Best Sec AI Skills & MCP Servers

MCP server that exposes Bufab's design system (UI guidelines, tokens, section specs), infrastructure rules, and Azure Bicep validation. Includes a UI guideline validator usable via `bufab-mcp validate <file>`.

MCP server for the 1claw secrets vault — lets AI agents fetch, store, and manage secrets at runtime

Security MCP for vibe coding. 424 rules, 36 tools, CLI + doctor. Host security, auth coverage mapping, LLM-powered deep scan (IDOR/business logic), taint analysis. 61 CVE rules refreshed daily from GHSA/OSV/CISA KEV — Next.js May 2026 13-advisory cluster,

Secure MCP server for web browsing with multi-layer fetcher chain - no API keys required

MCP server for SwarmApi: 9 pay-per-call tools for SEC filings, company news, insider transactions, jobs, web search, GitHub repos, and npm/PyPI/cargo package security. Payments settled per request in USDC on Base via x402.

45 specialized judges that evaluate AI-generated code for security, cost, and quality.

Public finance MCP server — SEC EDGAR filings, US Treasury rates, BLS labor statistics, and economic indicators. Zero API keys required.

Query SEC EDGAR filings, XBRL financials, and company data through MCP. STDIO & Streamable HTTP.

SEC EDGAR financial intelligence with XBRL data, filing search, and insider trades for 8000+ companies

MCP server providing Claude Code with real-time stock and crypto market data, SEC filings, insider trades, and technical analysis

Lightweight pre-commit safety gate for AI agents. Answers 'is this change safe?' with PASS/WARN/BLOCK verdict in seconds. Zero setup, no database.

MCP server that exposes openinsider.com to any MCP compatible client.

Knit — second brain for any MCP-speaking AI coding agent (Claude Code, Cursor, Codex CLI, Cline, Continue, GitHub Copilot). Per-project memory, tier-routed workflow protocol, parallel team worktrees.

EDGAR MCP — SEC EDGAR public APIs (free, no auth)

A secure and scalable Git MCP server enabling AI agents to perform comprehensive Git version control operations via STDIO and Streamable HTTP.

CLI and MCP servers for Cutline, including SlopBurn: a product quality engineering roguelike RPG for vibecoding workflows.

CLI-first infrastructure intelligence platform — analyzes DynamoDB, PostgreSQL, MySQL, MongoDB, SQS, SNS, SSM, Secrets Manager, Lambda, CloudWatch Logs and exposes findings as an MCP server for Claude Code

Lightweight dependency vulnerability audit tool with CLI and MCP Server support

Financial & research data MCP server — SEC filings, DeFi analytics, wallet profiling, academic papers, US macro data, patent search, token sentiment. 30 tools for AI agents.

CLI toolkit for provisioning, securing, and managing self-hosted servers

MCP server for Claude Desktop: search SEC filing sections, financial statements, insider trades, institutional ownership, earnings actuals, XBRL metrics, and company lookup.

Security scanner MCP server for AI coding agents. Prompt injection firewall, package hallucination detection (4.3M+ packages), 1700+ vulnerability rules with AST & taint analysis, LLM-powered semantic code review, auto-fix. For Claude Code, Cursor, Windsu

Agentic CVE remediation platform for Node.js. Correlates threat intelligence, applies policy-governed fixes, and delivers auditable remediation outcomes across CI/CD pipelines, agent workflows, and service portfolios.

Hardened, self-hosted Excalidraw MCP server with SQLite persistence, multi-tenancy, auto-sync, security middleware, and 369 tests