Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly
Sign up
Appearance settings

sky-in-code/ai-scanner-mcp

Folders and files

NameName
Last commit message
Last commit date

Latest commit

History

9 Commits

Repository files navigation

ai-scanner logo

ai-scanner-mcp

MCP server for ai-scanner - let AI agents scan codebases for LLM usage, AI frameworks, and exposed secrets.

License: MIT Node.js MCP

An MCP server that exposes ai-scanner as tools for AI agents. Works with Claude Code, Claude Desktop, Cursor, Windsurf, and any MCP-compatible client.

Tools

Tool Description
scan_directory Full scan — LLM SDKs, AI frameworks, exposed tokens, and hardcoded secrets with severity levels
check_secrets Security check — pass/fail scan for exposed credentials only. Perfect for pre-commit checks
ai_inventory AI stack overview — which SDKs, frameworks, models, and API endpoints are used (no secret detection)

Setup

Claude Code

claude mcp add ai-scanner npx ai-scanner-mcp

Claude Desktop

Add to your claude_desktop_config.json:

{
 "mcpServers": {
 "ai-scanner": {
 "command": "npx",
 "args": ["ai-scanner-mcp"]
 }
 }
}

Config file location:

  • macOS: ~/Library/Application Support/Claude/claude_desktop_config.json
  • Windows: %APPDATA%\Claude\claude_desktop_config.json

Cursor

Add to .cursor/mcp.json in your project:

{
 "mcpServers": {
 "ai-scanner": {
 "command": "npx",
 "args": ["ai-scanner-mcp"]
 }
 }
}

Windsurf

Add to ~/.windsurf/mcp.json:

{
 "mcpServers": {
 "ai-scanner": {
 "command": "npx",
 "args": ["ai-scanner-mcp"]
 }
 }
}

Example Usage

Once connected, you can ask your AI agent:

  • "Scan this project for any exposed API keys"
  • "Check if there are any hardcoded secrets before I commit"
  • "What AI SDKs and frameworks does this codebase use?"
  • "Run a security scan on ./src and tell me if it's safe to push"
  • "Give me an AI inventory of this project"

Tool Details

scan_directory

Full scan with all detection categories. Parameters:

Parameter Type Default Description
directory string required Path to scan
ai_only boolean false Skip generic secrets (Stripe, GitHub, etc.)
scan_env boolean false Include .env files
include_endpoints boolean true Detect LLM API endpoint URLs
include_models boolean true Detect model name references

check_secrets

Security-focused pass/fail check. Parameters:

Parameter Type Default Description
directory string required Path to scan
ai_only boolean false Only check AI tokens
scan_env boolean false Include .env files

ai_inventory

AI stack awareness (no secret detection). Parameters:

Parameter Type Default Description
directory string required Path to scan

Detection Coverage

  • AI Tokens (20+) — OpenAI, Anthropic, Google, AWS, HuggingFace, Groq, Replicate, and more
  • Generic Secrets (59) — Stripe, Twilio, GitHub, Slack, Discord, database URIs, private keys, JWTs
  • LLM SDKs (23) — OpenAI, Anthropic, Google Gemini, LiteLLM, AWS Bedrock, and more
  • AI Frameworks (24) — LangChain, LlamaIndex, CrewAI, AutoGen, DSPy, Vercel AI SDK, and more
  • 145 total detection patterns

License

MIT

About

A powerful tool that scans your codebase to detect LLM SDK usage, AI framework integrations, and exposed API tokens/keys for any LLM provider.

Resources

License

Contributing

Stars

Watchers

Forks

Packages

Contributors

AltStyle によって変換されたページ (->オリジナル) /