VibeCheck MCP Server

VibeCheck MCP Server

An AI-powered security audit tool that analyzes codebases for vulnerabilities using real-time MITRE CWE data and npm audit. It enables users to perform comprehensive scans for authentication issues, exposed secrets, and dependency risks with structured remediation steps.

Category
Visit Server

README

VibeCheck MCP Server

AI-powered security audit tool for codebases. Analyzes code for vulnerabilities using real-time data from MITRE CWE and npm audit.

Features

  • AI-Powered Analysis: Uses MCP sampling to analyze code with Claude
  • Real-Time CWE Data: Fetches vulnerability definitions from MITRE's CWE API
  • Dependency Scanning: Uses npm audit for package vulnerability checks
  • Zero Configuration: No API keys required to get started

Installation

Claude Code (Recommended)

/plugin marketplace add BPN-Solutions/vibecheck-mcp
/plugin install vibecheck@vibecheck

Manual Installation

Add to your Claude Desktop config (~/.claude/claude_desktop_config.json):

{
  "mcpServers": {
    "vibecheck": {
      "command": "npx",
      "args": ["-y", "vibecheck-audit-mcp"]
    }
  }
}

From Source

git clone https://github.com/BPN-Solutions/vibecheck-mcp.git
cd vibecheck-mcp
npm install && npm run build

Tools

scan_codebase

Full AI-powered security audit with real-time vulnerability data.

Analyzes:

  • Authentication and authorization issues
  • API security vulnerabilities
  • Database security rules
  • Exposed secrets and environment variables
  • Dependency vulnerabilities (via npm audit)
  • Data flow and injection vulnerabilities

Input:

{
  "path": "/path/to/codebase",
  "categories": ["auth", "api", "secrets-env"],
  "severityThreshold": "medium"
}

Or provide files directly:

{
  "files": [
    { "path": "src/auth.ts", "content": "..." }
  ]
}

Categories:

  • auth - Authentication, sessions, middleware
  • api - API routes, endpoints
  • database-rules - Firebase/Supabase rules, Prisma schemas
  • secrets-env - Environment variables, config files
  • dependencies - package.json vulnerabilities
  • data-flow - User input handling, injection points

check_dependencies

Quick dependency-only scan using npm audit.

Input:

{
  "path": "/path/to/project",
  "includeDevDependencies": false
}

Requirements:

  • npm installed
  • package-lock.json in the project

Data Sources

Source Purpose Auth Required
MITRE CWE API Vulnerability definitions No
npm audit Package CVEs No
OWASP Security categories No (bundled)

Development

# Build
npm run build

# Watch mode
npm run dev

# Run directly
npm start

How It Works

  1. File Reading: Reads files from the specified path or accepts file contents directly
  2. Hotspot Collection: Categorizes files by security relevance (auth, api, secrets, etc.)
  3. Dependency Audit: Runs npm audit if package-lock.json exists
  4. AI Analysis: Uses MCP sampling to analyze each category with expert prompts
  5. CWE Enrichment: Fetches relevant CWE definitions from MITRE API
  6. Results: Returns structured findings with severity, CWE/OWASP refs, and remediation steps

Output Format

{
  "findings": [
    {
      "id": "uuid",
      "type": "hardcoded-secret",
      "severity": "critical",
      "title": "Hardcoded API Key",
      "description": "...",
      "filePath": "src/config.ts",
      "lineNumber": 42,
      "codeSnippet": "const API_KEY = 'sk-...'",
      "aiReasoning": "...",
      "confidence": 95,
      "cwes": [{ "id": "CWE-798", "name": "..." }],
      "owasp": [{ "id": "A02:2021", "name": "..." }],
      "remediation": {
        "summary": "Use environment variables",
        "steps": ["..."]
      }
    }
  ],
  "dependencyVulnerabilities": [...],
  "summary": {
    "totalFindings": 5,
    "critical": 1,
    "high": 2,
    "medium": 2,
    "low": 0,
    "vulnerableDependencies": 3
  },
  "scanDuration": 12500
}

License

MIT

Recommended Servers

playwright-mcp

playwright-mcp

A Model Context Protocol server that enables LLMs to interact with web pages through structured accessibility snapshots without requiring vision models or screenshots.

Official
Featured
TypeScript
Magic Component Platform (MCP)

Magic Component Platform (MCP)

An AI-powered tool that generates modern UI components from natural language descriptions, integrating with popular IDEs to streamline UI development workflow.

Official
Featured
Local
TypeScript
Audiense Insights MCP Server

Audiense Insights MCP Server

Enables interaction with Audiense Insights accounts via the Model Context Protocol, facilitating the extraction and analysis of marketing insights and audience data including demographics, behavior, and influencer engagement.

Official
Featured
Local
TypeScript
VeyraX MCP

VeyraX MCP

Single MCP tool to connect all your favorite tools: Gmail, Calendar and 40 more.

Official
Featured
Local
Kagi MCP Server

Kagi MCP Server

An MCP server that integrates Kagi search capabilities with Claude AI, enabling Claude to perform real-time web searches when answering questions that require up-to-date information.

Official
Featured
Python
graphlit-mcp-server

graphlit-mcp-server

The Model Context Protocol (MCP) Server enables integration between MCP clients and the Graphlit service. Ingest anything from Slack to Gmail to podcast feeds, in addition to web crawling, into a Graphlit project - and then retrieve relevant contents from the MCP client.

Official
Featured
TypeScript
Qdrant Server

Qdrant Server

This repository is an example of how to create a MCP server for Qdrant, a vector search engine.

Official
Featured
Neon Database

Neon Database

MCP server for interacting with Neon Management API and databases

Official
Featured
Exa Search

Exa Search

A Model Context Protocol (MCP) server lets AI assistants like Claude use the Exa AI Search API for web searches. This setup allows AI models to get real-time web information in a safe and controlled way.

Official
Featured
E2B

E2B

Using MCP to run code via e2b.

Official
Featured