Best Scanner AI Skills & MCP Servers

SquireX MCP Server — Agentforce Capability Scanner for AI Coding Agents

MCP server providing Claude Code with real-time stock and crypto market data, SEC filings, insider trades, and technical analysis

Security scanner MCP server for AI coding agents. Prompt injection firewall, package hallucination detection (4.3M+ packages), 1700+ vulnerability rules with AST & taint analysis, LLM-powered semantic code review, auto-fix. For Claude Code, Cursor, Windsu

CodeSlick CLI tool for pre-commit security scanning — 308 checks across JS, TS, Python, Java, Go

Trust-score any AI skill or MCP server from inside Claude Code, Cursor, or any MCP client. Accepts GitHub repos, npm packages, Smithery URLs, and OpenClaw skills. 15 signals (incl. OSV/KEV/EPSS vulnerability intelligence), safety scanning, OpenClaw frontm

Security scanner for AI agent packages — CLI + MCP server

Open-source security scanner for Model Context Protocol (MCP) servers. Audits Claude Desktop, VS Code, Cursor, Windsurf, and 16+ AI tools for secrets, prompt injection, supply-chain risks, and 17+ security checks.

VibeSecurity — Auditoria de segurança para quem cria com IA. Secrets, vulnerabilidades e rotas sem auth.

Security scanner for AI agent tools. Local static scan of MCP IDE configs (41 rules, toxic flow heuristics, AAuth visibility, auto-fix, tool pinning). Optional proxy + in-browser dashboard: traffic, findings, AAuth Explorer, YARA, Playground. Smart Scan o

VettIQ MCP server — security scanning for AI-generated code, callable from Cursor, Claude Code, and any MCP-compatible agent.

MCP quality scanner and tool discovery for autonomous agents. Search 27,843+ indexed tools, check AEO (answer-engine-optimization) readiness scores, validate MCP server quality, find alternatives — the standard tool-validation layer before any agent calls

Repository scanner that builds a structural map of a codebase (functions, imports, exports, dependencies) and adds file descriptions of what the file does,, so anagentic AI can just read the map and know the project context

A Model Context Protocol (MCP) server for performing automated accessibility scans of web pages using Playwright and Axe-core

AI Agent Skill for NSAuditor AI — gives any AI coding agent built-in knowledge of NSAuditor's MCP tools, schemas, plugins, and security audit workflows.

MCP server for Dynamsoft SDKs - Capture Vision, Barcode Reader (Mobile/Python/Web), Dynamic Web TWAIN, and Document Viewer. Provides documentation, code snippets, and API guidance.

Dependency graph + 23 MCP tools for AI coding assistants. Impact analysis, health scoring, security scanner, agent coordination.

Open-source CLI scanner for risky MCP server and AI agent tool configuration.

Security scanning for the vibe coding era. MCP server + CLI that finds secrets, auth bugs, SQL injection, XSS, IDOR, and vulnerable deps — and opens fix PRs. Works in Cursor, Claude Code, and VS Code. Bring your own model (Anthropic, OpenAI, Gemini, Groq,

⚠️ Pre-release — wait for 1.0.0 before relying on this. Currently under active development; APIs and behaviour may change without notice. SPYS MCP client — local stdio bridge + reverse tunnel for AI-driven pentest tools (Claude Code, Cursor, etc).

Dangerous config and secret scanner for AI coding agents, MCP, and local automation projects.

Ops-focused n8n tools for any MCP-compatible client: workflow + execution lifecycle (create, save, archive, delete, cancel, retry single + batch), tag management, security audit, plus composed scanners (find-by-node-type, execution-stats). MCP server + fi

Release-readiness and app exposure scanner for JavaScript and TypeScript repositories.

MCP server for BlogBurst — your Virtual CMO. Autonomous AI marketing agent: auto-post to Twitter/X, Bluesky, Telegram, Discord, auto-engage (replies, likes, follows), SEO/GEO audits, competitor intelligence, community scanner, growth diagnostic, task mana

Security scanner for AI-generated apps (Cursor, Lovable, Windsurf, v0). Catches hardcoded secrets, prompt injection, hallucinated imports, Server Actions / Edge runtime mistakes, and the vibe-coded vulnerabilities traditional linters miss.