New Research: Supply Chain Attack on Axios Pulls Malicious Dependency from npm.Details →
Socket
Book a DemoSign in
Socket
Book a DemoSign in

codeguard-mcp

Package Overview
Dependencies
Maintainers
1
Versions
2
Alerts
File Explorer

Advanced tools

License
Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

codeguard-mcp

Real-time AI code security scanner - MCP Server for detecting vulnerabilities, secrets, and compliance issues

latest
npmnpm
Version
1.0.1
Version published
Maintainers
1
Created
Source

🛡️ CodeGuard MCP

Real-time AI code security scanner for detecting vulnerabilities, secrets, and compliance issues in AI-generated code.

🎯 Overview

CodeGuard MCP is a Model Context Protocol (MCP) server that provides comprehensive security scanning capabilities for AI coding assistants like Claude Desktop, Cursor, VS Code, and any MCP-compatible tool.

Why CodeGuard MCP?

AI coding tools are powerful but can generate code with security vulnerabilities. CodeGuard addresses this critical gap by:

  • 🔍 Real-time vulnerability detection - Catches security issues as code is generated
  • 🔐 Secret detection - Finds exposed API keys, passwords, and credentials
  • 📋 Compliance checking - Validates against GDPR, HIPAA, SOC2, PCI DSS
  • 💡 Instant fixes - Provides secure code alternatives
  • Fast scanning - Results in < 2 seconds
  • 🎯 OWASP Top 10 - Detects all major security risks

🚀 Quick Start

Installation

npm install -g codeguard-mcp

Usage with Claude Desktop

Add to your Claude Desktop config (~/Library/Application Support/Claude/claude_desktop_config.json):

{
  "mcpServers": {
    "CodeGuard": {
      "command": "npx",
      "args": ["-y", "codeguard-mcp"]
    }
  }
}

Usage with Cursor

  • Open Cursor settings
  • Navigate to MCP Servers
  • Add CodeGuard MCP
  • Restart Cursor

📊 Features

Core Scanning Tool

scanCode - Comprehensive security scan

// Example usage in AI assistant
scanCode({
  code: "const user = db.query(`SELECT * FROM users WHERE id = ${userId}`);",
  language: "javascript",
  securityLevel: "standard"
})

// Returns:
{
  score: {
    overall: 45,
    breakdown: {
      vulnerabilities: 30,
      secrets: 100,
      compliance: 75
    },
    grade: "F"
  },
  vulnerabilities: {
    critical: [
      {
        type: "sql_injection",
        severity: "critical",
        line: 1,
        message: "SQL Injection vulnerability: Using template literals in SQL queries",
        cwe: "CWE-89",
        owasp: "A03:2021 – Injection",
        recommendation: "Use parameterized queries or prepared statements..."
      }
    ]
  },
  suggestedFixes: [...]
}

Quick Scans

scanVulnerabilities - Fast vulnerability-only scan

scanVulnerabilities({ code, language })

detectSecrets - Find exposed secrets

detectSecrets({ code })
// Detects: API keys, passwords, tokens, private keys, connection strings, etc.

checkCompliance - Regulatory compliance check

checkCompliance({ 
  code, 
  securityLevel: "strict",
  standards: ["GDPR", "HIPAA"]
})

Security Fixes

suggestSecureFix - Generate secure code alternatives

suggestSecureFix({ vulnerability, context })
// Returns step-by-step fix with explanation

🛡️ Detected Vulnerabilities

OWASP Top 10 Coverage

A01 - Broken Access Control
A02 - Cryptographic Failures
A03 - Injection (SQL, XSS, Command)
A04 - Insecure Design
A05 - Security Misconfiguration
A06 - Vulnerable Components
A07 - Authentication Failures
A08 - Data Integrity Failures
A09 - Logging Failures
A10 - Server-Side Request Forgery

Secret Detection

  • API Keys (Generic, AWS, Azure, GCP)
  • Passwords & Credentials
  • Private Keys (RSA, EC, SSH)
  • Database Connection Strings
  • OAuth & JWT Tokens
  • Webhook URLs (Slack, Discord)

Compliance Standards

  • GDPR - Data privacy & protection
  • HIPAA - Healthcare data security
  • SOC2 - Security controls
  • PCI DSS - Payment card security

📖 Examples

Example 1: Detecting SQL Injection

Vulnerable Code:

const getUserById = (userId) => {
  return db.query(`SELECT * FROM users WHERE id = ${userId}`);
};

CodeGuard Response:

{
  "vulnerabilities": {
    "critical": [{
      "type": "sql_injection",
      "severity": "critical",
      "message": "SQL Injection vulnerability",
      "recommendation": "Use parameterized queries"
    }]
  },
  "suggestedFix": {
    "fixed": "const getUserById = (userId) => {\n  return db.query('SELECT * FROM users WHERE id = ?', [userId]);\n};"
  }
}

Example 2: Detecting Exposed Secrets

Vulnerable Code:

const API_KEY = "sk_live_51H7xY2eZvKYlo2C8Nz9";
const config = {
  databaseUrl: "mongodb://admin:password123@localhost:27017"
};

CodeGuard Response:

{
  "secrets": [
    {
      "type": "api_key",
      "line": 1,
      "masked": "sk_l***************2C8Nz9",
      "confidence": 95
    },
    {
      "type": "connection_string",
      "line": 3,
      "masked": "mongodb://***",
      "confidence": 95
    }
  ]
}

Example 3: GDPR Compliance Check

Code:

app.post('/signup', (req, res) => {
  const email = req.body.email;
  db.users.insert({ email, password: req.body.password });
});

CodeGuard Response:

{
  "compliance": {
    "failed": [{
      "standard": "GDPR",
      "severity": "critical",
      "issue": "Collecting personal data (email) without explicit consent",
      "requirement": "Article 7: Conditions for consent",
      "remediation": "Implement explicit consent collection before gathering personal data"
    }]
  }
}

🎓 Resources

MCP Resources

  • security://score - Real-time security score dashboard
  • security://owasp-top-10 - OWASP Top 10 reference

MCP Prompts

  • securityReview - Generate comprehensive security review
  • fixVulnerability - Get step-by-step vulnerability fixes

📊 Security Scoring

CodeGuard uses a weighted scoring system:

  • Vulnerabilities: 40% weight
  • Secrets: 35% weight
  • Compliance: 25% weight

Grading Scale:

  • A+: 97-100 (Excellent)
  • A: 90-96 (Very Good)
  • B: 80-89 (Good)
  • C: 70-79 (Fair)
  • D: 60-69 (Poor)
  • F: <60 (Critical Issues)

🏢 Enterprise Features

(Coming in v2.0)

  • Custom security rules
  • Team dashboards
  • Audit logs
  • SSO integration
  • CI/CD integration
  • On-premise deployment

🤝 Contributing

We welcome contributions! Please see CONTRIBUTING.md for guidelines.

📄 License

MIT License - see LICENSE for details.

🔗 Links

💡 Support

Built with ❤️ using QuickMCP SDK

Making AI coding safer, one scan at a time. 🛡️

Keywords

mcp
security
vulnerability
ai-code
code-scanner
secret-detection

FAQs

Package last updated on 29 Oct 2025

Did you know?

Socket

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Install

Related posts

The Hidden Blast Radius of the Axios Compromise

Security News

The Hidden Blast Radius of the Axios Compromise

The Axios compromise shows how time-dependent dependency resolution makes exposure harder to detect and contain.

By Ahmad Nassri  -  Apr 01, 2026