handle auth?Any alternatives?