VulniCheck

AI-powered security scanner for Python projects and GitHub repositories. Detects vulnerabilities, secrets, and provides AI risk assessment.

→ andrasfe/vulnicheck · listed on glama

Is this your MCP?

Claim it to get a verified publisher badge, a free copy of our full audit findings, and direct contact for any high-priority issues we find.

Install from

Glama PulseMCP

M8ven verifies MCPs across every public registry — install directly from whichever one you prefer.

// key findings

✅

No credential exfiltration, no sensitive file access, no obfuscation

Static analysis found nothing flowing your secrets to unexpected places.

✅

Open source with a license and README

Anyone can audit the code, the license is declared, and the publisher documents what it does.

🔐

You'll be asked for 5 credentials: FASTMCP_SERVER_AUTH_GOOGLE_CLIENT_SECRET, NVD_API_KEY, GITHUB_TOKEN, OPENAI_API_KEY, ANTHROPIC_API_KEY

These are read from process.env at runtime. Make sure you trust where they’ll be sent.

// required environment variables

This server reads these from process.env. You'll be asked to provide them before it can run.

configFASTMCP_SERVER_AUTH_GOOGLE_CLIENT_ID— export ="your-client-id.apps.googleusercontent.com"

🔐 secretFASTMCP_SERVER_AUTH_GOOGLE_CLIENT_SECRET— export ="GOCSPX-your-secret-here"

configFASTMCP_SERVER_BASE_URL— export ="http://localhost:3000"

configFASTMCP_SERVER_AUTH_REDIRECT_URI

configCACHE_TTL

configREQUEST_TIMEOUT

configMCP_PORT

🔐 secretNVD_API_KEY— e =your-key \ # Higher NVD rate limits

🔐 secretGITHUB_TOKEN— e =your-token \ # Higher GitHub API rate limits

configMCP_CONFIG_PATH

configMCP_PASSTHROUGH_ENHANCED

configVULNICHECK_LOG_LEVEL

configVULNICHECK_LOG_CONSOLE

configVULNICHECK_HTTP_ONLY

configVULNICHECK_MCP_SERVER

🔐 secretOPENAI_API_KEY— e =your-openai-api-key \

🔐 secretANTHROPIC_API_KEY— e =your-key \ # Alternative AI provider

configVULNICHECK_DEBUG

// full audit trail

The full breakdown of what we checked, the deductions that landed, the network hosts, the dependency advisories, and concrete fix guidance is available to verified publishers.

// improvement guidance — verified publishers only

We have 6 concrete improvements we can share with the publisher of this MCP. Each comes with specific guidance to raise the trust score.

// embed badge in your README

[![M8ven Score](https://m8ven.ai/badge/mcp/andrasfe-vulnicheck-u9mz7n)](https://m8ven.ai/mcp/andrasfe-vulnicheck-u9mz7n)

commit: 48bed3163a0db157c6f44db374902a3731b7b130

code hash: 15b86842d4136dccc65730aad57944b1a2ed3f8e786d820064461bc6834e507c

verified: 6/23/2026, 10:36:02 AM

view raw JSON →