Is io.github.salrad22/code-sentinel safe to use?

io.github.salrad22/code-sentinel has no known CVEs as of the latest MCPpedia security scan. It does not require authentication, so any local process can connect — keep this in mind in shared environments.

How do I install io.github.salrad22/code-sentinel?

io.github.salrad22/code-sentinel can be installed by cloning its GitHub repository and following the setup instructions in the README.

What AI clients work with io.github.salrad22/code-sentinel?

io.github.salrad22/code-sentinel is compatible with claude-desktop, cursor, claude-code. It uses stdio transport.

Is io.github.salrad22/code-sentinel actively maintained?

io.github.salrad22/code-sentinel is less actively maintained — last commit was 137 days ago. It has 3 GitHub stars.

io.github.salrad22/code-sentinel

Code quality analysis MCP server - detects security issues, deceptive patterns, and placeholders

3 0 tools GitHub

No known CVEs

No license

Maintained

Last commit 137d ago

Works with most clients

Transport: stdio

0 tools

Grade F

Edit this pageView history

Security

Step 1

Install in your client

Config is the same across clients — only the file and path differ.

Supported in Claude Desktopstdio · Node 18+

Paste into ~/Library/Application Support/Claude/claude_desktop_config.json

{
  "mcpServers": {
    "io-github-salrad22-code-sentinel": {
      "command": "<see-readme>",
      "args": []
    }
  }
}

Are you the author?

Add this badge to your README to show your security score and help users find safe servers.

Embed in your READMEAbout badges →

[![MCPpedia Score](https://mcppedia.org/api/badge/io-github-salrad22-code-sentinel)](https://mcppedia.org/s/io-github-salrad22-code-sentinel)

Read me

What io.github.salrad22/code-sentinel does

A comprehensive code quality analysis server for the Model Context Protocol (MCP). CodeSentinel integrates with Claude Code and other MCP-compatible clients to detect security vulnerabilities, deceptive patterns, incomplete code, and highlight good practices.

Test This Server

No automated test available for this server. Check the GitHub README for setup instructions.

Loading README…

Scored, not listed

Why this score

Five weighted categories — click any category to see the underlying evidence.

Score breakdown

28/100across 5 weighted dimensions

How we score →

0255075100

−72

Security

Maintenance

Efficiency

Documentation

Compatibility

Categoriesclick a row to see evidence

Security

OSV.dev

No known CVEs.

No package registry to scan.

Community

Reviews

Be the first to review

Have you used this server?

Share your experience — it helps other developers decide.

How easy was setup?Did it work reliably?How was the documentation?

Frequently Asked Questions

Is io.github.salrad22/code-sentinel safe to use?: io.github.salrad22/code-sentinel has no known CVEs as of the latest MCPpedia security scan. It does not require authentication, so any local process can connect — keep this in mind in shared environments.
How do I install io.github.salrad22/code-sentinel?: io.github.salrad22/code-sentinel can be installed by cloning its GitHub repository and following the setup instructions in the README.
What AI clients work with io.github.salrad22/code-sentinel?: io.github.salrad22/code-sentinel is compatible with claude-desktop, cursor, claude-code. It uses stdio transport.
Is io.github.salrad22/code-sentinel actively maintained?: io.github.salrad22/code-sentinel is less actively maintained — last commit was 137 days ago. It has 3 GitHub stars.

Similar servers

Others in security

View all →

Ida Pro Mcp92

AI-powered reverse engineering assistant that bridges IDA Pro with language models through MCP.

8.7k 3

Evil Mcp Server91

An evil MCP server used for redteam testing

30 1

Atomic Red Team Mcp90

MCP server for Atomic Red Team

123 5

Iam Policy Autopilot90

IAM Policy Autopilot is an open source static code analysis tool that helps you quickly create baseline AWS IAM policies that you can refine as your application evolves. This tool is available as a command-line utility and MCP server for use within AI coding assistants for quickly building IAM policies.

361 1

MCP Security Weekly

Get CVE alerts and security updates for io.github.salrad22/code-sentinel and similar servers.

Community

Discussion

Start a conversation

Ask a question, share a tip, or report an issue.

Has anyone used this with Cursor?How do you handle auth?Any alternatives?

Edit this pageView history

Security

Step 1

Install in your client

Config is the same across clients — only the file and path differ.

Supported in Claude Desktopstdio · Node 18+

Paste into ~/Library/Application Support/Claude/claude_desktop_config.json

{
  "mcpServers": {
    "io-github-salrad22-code-sentinel": {
      "command": "<see-readme>",
      "args": []
    }
  }
}

Are you the author?

Add this badge to your README to show your security score and help users find safe servers.

Embed in your READMEAbout badges →

[![MCPpedia Score](https://mcppedia.org/api/badge/io-github-salrad22-code-sentinel)](https://mcppedia.org/s/io-github-salrad22-code-sentinel)

Read me

What io.github.salrad22/code-sentinel does

Test This Server

No automated test available for this server. Check the GitHub README for setup instructions.

README

CodeSentinel MCP Server

Why CodeSentinel?

AI coding assistants can inadvertently introduce subtle issues: hardcoded secrets, empty catch blocks, TODO placeholders left behind, or patterns that hide errors. CodeSentinel acts as a quality gate, analyzing code for 93 distinct patterns across 5 categories before issues reach production.

Key differentiators:

Verification-aware detection: Many patterns include verification steps to reduce false positives
LLM-optimized output: Structured JSON output designed for AI consumption and action
Balanced analysis: Detects both issues AND strengths for fair code assessment
Multi-language support: Works with TypeScript, JavaScript, Python, Go, Rust, Java, and more

Why Not Tree-sitter or AST-Based Tools?

CodeSentinel intentionally uses a pattern-based approach rather than AST parsing. Here's why:

The Problem We Solve Is Different

Traditional linters (ESLint, tree-sitter) detect syntax errors and style violations. CodeSentinel detects semantically deceptive patterns - code that is:

Syntactically valid (passes all linters)
Structurally correct (valid AST)
But hides serious issues that AI agents commonly produce

Examples AST Tools Miss

// AST sees: valid try-catch block
// CodeSentinel sees: error swallowing that masks failures
try { riskyOperation(); } catch(e) { }

// AST sees: valid function returning boolean
// CodeSentinel sees: fake implementation that always succeeds
function validateUser() { return true; } // TODO: implement

// AST sees: valid fallback expression
// CodeSentinel sees: failure masking - "no data" vs "fetch failed" indistinguishable
const users = response.data || [];

// AST sees: valid return statement
// CodeSentinel sees: silent failure hiding
if (error) { return null; } // error case

What Each Approach Detects

Issue Type	AST/Tree-sitter	CodeSentinel
Syntax errors	Yes	No (not our goal)
Missing semicolons	Yes	No
Unused variables	Yes	No
Empty catch blocks	Partially	Yes
Silent error returns	No	Yes
Fake success responses	No	Yes
TODO/placeholder code	No	Yes
Error-masking fallbacks	No	Yes
Hardcoded secrets	Limited	Yes
Deceptive comments	No	Yes

The Real Issue: Agent Behavior

AI coding agents produce code that looks correct but contains subtle deceptions:

"Making the error go away" - Empty catches, silent returns, swallowed exceptions
Placeholder implementations - return true, return [], TODO comments
False confidence patterns - || [] fallbacks that mask fetch failures
Suppression abuse - @ts-ignore, eslint-disable to hide type errors

These patterns pass every linter and compile successfully. AST tools see valid structure. Only pattern-based detection catches the semantic intent behind the code.

When to Use What

Tool	Use For
ESLint/TSLint	Style consistency, syntax rules, unused code
Tree-sitter	Syntax highlighting, code navigation, refactoring
TypeScript	Type safety, compile-time errors
CodeSentinel	Agent-generated deceptions, error hiding, incomplete implementations

CodeSentinel complements these tools - it catches what they structurally cannot.

Features

Security Analysis (16 patterns): Hardcoded secrets, SQL injection, XSS, command injection, insecure crypto, disabled SSL, and more
Deceptive Pattern Detection (17 patterns): Empty catch blocks, silent failures, error-hiding fallbacks, linter

... View full README on GitHub

Loading README…

Scored, not listed

Why this score

Five weighted categories — click any category to see the underlying evidence.

Score breakdown

28/100across 5 weighted dimensions

How we score →

0255075100

−72

Security

Maintenance

Efficiency

Documentation

Compatibility

Categoriesclick a row to see evidence

Security

OSV.dev

No known CVEs.

No package registry to scan.

Community

Reviews

Be the first to review

Have you used this server?

Share your experience — it helps other developers decide.

How easy was setup?Did it work reliably?How was the documentation?

Frequently Asked Questions

Is io.github.salrad22/code-sentinel safe to use?: io.github.salrad22/code-sentinel has no known CVEs as of the latest MCPpedia security scan. It does not require authentication, so any local process can connect — keep this in mind in shared environments.
How do I install io.github.salrad22/code-sentinel?: io.github.salrad22/code-sentinel can be installed by cloning its GitHub repository and following the setup instructions in the README.
What AI clients work with io.github.salrad22/code-sentinel?: io.github.salrad22/code-sentinel is compatible with claude-desktop, cursor, claude-code. It uses stdio transport.
Is io.github.salrad22/code-sentinel actively maintained?: io.github.salrad22/code-sentinel is less actively maintained — last commit was 137 days ago. It has 3 GitHub stars.