Best Sec AI Skills & MCP Servers

Official Infisical MCP Server

Browser-based IDE + AI agent orchestration CLI. Run Claude Code in parallel across git worktrees, auto-approve safe tools with the Security Bouncer, and control long-running AI work from any device at app.mstro.app.

Steampipe MCP server to query cloud infrastructure, SaaS, code and more with SQL using AI.

Secure filesystem MCP server for reading, writing, searching, diffing, and patching files.

MCP server + live dashboard for AI code governance — OWASP LLM Top 10 (10/10), real-time MCP App UI, 25+ security patterns, Bayesian learning Brain, hallucinated import detection, multi-agent governance. Works with Claude, Cursor, VS Code, ChatGPT, Goose,

SEC MCP — SEC EDGAR public APIs (free, no auth)

Hardened, self-hosted Excalidraw MCP server with SQLite persistence, multi-tenancy, auto-sync, security middleware, and 369 tests

MCP Server for KOI Security Platform API

MCP server enabling AI assistants to securely execute SSH commands, transfer files via SFTP, manage port forwarding, and use parameterized command templates with comprehensive security controls

Local encrypted vault MCP server. AES-256-GCM + Argon2id. Resolves {{PLACEHOLDER}} secrets at runtime so LLMs never see real API keys. Works with Claude Desktop, Cursor, Continue.dev, Cline, Open WebUI.

Powerpipe MCP server to run benchmarks, detections and controls using AI.

An ntfy MCP server for sending ntfy notifications to your self-hosted ntfy server from AI Agents 📤 (supports secure token auth & more - use with npx or docker!)

OSINT intelligence MCP server — Shodan, VirusTotal, SecurityTrails, Censys, DNS, WHOIS, crt.sh, Wayback, BGP

Production readiness for vibe-coded apps — know your AI code is ready to ship

Node.js/TypeScript MCP server for AWS Single Sign-On (SSO). Enables AI systems (LLMs) with tools to initiate SSO login (device auth flow), list accounts/roles, and securely execute AWS CLI commands using temporary credentials. Streamlines AI interaction w

Scaffold a Tap v2 browser-automation plan in seconds. `npx create-tap-script <site>/<name>` generates a deterministic .plan.json that runs at zero LLM tokens in Claude Code, Cursor, and any MCP host.

Multi-language code quality auditor with MCP server - Analyze TypeScript, JavaScript, and Go code for SOLID principles, DRY violations, security patterns, and more

MCP server for APIMesh — 76 x402-payable tools for AI agents (74 APIs + wallet usage + spend caps). Covers web vitals, security headers, SEO audits, email security and verification, tech-stack detection, brand assets, redirect chains, indexability, brand

Local MCP credential broker for coding agents (Claude Code, Codex, Gemini, and any other MCP-stdio client). Values never enter the AI transcript — the agent requests secrets through a schema, a localhost form lets you type them, and they land in Vault, .e

Trust-score any AI skill or MCP server from inside Claude Code, Cursor, or any MCP client. Accepts GitHub repos, npm packages, Smithery URLs, and OpenClaw skills. 15 signals (incl. OSV/KEV/EPSS vulnerability intelligence), safety scanning, OpenClaw frontm

APIValidator Model Context Protocol (MCP) server for local validation, OpenAPI security auditing, and premium global telephone/IBAN verification.

Security scanner for AI agent packages — CLI + MCP server

MCP server for AI assistants: read, write, edit, and manage files securely on local filesystem.

VibeSecurity — Auditoria de segurança para quem cria com IA. Secrets, vulnerabilidades e rotas sem auth.