Best Vulnerability AI Skills & MCP Servers

Lightweight dependency vulnerability audit tool with CLI and MCP Server support

Security scanner MCP server for AI coding agents. Prompt injection firewall, package hallucination detection (4.3M+ packages), 1700+ vulnerability rules with AST & taint analysis, LLM-powered semantic code review, auto-fix. For Claude Code, Cursor, Windsu

Agentic CVE remediation platform for Node.js. Correlates threat intelligence, applies policy-governed fixes, and delivers auditable remediation outcomes across CI/CD pipelines, agent workflows, and service portfolios.

CodeSlick CLI tool for pre-commit security scanning — 308 checks across JS, TS, Python, Java, Go

Trust-score any AI skill or MCP server from inside Claude Code, Cursor, or any MCP client. Accepts GitHub repos, npm packages, Smithery URLs, and OpenClaw skills. 15 signals (incl. OSV/KEV/EPSS vulnerability intelligence), safety scanning, OpenClaw frontm

Security scanner for AI agent packages — CLI + MCP server

VibeSecurity — Auditoria de segurança para quem cria com IA. Secrets, vulnerabilidades e rotas sem auth.

Security scanner for AI agent tools. Local static scan of MCP IDE configs (41 rules, toxic flow heuristics, AAuth visibility, auto-fix, tool pinning). Optional proxy + in-browser dashboard: traffic, findings, AAuth Explorer, YARA, Playground. Smart Scan o

MCP server for Wiz cloud security platform — query vulnerability findings by repo and severity

Search and audit CVEs by keyword, severity, CWE, CISA KEV status, and CPE via the NIST National Vulnerability Database. STDIO or Streamable HTTP.

VettIQ MCP server — security scanning for AI-generated code, callable from Cursor, Claude Code, and any MCP-compatible agent.

Security MCP for vibe coding. 424 rules, 36 tools, CLI + doctor. Host security, auth coverage mapping, LLM-powered deep scan (IDOR/business logic), taint analysis. 61 CVE rules refreshed daily from GHSA/OSV/CISA KEV — Next.js May 2026 13-advisory cluster,

AI Agent Skill for NSAuditor AI — gives any AI coding agent built-in knowledge of NSAuditor's MCP tools, schemas, plugins, and security audit workflows.

⚠️ Pre-release — wait for 1.0.0 before relying on this. Currently under active development; APIs and behaviour may change without notice. SPYS MCP client — local stdio bridge + reverse tunnel for AI-driven pentest tools (Claude Code, Cursor, etc).