Security MCP server with 300+ rules for AI-generated code. Scans Next.js, Supabase, Clerk, Stripe, Prisma, Hono, GraphQL, and 20+ modules. Zero config, runs locally.
Overview
GuardVibe
The security MCP built for vibe coding. 300+ security rules covering the entire AI-generated code journey — from first line to production deployment.
Works with Claude Code, Cursor, Gemini CLI, Codex, VS Code (Copilot), Windsurf, and any MCP-compatible coding agent.
Quick Start
{
"mcpServers": {
"guardvibe": {
"command": "npx",
"args": ["-y", "guardvibe"]
}
}
}
Features
- 300+ security rules for Next.js, Supabase, Clerk, Stripe, Prisma,
Hono, GraphQL, Convex, Turso, and more
- 20+ tools — scan files, check code, fix vulnerabilities, generate
policies, export SARIF
- Zero setup — npx guardvibe and you're scanning
- No account required — runs 100% locally, no API keys
- CVE detection — 20+ known vulnerable package versions
- AI agent security — MCP server vulnerabilities, prompt injection
detection
- Auto-fix — concrete patches the AI agent can apply
- Pre-commit hook — block insecure code before it reaches your repo
20+ Security Modules
Core Web, Authentication, Database, API Security, Cloud &
Infrastructure, AI/LLM Security, Supply Chain, Mobile, Frontend,
Secrets Detection, and more.
License
Apache-2.0
Server Config
{
"mcpServers": {
"guardvibe": {
"command": "npx",
"args": [
"-y",
"guardvibe"
]
}
}
}