How do I install Vibescan?

Vibescan is a local plugin. Install it using PyPI package: vibescan-mcp-server and add the generated configuration snippet to your AI app's MCP config file. Then restart your AI app.

What AI apps work with Vibescan?

Vibescan uses the Model Context Protocol (MCP) and works with any MCP-compatible AI app, including Claude, ChatGPT / Codex, Gemini, Copilot, Cursor, and more.

Back to Browse

Vibescan MCP Server

by Aguantar

Developer ToolsModerate6.5MCP RegistryLocal

Free

Server data from the Official MCP Registry

MCP server for VibeScan — scan projects for leaked secrets and security issues

About

MCP server for VibeScan — scan projects for leaked secrets and security issues

Security Report

6.5

Moderate6.5Moderate Risk

Valid MCP server (1 strong, 4 medium validity signals). 1 code issue detected. 3 known CVEs in dependencies (0 critical, 3 high severity) Package registry verified. Imported from the Official MCP Registry.

7 files analyzed · 5 issues found

Security scores are indicators to help you make informed decisions, not guarantees. Always review permissions before connecting any MCP server.

Permissions Required

This plugin requests these system permissions. Most are normal for its category.

file_system

Check that this permission is expected for this type of plugin.

How to Install

Add this to your MCP configuration file:

{
  "mcpServers": {
    "io-github-aguantar-vibescan-mcp-server": {
      "args": [
        "vibescan-mcp-server"
      ],
      "command": "uvx"
    }
  }
}

Documentation

View on GitHub

From the project's GitHub README.

vibescan-mcp-server

mcp-name: io.github.Aguantar/vibescan-mcp-server

MCP server for VibeScan — scan projects for leaked secrets and security issues directly from Claude Code.

Features

vibescan_scan — Scan a project for secrets, dangerous patterns, and git hygiene issues
vibescan_rules — List all 17 detection rules

What VibeScan detects

14 secret categories: env files, config hardcodes, cloud credentials, Docker/infra, CI/CD pipelines, IDE settings, SSH keys, hardcoded patterns, frontend env vars, data files, doc secrets, mobile files, system configs, editor remnants
Dangerous code patterns: eval(), exec(), shell injection, SQL injection, pickle, innerHTML
Git hygiene: missing .gitignore, unignored .env/.pem/.key files

All scanning runs locally — your code never leaves your machine.

Installation

pip install vibescan-mcp-server

Usage with Claude Code

Add to your .mcp.json:

{
  "mcpServers": {
    "vibescan": {
      "command": "vibescan-mcp-server"
    }
  }
}

Then ask Claude: "scan this project for security issues" or "check for leaked secrets".

License

MIT

Reviews

No reviews yet

Be the first to review this server!

More Developer Tools MCP Servers

Git

Free

by Modelcontextprotocol · Developer Tools

Read, search, and manipulate Git repositories programmatically

Toleno

Free

by Toleno · Developer Tools

Toleno Network MCP Server — Manage your Toleno mining account with Claude AI using natural language.

mcp-creator-python

Free

by mcp-marketplace · Developer Tools

Create, build, and publish Python MCP servers to PyPI — conversationally.

Vibescan MCP Server

About

Security Report

Findings (5)Action required

Permissions Required

How to Install

Documentation

vibescan-mcp-server

Features

What VibeScan detects

Installation

Usage with Claude Code

License

Reviews

No reviews yet

More Developer Tools MCP Servers

Git

Toleno

mcp-creator-python

MarkItDown

mcp-creator-typescript

FinAgent