Security Scanner MCP

Automatically detects security vulnerabilities in AI-generated code, scanning for hardcoded secrets, injection flaws, XSS, weak cryptography, authentication issues, path traversal, and vulnerable dependencies across JavaScript, Python, Java, and Go.

→ ongjin/security-scanner-mcp · listed on glama

Install from

Glama

M8ven verifies MCPs across every public registry — install directly from whichever one you prefer.

// key findings

⚠️

Known vulnerabilities in dependencies: 6 high

Affects packages this MCP installs at runtime. Upgrade or remove the affected dependency.

✅

No credential exfiltration, no sensitive file access, no obfuscation

Static analysis found nothing flowing your secrets to unexpected places.

✅

Open source with a license and README

Anyone can audit the code, the license is declared, and the publisher documents what it does.

// required environment variables

This server reads these from process.env. You'll be asked to provide them before it can run.

configSCAN_CODE_FILE

configSCAN_LANGUAGE

// full audit trail

The full breakdown of what we checked, the deductions that landed, the network hosts, the dependency advisories, and concrete fix guidance is available to verified publishers.

// improvement guidance — verified publishers only

We have 5 concrete improvements we can share with the publisher of this MCP. Each comes with specific guidance to raise the trust score.

// embed badge in your README

[![M8ven Score](https://m8ven.ai/badge/mcp/ongjin-security-scanner-mcp-13s6vu)](https://m8ven.ai/mcp/ongjin-security-scanner-mcp-13s6vu)

commit: a94918e27ece3baff580766808af921949e8c10d

code hash: e5f7598c61df291b719b54ff44f6e2ed882b1b834a1227c529b05ef1ddd3a1c8

verified: 4/18/2026, 6:58:25 PM

view raw JSON →