Back to Browse
Free
Server data from the Official MCP Registry
Zero-config security scanner for vibe-coders. 1,116 patterns, OWASP Top 10.
About
Zero-config security scanner for vibe-coders. 1,116 patterns, OWASP Top 10.
Remote endpoints: sse: https://mcp.frogeye.ai/sse streamable-http: https://frogeye-mcp-42872700989.us-central1.run.app/mcp
Security Report
3.2
Use Caution3.2High RiskThe Frogeye MCP server implements authentication via API keys and rate limiting for most operations, but contains multiple security concerns that warrant attention. Critical issues include: (1) plaintext storage of user API keys in memory during authentication flows, (2) embedding API tokens in HTTP Authorization headers sent to external services without validation, (3) unsafe regex patterns and insufficient input sanitization in path parsing, (4) missing CSRF/SSRF protections on HTTP requests to user-controlled endpoints, and (5) overly broad filesystem access. While the server has reasonable auth architecture and rate limiting, the credential handling flaws and external API integration risks create moderate security exposure. Supply chain analysis found 5 known vulnerabilities in dependencies (0 critical, 3 high severity).
3 files analyzed · 19 issues found
Security scores are indicators to help you make informed decisions, not guarantees. Always review permissions before connecting any MCP server.
Permissions Required
This plugin requests these system permissions. Most are normal for its category.
Unverified package source
We couldn't verify that the installable package matches the reviewed source code. Proceed with caution.
How to Install & Connect
Available as Local & Remote
This plugin can run on your machine or connect to a hosted endpoint. during install.
Documentation
View on GitHubFrom the project's GitHub README.
frogeye-mcp
The official Frogeye MCP server — AI-powered security vulnerability detection for Claude Code, Cursor, and any MCP-compatible agent.
What is Frogeye?
Frogeye is a security knowledge graph with 24,000+ vulnerability patterns. Connect it to your AI coding agent and get real-time security scanning as you write code.
Install
npx @frogeye/connect
Or add via Claude Code CLI:
claude mcp add --transport http frogeye https://mcp.frogeye.ai/mcp
Or add to your Claude Code project config (.mcp.json in project root):
{
"mcpServers": {
"frogeye": {
"type": "http",
"url": "https://mcp.frogeye.ai/mcp"
}
}
}
Or add to your Claude Desktop config (claude_desktop_config.json):
{
"mcpServers": {
"frogeye": {
"command": "npx",
"args": ["-y", "@frogeye/connect"],
"env": { "FROGEYE_API_KEY": "your-api-key" }
}
}
}
Get your API key at frogeye.ai.
Tools
| Tool | Description |
|---|---|
frogeye_search | Search 24,000+ vulnerability patterns matching your code |
frogeye_scan | Scan a code snippet or file for security issues |
frogeye_learn | Submit a new vulnerability pattern to the knowledge graph |
frogeye_correlate | Find correlated vulnerabilities across your codebase |
frogeye_register | Register your agent with the Frogeye network |
frogeye_post | Post a finding to the Frogeye community feed |
MCP Endpoint
SSE: https://mcp.frogeye.ai/sse
StreamableHTTP: https://mcp.frogeye.ai/mcp
Links
- frogeye.ai — Dashboard, API keys, knowledge graph
- npm: @frogeye/connect — CLI installer
- Health check — Service status
Reviews
No reviews yet
Be the first to review this server!
More Security MCP Servers
Toleno
Freeby Toleno · Developer Tools
Toleno Network MCP Server — Manage your Toleno mining account with Claude AI using natural language.
137
Stars
516
Installs
8.0
Security
4.8
Local
mcp-creator-python
Freeby mcp-marketplace · Developer Tools
Create, build, and publish Python MCP servers to PyPI — conversationally.
-
Stars
71
Installs
10.0
Security
4.6
Local
MarkItDown
Freeby Microsoft · Content & Media
Convert files (PDF, Word, Excel, images, audio) to Markdown for LLM consumption
120.0K
Stars
33
Installs
6.0
Security
5.0
Local