Your AI's Senior Security Engineer. Instantly audits local code for OWASP risks and leaked secrets.
**What it does:** Security Auditor Pro upgrades your local AI agent (Claude Desktop, Cursor, Antigravity) into a Senior DevSecOps Engineer. It gives your AI the native ability to deeply scan your local codebase and hunt for severe security risks—like hardcoded API keys, dangerous arbitrary code execution (e.g., eval()), and critical OWASP Top 10 vulnerabilities (like SQL injections and XSS).
**How it works:** Built natively on the Model Context Protocol (MCP), it securely exposes the `audit_codebase` tool to your AI. When asked to review a file or an entire directory, the server rapidly scans the raw code for dangerous anti-patterns and leaked secrets, compiling a structured threat report directly into the AI's context window. The AI then explains the vulnerabilities to you and writes the exact patches needed to secure them.
**Who it's for:** This tool is built for developers, agency owners, and security researchers who want to ensure their code is perfectly secure before shipping to production. Instead of paying for an expensive manual security audit, simply ask your AI to *"audit the /src directory"* and instantly secure your application.
This security auditor MCP server has a clear purpose and appropriate permissions for local file scanning, but contains several security concerns that limit its reliability. The main issues are: inadequate input validation allowing directory traversal attacks, overly simplistic pattern-matching for security scanning that produces false positives/negatives, potential sensitive data exposure in error messages, and lack of proper output escaping. While not malicious, these flaws undermine the server's credibility as a security tool and create exploitable attack surfaces. Package verification found 1 issue.
2 files analyzed · 9 issues found
Security scores are indicators to help you make informed decisions, not guarantees. Always review permissions before connecting any MCP server.
This plugin requests these system permissions. Most are normal for its category.
Install instructions and configuration are available after purchase.
Once installed, try these example prompts and explore these capabilities:
No written reviews yet. Be the first!
by Toleno · Developer Tools
Toleno Network MCP Server — Manage your Toleno mining account with Claude AI using natural language.
by mcp-marketplace · Developer Tools
Create, build, and publish Python MCP servers to PyPI — conversationally.
by Microsoft · Content & Media
Convert files (PDF, Word, Excel, images, audio) to Markdown for LLM consumption