Back to MCP Trust Indexm8ven
69
/ 100
6 days ago
glama

Orcorus Repository Scanner

Scans GitHub repositories for security vulnerabilities by cloning, performing static analysis, secret detection, build verification, and AI-powered OWASP-aligned code review, producing a scored SECURITY.md report.

ceilingduster/mcp_security_scanner· listed on glama
Is this your MCP?

Claim it to get a verified publisher badge, a free copy of our full audit findings, and direct contact for any high-priority issues we find.

Install from

Glama

M8ven verifies MCPs across every public registry — install directly from whichever one you prefer.

// key findings
No credential exfiltration, no sensitive file access, no obfuscation
Static analysis found nothing flowing your secrets to unexpected places.
Open source with a license and README
Anyone can audit the code, the license is declared, and the publisher documents what it does.
🔐
You'll be asked for 1 credential: OPENAI_API_KEY
These are read from process.env at runtime. Make sure you trust where they’ll be sent.
// required environment variables
This server reads these from process.env. You'll be asked to provide them before it can run.
🔐 secretOPENAI_API_KEY"-e", "=sk-your-api-key-here",
configORCORUS_REPORTS_DIR"-e", "=/app/reports",
configORCORUS_WORK_DIR"-e", "=/app/repos",
configORCORUS_MODEL"-e", "=gpt-5.2",
configOPENAI_BASE_URL"-e", "=https://api.openai.com/v1",
configORCORUS_AI_TIMEOUT"-e", "=300",
configORCORUS_MAX_TURNS"-e", "=40",
configORCORUS_SKIP_AITo skip AI review (static analysis only), add -e, "=true" to the args.
configORCORUS_ALLOW_DANGEROUS_BUILD
configORCORUS_INCLUDE_BUILD_LOGS
configORCORUS_ALLOW_LOCAL_PATHSfalse Set to 1 or true to allow scanning local filesystem paths via MCP
// full audit trail
The full breakdown of what we checked, the deductions that landed, the network hosts, the dependency advisories, and concrete fix guidance is available to verified publishers.
// improvement guidance — verified publishers only
We have 6 concrete improvements we can share with the publisher of this MCP. Each comes with specific guidance to raise the trust score.
// embed badge in your README
[![M8ven Score](https://m8ven.ai/badge/mcp/ceilingduster-mcp-security-scanner-hs2ung)](https://m8ven.ai/mcp/ceilingduster-mcp-security-scanner-hs2ung)
commit: a53391e91b83b5e58e6f4d4810e1bd8482f2d5b8
code hash: 000615ab108609afaeda186fb315a8fe58a01e9bf359ced692c3bb3a935fd57b
verified: 6/22/2026, 1:00:48 PM
view raw JSON →
Orcorus Repository Scanner · M8ven Trust Score | M8ven