Is io.github.ryansmith4/sheriff-mcp safe to use?

io.github.ryansmith4/sheriff-mcp has no known CVEs as of the latest MCPpedia security scan. It does not require authentication, so any local process can connect — keep this in mind in shared environments.

How do I install io.github.ryansmith4/sheriff-mcp?

io.github.ryansmith4/sheriff-mcp supports copy-paste install configs on its MCPpedia page for Claude Desktop, Cursor, and Claude Code. Scroll to the Quick Install section and select your client.

What can io.github.ryansmith4/sheriff-mcp do?

io.github.ryansmith4/sheriff-mcp provides 1 tool: sheriff. See the full tools list on the server page for descriptions and parameters.

What AI clients work with io.github.ryansmith4/sheriff-mcp?

io.github.ryansmith4/sheriff-mcp is compatible with claude-desktop, cursor, claude-code. It uses stdio transport.

Is io.github.ryansmith4/sheriff-mcp actively maintained?

io.github.ryansmith4/sheriff-mcp is actively maintained — last commit was 4 days ago.

io.github.ryansmith4/sheriff-mcp

MCP server for fixing static analysis issues from SARIF reports with AI agents

1 tool GitHub

No known CVEs

No license

Actively maintained

Last commit 4d ago

Works with most clients

Transport: stdio

1 tool · ~206 tok

Grade A · 0.1% of 200K ctx

Edit this pageView history

Developer Tools Security

Step 1

Install in your client

Config is the same across clients — only the file and path differ.

Supported in Claude Desktopstdio · Node 18+

Paste into ~/Library/Application Support/Claude/claude_desktop_config.json

{
  "mcpServers": {
    "sheriff": {
      "args": [
        "-jar",
        "/path/to/sheriff-mcp-1.0.2-all.jar",
        "start"
      ],
      "command": "java"
    }
  }
}

Are you the author?

Add this badge to your README to show your security score and help users find safe servers.

Embed in your READMEAbout badges →

[![MCPpedia Score](https://mcppedia.org/api/badge/io-github-ryansmith4-sheriff-mcp)](https://mcppedia.org/s/io-github-ryansmith4-sheriff-mcp)

Read me

What io.github.ryansmith4/sheriff-mcp does

Sheriff is an MCP server that helps AI agents efficiently fix static analysis issues from SARIF reports.

Test This Server

No automated test available for this server. Check the GitHub README for setup instructions.

Loading README…

Scored, not listed

Why this score

Five weighted categories — click any category to see the underlying evidence.

Score breakdown

71/100across 5 weighted dimensions

How we score →

0255075100

−29

Security

Maintenance

Efficiency

Documentation

Compatibility

Categoriesclick a row to see evidence

Security

OSV.dev

No known CVEs.

No package registry to scan.

Inventory

Tools (1)

Click any tool to inspect its schema.

~206 tokens total

Community

Reviews

Be the first to review

Have you used this server?

Share your experience — it helps other developers decide.

How easy was setup?Did it work reliably?How was the documentation?

Frequently Asked Questions

Is io.github.ryansmith4/sheriff-mcp safe to use?: io.github.ryansmith4/sheriff-mcp has no known CVEs as of the latest MCPpedia security scan. It does not require authentication, so any local process can connect — keep this in mind in shared environments.
How do I install io.github.ryansmith4/sheriff-mcp?: io.github.ryansmith4/sheriff-mcp supports copy-paste install configs on its MCPpedia page for Claude Desktop, Cursor, and Claude Code. Scroll to the Quick Install section and select your client.
What can io.github.ryansmith4/sheriff-mcp do?: io.github.ryansmith4/sheriff-mcp provides 1 tool: sheriff. See the full tools list on the server page for descriptions and parameters.
What AI clients work with io.github.ryansmith4/sheriff-mcp?: io.github.ryansmith4/sheriff-mcp is compatible with claude-desktop, cursor, claude-code. It uses stdio transport.
Is io.github.ryansmith4/sheriff-mcp actively maintained?: io.github.ryansmith4/sheriff-mcp is actively maintained — last commit was 4 days ago.

Similar servers

Others in developer-tools / security

View all →

XcodeBuildMCP97

A Model Context Protocol (MCP) server and CLI that provides tools for agent use when working on iOS and macOS projects.

5.8k 2

XcodeBuildMCP97

XcodeBuildMCP provides tools for Xcode project management, simulator management, and app utilities.

5.8k 1

Mcp_agent_mail96

Asynchronous coordination layer for AI coding agents: identities, inboxes, searchable threads, and advisory file leases over FastMCP + Git + SQLite

2.0k 6

Figma Console Mcp96

MCP server for accessing Figma plugin console logs and screenshots via Cloudflare Workers or local mode

1.7k 2

MCP Security Weekly

Get CVE alerts and security updates for io.github.ryansmith4/sheriff-mcp and similar servers.

Community

Discussion

Start a conversation

Ask a question, share a tip, or report an issue.

Has anyone used this with Cursor?How do you handle auth?Any alternatives?

Edit this pageView history

Developer Tools Security

Step 1

Install in your client

Config is the same across clients — only the file and path differ.

Supported in Claude Desktopstdio · Node 18+

Paste into ~/Library/Application Support/Claude/claude_desktop_config.json

{
  "mcpServers": {
    "sheriff": {
      "args": [
        "-jar",
        "/path/to/sheriff-mcp-1.0.2-all.jar",
        "start"
      ],
      "command": "java"
    }
  }
}

Are you the author?

Add this badge to your README to show your security score and help users find safe servers.

Embed in your READMEAbout badges →

[![MCPpedia Score](https://mcppedia.org/api/badge/io-github-ryansmith4-sheriff-mcp)](https://mcppedia.org/s/io-github-ryansmith4-sheriff-mcp)

Read me

What io.github.ryansmith4/sheriff-mcp does

Sheriff is an MCP server that helps AI agents efficiently fix static analysis issues from SARIF reports.

Test This Server

No automated test available for this server. Check the GitHub README for setup instructions.

README

Sheriff-MCP

Sheriff is an MCP server that helps AI agents efficiently fix static analysis issues from SARIF reports.

Documentation | Installation | Tool Reference

Why Sheriff?

AI agents struggle with large static analysis reports:

Context overload - 100+ issues overwhelm context windows
Lost progress - Work is lost on context compaction or session restart
Inefficient navigation - No batching means jumping between files repeatedly

Sheriff solves this by acting as a work queue manager:

Intelligent batching - Issues grouped by file for efficient fixing
Persistent progress - State survives compaction, restarts, and agent switches
Scope filtering - Focus on specific rules, severities, or file patterns
Compact responses - Minimal context usage with abbreviated field names

Supported Static Analysis Tools

Sheriff works with any tool that produces SARIF output:

Tool	Language	SARIF Command
Qodana	Java/Kotlin/JS/Python	`qodana scan`
Semgrep	Multi-language	`semgrep --sarif -o results.sarif`
ESLint	JavaScript/TypeScript	`eslint --format @microsoft/sarif`
CodeQL	Multi-language	Built-in SARIF output
SpotBugs	Java	`spotbugs -sarif`
Bandit	Python	`bandit -f sarif`
Checkov	IaC	`checkov -o sarif`
Trivy	Container/IaC	`trivy --format sarif`
SonarQube	Multi-language	Built-in SARIF export

Quick Start

1. Install

JAR (All Platforms) — Requires Java 21+

Download sheriff-mcp-1.0.2-all.jar from Releases.

Docker

docker pull ghcr.io/ryansmith4/sheriff-mcp:latest

MCP Registry

Clients that support the MCP Registry can install directly by name: io.github.ryansmith4/sheriff-mcp

See the Installation Guide for full details.

2. Configure Your MCP Client

Add Sheriff to your MCP client (Claude Code, Cursor, ChatGPT Desktop, etc.):

{
  "mcpServers": {
    "sheriff": {
      "command": "java",
      "args": ["-jar", "/path/to/sheriff-mcp-1.0.2-all.jar", "start"]
    }
  }
}

Or with Docker:

{
  "mcpServers": {
    "sheriff": {
      "command": "docker",
      "args": ["run", "-i", "--rm", "-v", ".:/data", "ghcr.io/ryansmith4/sheriff-mcp:latest"]
    }
  }
}

See the Agent Setup Guide for client-specific instructions and recommended agent instructions.

3. Use It

1. Run static analysis     →  qodana scan
2. Load i

... [View full README on GitHub](https://github.com/ryansmith4/sheriff-mcp#readme)

Loading README…

Scored, not listed

Why this score

Five weighted categories — click any category to see the underlying evidence.

Score breakdown

71/100across 5 weighted dimensions

How we score →

0255075100

−29

Security

Maintenance

Efficiency

Documentation

Compatibility

Categoriesclick a row to see evidence

Security

OSV.dev

No known CVEs.

No package registry to scan.

Inventory

Tools (1)

Click any tool to inspect its schema.

~206 tokens total

Community

Reviews

Be the first to review

Have you used this server?

Share your experience — it helps other developers decide.

How easy was setup?Did it work reliably?How was the documentation?

Frequently Asked Questions

Is io.github.ryansmith4/sheriff-mcp safe to use?: io.github.ryansmith4/sheriff-mcp has no known CVEs as of the latest MCPpedia security scan. It does not require authentication, so any local process can connect — keep this in mind in shared environments.
How do I install io.github.ryansmith4/sheriff-mcp?: io.github.ryansmith4/sheriff-mcp supports copy-paste install configs on its MCPpedia page for Claude Desktop, Cursor, and Claude Code. Scroll to the Quick Install section and select your client.
What can io.github.ryansmith4/sheriff-mcp do?: io.github.ryansmith4/sheriff-mcp provides 1 tool: sheriff. See the full tools list on the server page for descriptions and parameters.
What AI clients work with io.github.ryansmith4/sheriff-mcp?: io.github.ryansmith4/sheriff-mcp is compatible with claude-desktop, cursor, claude-code. It uses stdio transport.
Is io.github.ryansmith4/sheriff-mcp actively maintained?: io.github.ryansmith4/sheriff-mcp is actively maintained — last commit was 4 days ago.

Similar servers

Others in developer-tools / security

View all →

XcodeBuildMCP97

A Model Context Protocol (MCP) server and CLI that provides tools for agent use when working on iOS and macOS projects.

5.8k 2

XcodeBuildMCP97

XcodeBuildMCP provides tools for Xcode project management, simulator management, and app utilities.

5.8k 1

Mcp_agent_mail96

Asynchronous coordination layer for AI coding agents: identities, inboxes, searchable threads, and advisory file leases over FastMCP + Git + SQLite

2.0k 6

Figma Console Mcp96

MCP server for accessing Figma plugin console logs and screenshots via Cloudflare Workers or local mode

1.7k 2

MCP Security Weekly

Get CVE alerts and security updates for io.github.ryansmith4/sheriff-mcp and similar servers.

Community

Discussion

Start a conversation

Ask a question, share a tip, or report an issue.

Has anyone used this with Cursor?How do you handle auth?Any alternatives?