Best Sec AI Skills & MCP Servers

Security MCP for vibe coding. 424 rules, 36 tools, CLI + doctor. Host security, auth coverage mapping, LLM-powered deep scan (IDOR/business logic), taint analysis. 61 CVE rules refreshed daily from GHSA/OSV/CISA KEV — Next.js May 2026 13-advisory cluster,

Secure MCP server for web browsing with multi-layer fetcher chain - no API keys required

MCP server for the 1claw secrets vault — lets AI agents fetch, store, and manage secrets at runtime

Multi-account orchestration and secure token storage for OAuth-based MCP servers

CodeSlick CLI tool for pre-commit security scanning — 308 checks across JS, TS, Python, Java, Go

MCP server that exposes Bufab's design system (UI guidelines, tokens, section specs), infrastructure rules, and Azure Bicep validation. Includes a UI guideline validator usable via `bufab-mcp validate <file>`.

CLI and MCP servers for Cutline, including SlopBurn: a product quality engineering roguelike RPG for vibecoding workflows.

Model Context Protocol (MCP) server for the A2A (Agent2Agent) protocol compliance test kit. Lets Claude Desktop, Cursor, Codex, and other MCP clients invoke run_compliance / validate_agent_card / list_checks / explain_check / ssrf_check_url as native tool

AINative ZeroDB MCP Server - 77 operations for vector search, quantum compression, NoSQL, dedicated PostgreSQL management, files, events, RLHF, and persistent memory for AI agents with enterprise security. All tools annotated with readOnly/destructive/ide

Enterprise-grade MCP server providing heavily optimized FTP/SFTP operations with smart sync, patch/chunk streaming, caching, and explicit read-only security mappings for AI code assistants.

MCP server for agent-native secrets management — store, rotate, and inject secrets without agents seeing raw values

Scans AI-generated code for invisible Unicode, Trojan Source, and supply-chain threats.

MCP server for Section 8 Fair Market Rent (FMR) lookups — ZIP code search, state/county browsing, historical trends, and HUD glossary

MCP server giving AI agents (Claude Code, Claude Desktop, Cursor, ChatGPT, Codex, OpenClaw) persistent long-term memory backed by your local Obsidian markdown vault. Hybrid retrieval (BM25 + ML embeddings + BGE reranker, RRF-fused), HNSW + int8 quantizati

VettIQ MCP server — security scanning for AI-generated code, callable from Cursor, Claude Code, and any MCP-compatible agent.

MCP server providing security scanning, prompt injection detection, secret leak detection, and agent permission auditing for AI agent workflows

MCP server that exposes openinsider.com to any MCP compatible client.

TypeScript MCP server for Cinema 4D with generic entity CRUD, parameter-level access, undo-grouped batch ops, and security controls.

A secure and scalable Git MCP server enabling AI agents to perform comprehensive Git version control operations via STDIO and Streamable HTTP.

Security scanning for the vibe coding era. MCP server + CLI that finds secrets, auth bugs, SQL injection, XSS, IDOR, and vulnerable deps — and opens fix PRs. Works in Cursor, Claude Code, and VS Code. Bring your own model (Anthropic, OpenAI, Gemini, Groq,

Standalone MCP proxy that wraps any MCP server with Clampd's 9-stage security pipeline

Security, cost, and health governance proxy for MCP infrastructure — three-layer detection engine (regex + schema + LLM), monorepo, corpus, CI/CD

⚠️ Pre-release — wait for 1.0.0 before relying on this. Currently under active development; APIs and behaviour may change without notice. SPYS MCP client — local stdio bridge + reverse tunnel for AI-driven pentest tools (Claude Code, Cursor, etc).

MCP server for SwarmApi: 9 pay-per-call tools for SEC filings, company news, insider transactions, jobs, web search, GitHub repos, and npm/PyPI/cargo package security. Payments settled per request in USDC on Base via x402.