Is Mcp Server Semgrep safe to use?

Mcp Server Semgrep has no known CVEs as of the latest MCPpedia security scan. It does not require authentication, so any local process can connect — keep this in mind in shared environments. Licensed under MIT.

How do I install Mcp Server Semgrep?

Mcp Server Semgrep supports copy-paste install configs on its MCPpedia page for Claude Desktop, Cursor, and Claude Code. Scroll to the Quick Install section and select your client.

What AI clients work with Mcp Server Semgrep?

Mcp Server Semgrep is compatible with claude-desktop, cursor, claude-code. It uses stdio and http transport.

Is Mcp Server Semgrep actively maintained?

Mcp Server Semgrep is actively maintained — last commit was 20 days ago. It has 28 GitHub stars.

Mcp Server Semgrep

Name: Mcp Server Semgrep
Author: VetCoders

mcp-server-semgrep · by VetCoders

MCP Server Semgrep is a [Model Context Protocol](https://modelcontextprotocol.io) compliant server that integrates the powerful Semgrep static analysis tool with AI assistants like Anthropic Claude. It enables advanced code analysis, security vulnerability detection, and code quality improvements directly through a conversational interface.

28 279/wk 0 tools GitHub npm PyPI

No known CVEs

MIT license

Actively maintained

Last commit 20d ago

Works with most clients

Transport: stdio, http

0 tools

Grade F

Edit this pageView history

Security Developer Tools

Step 1

Install in your client

Config is the same across clients — only the file and path differ.

Supported in Claude Desktopstdio, http · Node 18+

Paste into ~/Library/Application Support/Claude/claude_desktop_config.json

{
  "mcpServers": {
    "semgrep": {
      "env": {
        "SEMGREP_APP_TOKEN": "your_semgrep_app_token"
      },
      "args": [
        "/your_path/mcp-server-semgrep/build/index.js"
      ],
      "command": "node"
    }
  }
}

Are you the author?

Add this badge to your README to show your security score and help users find safe servers.

Embed in your READMEAbout badges →

[![MCPpedia Score](https://mcppedia.org/api/badge/mcp-server-semgrep)](https://mcppedia.org/s/mcp-server-semgrep)

Read me

What Mcp Server Semgrep does

This project was initially inspired by robustness of Semgrep tool, The Replit Team and their Agent V2, as well as the implementation by stefanskiasan/semgrep-mcp-server, but has evolved with significant architectural changes for enhanced and easier installation and maintenance.

Test This Server

This server supports HTTP transport. Be the first to test it — help the community know if it works.

Loading README…

Scored, not listed

Why this score

Five weighted categories — click any category to see the underlying evidence.

Score breakdown

61/100across 5 weighted dimensions

How we score →

0255075100

−39

Security

Maintenance

Efficiency

Documentation

Compatibility

Categoriesclick a row to see evidence

Security

OSV.dev

1 fixed

CVE-2026-7446low · fixedCVSS 3.1

mcp-server-semgrep has a Command Injection issue

A vulnerability was detected in VetCoders mcp-server-semgrep 1.0.0. This affects the function analyze_results/filter_results/export_results/compare_results/scan_directory/create_rule of the file src/index.ts of the component MCP Interface. The manipulation of the argument ID results in os command injection. The attack can be executed remotely. The exploit is now public and may be used. Upgrading to version 1.0.1 is able to mitigate this issue. The patch is identified as 141335da044e53c3f5b315e03

Affected: >= 0Fixed in 1.0.1source →

Community

Reviews

Be the first to review

Have you used this server?

Share your experience — it helps other developers decide.

How easy was setup?Did it work reliably?How was the documentation?

Frequently Asked Questions

Is Mcp Server Semgrep safe to use?: Mcp Server Semgrep has no known CVEs as of the latest MCPpedia security scan. It does not require authentication, so any local process can connect — keep this in mind in shared environments. Licensed under MIT.
How do I install Mcp Server Semgrep?: Mcp Server Semgrep supports copy-paste install configs on its MCPpedia page for Claude Desktop, Cursor, and Claude Code. Scroll to the Quick Install section and select your client.
What AI clients work with Mcp Server Semgrep?: Mcp Server Semgrep is compatible with claude-desktop, cursor, claude-code. It uses stdio and http transport.
Is Mcp Server Semgrep actively maintained?: Mcp Server Semgrep is actively maintained — last commit was 20 days ago. It has 28 GitHub stars.

Similar servers

Others in security / developer-tools

View all →

XcodeBuildMCP97

A Model Context Protocol (MCP) server and CLI that provides tools for agent use when working on iOS and macOS projects.

5.8k 2

XcodeBuildMCP97

XcodeBuildMCP provides tools for Xcode project management, simulator management, and app utilities.

5.8k 1

Mcp_agent_mail96

Asynchronous coordination layer for AI coding agents: identities, inboxes, searchable threads, and advisory file leases over FastMCP + Git + SQLite

2.0k 6

Figma Console Mcp96

MCP server for accessing Figma plugin console logs and screenshots via Cloudflare Workers or local mode

1.7k 2

MCP Security Weekly

Get CVE alerts and security updates for Mcp Server Semgrep and similar servers.

Community

Discussion

Start a conversation

Ask a question, share a tip, or report an issue.

Has anyone used this with Cursor?How do you handle auth?Any alternatives?

Edit this pageView history

Security Developer Tools

Step 1

Install in your client

Config is the same across clients — only the file and path differ.

Supported in Claude Desktopstdio, http · Node 18+

Paste into ~/Library/Application Support/Claude/claude_desktop_config.json

{
  "mcpServers": {
    "semgrep": {
      "env": {
        "SEMGREP_APP_TOKEN": "your_semgrep_app_token"
      },
      "args": [
        "/your_path/mcp-server-semgrep/build/index.js"
      ],
      "command": "node"
    }
  }
}

Are you the author?

Add this badge to your README to show your security score and help users find safe servers.

Embed in your READMEAbout badges →

[![MCPpedia Score](https://mcppedia.org/api/badge/mcp-server-semgrep)](https://mcppedia.org/s/mcp-server-semgrep)

Read me

What Mcp Server Semgrep does

Test This Server

This server supports HTTP transport. Be the first to test it — help the community know if it works.

README

MCP Server Semgrep

POWERED BY:

About the Project

MCP Server Semgrep is a Model Context Protocol compliant server that integrates the powerful Semgrep static analysis tool with AI assistants like Anthropic Claude. It enables advanced code analysis, security vulnerability detection, and code quality improvements directly through a conversational interface.

Benefits of Integration

For Developers and Development Teams:

Holistic Source Code Analysis - detecting issues throughout the entire project, not just in individual files
Proactive Error Detection - identifying potential problems before they become critical bugs
Continuous Code Quality Improvement - regular scanning and refactoring lead to gradual codebase improvements
Stylistic Consistency - identification and fixing of inconsistencies in code, such as:
- Arbitrary z-index layers in CSS
- Inconsistent naming conventions
- Code duplication
- "Magic numbers" instead of named constants

For Security:

Automated Code Verification for Known Vulnerabilities - scanning for known security issue patterns
Customized Security Rules - creating project-specific rules
Team Education - teaching secure programming practices through detection of potential issues

For Project Maintenance and Development:

"Live" Documentation - AI can explain why a code fragment is problematic and how to fix it
Technical Debt Reduction - systematically detecting and fixing problematic areas
Improved Code Reviews - automatic detection of common issues allows focus on more complex matters

Key Features

Direct integration with the official MCP SDK
Simplified architecture with consolidated handlers
Clean ES Modules implementation
Efficient error handling and path validation for security
Interface and documentation in both English and Polish
Comprehensive unit tests
Extensive documentation
Cross-platform compatibility (Windows, macOS, Linux)
Flexible Semgrep installation detection and management

Functions

Semgrep MCP Server provides the following tools:

scan_directory: Scanning source code for potential issues
list_rules: Displaying available rules and languages supported by Semgrep
analyze_results: Detailed analysis of scan results
create_rule: Creating custom Semgrep rules
filter_results: Filtering results by various criteria
export_results: Exporting results in various formats
compare_results: Comparing two sets of results (e.g., before and after changes)

Common Use Cases

Code security analysis before deployment
Detection of common programming errors
Enforcing coding standards within a team
Refactoring and improving quality of existing code
Identifying inconsistencies in styles and code structure (e.g., CSS, component organization)
Developer education regarding best practices
Verification of fix correctness (comparing before/after scans)

Installation

Prerequisites

Node.js v18+
TypeScript (for dev

... View full README on GitHub

Loading README…

Scored, not listed

Why this score

Five weighted categories — click any category to see the underlying evidence.

Score breakdown

61/100across 5 weighted dimensions

How we score →

0255075100

−39

Security

Maintenance

Efficiency

Documentation

Compatibility

Categoriesclick a row to see evidence

Security

OSV.dev

1 fixed

CVE-2026-7446low · fixedCVSS 3.1

mcp-server-semgrep has a Command Injection issue

Affected: >= 0Fixed in 1.0.1source →

Community

Reviews

Be the first to review

Have you used this server?

Share your experience — it helps other developers decide.

How easy was setup?Did it work reliably?How was the documentation?

Frequently Asked Questions

Is Mcp Server Semgrep safe to use?: Mcp Server Semgrep has no known CVEs as of the latest MCPpedia security scan. It does not require authentication, so any local process can connect — keep this in mind in shared environments. Licensed under MIT.
How do I install Mcp Server Semgrep?: Mcp Server Semgrep supports copy-paste install configs on its MCPpedia page for Claude Desktop, Cursor, and Claude Code. Scroll to the Quick Install section and select your client.
What AI clients work with Mcp Server Semgrep?: Mcp Server Semgrep is compatible with claude-desktop, cursor, claude-code. It uses stdio and http transport.
Is Mcp Server Semgrep actively maintained?: Mcp Server Semgrep is actively maintained — last commit was 20 days ago. It has 28 GitHub stars.