PatchPilot MCP
Security scanner for vibe coders that checks npm packages for known vulnerabilities before installation, integrating with AI coding tools like Claude Code and Cursor.
README
PatchPilot MCP
Security scanner for vibe coders. Checks npm packages for known vulnerabilities before you install them.
What it does
PatchPilot is an MCP server that integrates with Claude Code, Cursor, and other AI coding tools. When you're about to install a package, you can ask Claude to check if it's safe first.
Example:
You: "Check if lodash@4.17.0 is safe to use"
Claude: 🚨 lodash@4.17.0 has 4 known vulnerabilities!
...
💡 Recommendation: Update to lodash@4.17.21 or later
Installation
Prerequisites
- Node.js 18+
- Claude Code or another MCP-compatible client
Setup
- Clone this repository:
git clone https://github.com/YOUR_USERNAME/patchpilot-mcp.git
cd patchpilot-mcp
- Install dependencies:
npm install
- Build:
npm run build
Add to Claude Code
Add to your Claude Code config (~/.claude/settings.json):
{
"mcpServers": {
"patchpilot": {
"command": "node",
"args": ["/path/to/patchpilot-mcp/dist/index.js"]
}
}
}
Or for development (without building):
{
"mcpServers": {
"patchpilot": {
"command": "npx",
"args": ["tsx", "/path/to/patchpilot-mcp/src/index.ts"]
}
}
}
Restart Claude Code after adding the config.
Usage
Once installed, ask Claude to check packages:
- "Check if express@4.17.0 is safe"
- "Is next@14.1.0 secure?"
- "Check lodash 4.17.0 for vulnerabilities"
How it works
PatchPilot uses the OSV API (Google's Open Source Vulnerabilities database) to check packages. The API is:
- Free (no API key needed)
- Fast
- Comprehensive (aggregates data from npm, GitHub, NVD, and more)
Available Tools
check_package
Check a single npm package for known vulnerabilities.
Input:
name: Package name (e.g., "lodash")version: Package version (e.g., "4.17.0")
Output:
- Vulnerability count and severity breakdown
- Details of each vulnerability
- Recommended fix version
License
MIT
Recommended Servers
playwright-mcp
A Model Context Protocol server that enables LLMs to interact with web pages through structured accessibility snapshots without requiring vision models or screenshots.
Magic Component Platform (MCP)
An AI-powered tool that generates modern UI components from natural language descriptions, integrating with popular IDEs to streamline UI development workflow.
Audiense Insights MCP Server
Enables interaction with Audiense Insights accounts via the Model Context Protocol, facilitating the extraction and analysis of marketing insights and audience data including demographics, behavior, and influencer engagement.
VeyraX MCP
Single MCP tool to connect all your favorite tools: Gmail, Calendar and 40 more.
graphlit-mcp-server
The Model Context Protocol (MCP) Server enables integration between MCP clients and the Graphlit service. Ingest anything from Slack to Gmail to podcast feeds, in addition to web crawling, into a Graphlit project - and then retrieve relevant contents from the MCP client.
Kagi MCP Server
An MCP server that integrates Kagi search capabilities with Claude AI, enabling Claude to perform real-time web searches when answering questions that require up-to-date information.
E2B
Using MCP to run code via e2b.
Neon Database
MCP server for interacting with Neon Management API and databases
Exa Search
A Model Context Protocol (MCP) server lets AI assistants like Claude use the Exa AI Search API for web searches. This setup allows AI models to get real-time web information in a safe and controlled way.
Qdrant Server
This repository is an example of how to create a MCP server for Qdrant, a vector search engine.