/ 100

8 days ago

glama

AI Security Crew

A lightweight MCP server for security reviews that injects security requirements before code generation, scans dependencies for CVEs, and verifies generated code without disrupting workflow.

→ Srajangpt1/ai-security-crew · listed on glama

Is this your MCP?

Claim it to get a verified publisher badge, a free copy of our full audit findings, and direct contact for any high-priority issues we find.

Install from

Glama

M8ven verifies MCPs across every public registry — install directly from whichever one you prefer.

// key findings

✅

No credential exfiltration, no sensitive file access, no obfuscation

Static analysis found nothing flowing your secrets to unexpected places.

✅

Open source with a license and README

Anyone can audit the code, the license is declared, and the publisher documents what it does.

🔐

You'll be asked for 8 credentials: GROQ_API_KEY, OPENAI_API_KEY, ATLASSIAN_OAUTH_CLIENT_SECRET, CONFLUENCE_API_TOKEN, CONFLUENCE_PERSONAL_TOKEN, JIRA_API_TOKEN, JIRA_PERSONAL_TOKEN, ATLASSIAN_OAUTH_ACCESS_TOKEN

These are read from process.env at runtime. Make sure you trust where they’ll be sent.

// required environment variables

This server reads these from process.env. You'll be asked to provide them before it can run.

🔐 secretGROQ_API_KEY

🔐 secretOPENAI_API_KEY

configATLASSIAN_OAUTH_CLIENT_ID

🔐 secretATLASSIAN_OAUTH_CLIENT_SECRET

configATLASSIAN_OAUTH_REDIRECT_URI

configATLASSIAN_OAUTH_SCOPE

configTRANSPORT

configPORT

configHOST

configSTREAMABLE_HTTP_PATH

configENABLED_TOOLS

configCONFLUENCE_URL

configCONFLUENCE_USERNAME

🔐 secretCONFLUENCE_API_TOKEN— API Token (Jira/Confluence Cloud): JIRA_API_TOKEN,

🔐 secretCONFLUENCE_PERSONAL_TOKEN— Personal Access Token (Server/Data Center): JIRA_PERSONAL_TOKEN,

configJIRA_URL— "": "https://your-domain.atlassian.net",

configJIRA_USERNAME— "": "your-email@example.com",

🔐 secretJIRA_API_TOKEN— "": "your-token"

🔐 secretJIRA_PERSONAL_TOKEN— Personal Access Token (Server/Data Center): , CONFLUENCE_PERSONAL_TOKEN

configATLASSIAN_OAUTH_CLOUD_ID

🔐 secretATLASSIAN_OAUTH_ACCESS_TOKEN

configREAD_ONLY_MODE

configCONFLUENCE_SSL_VERIFY

configCONFLUENCE_SPACES_FILTER

configJIRA_SSL_VERIFY

configJIRA_PROJECTS_FILTER

configNO_PROXY

configATLASSIAN_OAUTH_ENABLE

configCONFLUENCE_HTTP_PROXY

configHTTP_PROXY

configCONFLUENCE_HTTPS_PROXY

configHTTPS_PROXY

configCONFLUENCE_NO_PROXY

configCONFLUENCE_SOCKS_PROXY

configSOCKS_PROXY

configJIRA_HTTP_PROXY

configJIRA_HTTPS_PROXY

configJIRA_NO_PROXY

configJIRA_SOCKS_PROXY

// full audit trail

The full breakdown of what we checked, the deductions that landed, the network hosts, the dependency advisories, and concrete fix guidance is available to verified publishers.

// improvement guidance — verified publishers only

We have 5 concrete improvements we can share with the publisher of this MCP. Each comes with specific guidance to raise the trust score.

// embed badge in your README

[![M8ven Score](https://m8ven.ai/badge/mcp/srajangpt1-ai-security-crew-1h56kl)](https://m8ven.ai/mcp/srajangpt1-ai-security-crew-1h56kl)

commit: cdcee2ce2a3eadab2038f86272e77bdd6cc76851

code hash: 3d751038563e401e422d33f101dcf6c9aa3a8d46afab839c8e7500b3e5aceb5a

verified: 6/22/2026, 1:09:52 PM

view raw JSON →