Skip to main content
Glama
BPN-Solutions

VibeCheck MCP Server

by BPN-Solutions
OverviewSchemaRelated ServersScoreDiscussions
TypeScript
Hybrid

VibeCheck MCP Server

AI-powered security audit tool for codebases. Analyzes code for vulnerabilities using real-time data from MITRE CWE and npm audit.

Features

  • AI-Powered Analysis: Uses MCP sampling to analyze code with Claude

  • Real-Time CWE Data: Fetches vulnerability definitions from MITRE's CWE API

  • Dependency Scanning: Uses npm audit for package vulnerability checks

  • Zero Configuration: No API keys required to get started

Installation

Claude Code (Recommended)

/plugin marketplace add BPN-Solutions/vibecheck-mcp /plugin install vibecheck@vibecheck

Manual Installation

Add to your Claude Desktop config (~/.claude/claude_desktop_config.json):

{ "mcpServers": { "vibecheck": { "command": "npx", "args": ["-y", "vibecheck-audit-mcp"] } } }

From Source

git clone https://github.com/BPN-Solutions/vibecheck-mcp.git cd vibecheck-mcp npm install && npm run build

Tools

scan_codebase

Full AI-powered security audit with real-time vulnerability data.

Analyzes:

  • Authentication and authorization issues

  • API security vulnerabilities

  • Database security rules

  • Exposed secrets and environment variables

  • Dependency vulnerabilities (via npm audit)

  • Data flow and injection vulnerabilities

Input:

{ "path": "/path/to/codebase", "categories": ["auth", "api", "secrets-env"], "severityThreshold": "medium" }

Or provide files directly:

{ "files": [ { "path": "src/auth.ts", "content": "..." } ] }

Categories:

  • auth - Authentication, sessions, middleware

  • api - API routes, endpoints

  • database-rules - Firebase/Supabase rules, Prisma schemas

  • secrets-env - Environment variables, config files

  • dependencies - package.json vulnerabilities

  • data-flow - User input handling, injection points

check_dependencies

Quick dependency-only scan using npm audit.

Input:

{ "path": "/path/to/project", "includeDevDependencies": false }

Requirements:

  • npm installed

  • package-lock.json in the project

Data Sources

Source

Purpose

Auth Required

MITRE CWE API

Vulnerability definitions

No

npm audit

Package CVEs

No

OWASP

Security categories

No (bundled)

Development

# Build npm run build # Watch mode npm run dev # Run directly npm start

How It Works

  1. File Reading: Reads files from the specified path or accepts file contents directly

  2. Hotspot Collection: Categorizes files by security relevance (auth, api, secrets, etc.)

  3. Dependency Audit: Runs npm audit if package-lock.json exists

  4. AI Analysis: Uses MCP sampling to analyze each category with expert prompts

  5. CWE Enrichment: Fetches relevant CWE definitions from MITRE API

  6. Results: Returns structured findings with severity, CWE/OWASP refs, and remediation steps

Output Format

{ "findings": [ { "id": "uuid", "type": "hardcoded-secret", "severity": "critical", "title": "Hardcoded API Key", "description": "...", "filePath": "src/config.ts", "lineNumber": 42, "codeSnippet": "const API_KEY = 'sk-...'", "aiReasoning": "...", "confidence": 95, "cwes": [{ "id": "CWE-798", "name": "..." }], "owasp": [{ "id": "A02:2021", "name": "..." }], "remediation": { "summary": "Use environment variables", "steps": ["..."] } } ], "dependencyVulnerabilities": [...], "summary": { "totalFindings": 5, "critical": 1, "high": 2, "medium": 2, "low": 0, "vulnerableDependencies": 3 }, "scanDuration": 12500 }

License

MIT

This server cannot be installed

-
security - not tested
A
license - permissive license
-
quality - not tested

How are these scores calculated?

Resources

New MCP Servers

Latest Blog Posts

MCP directory API

We provide all the information about MCP servers via our MCP API.

curl -X GET 'https://glama.ai/api/mcp/v1/servers/BPN-Solutions/vibecheck-mcp'

If you have feedback or need assistance with the MCP directory API, please join our Discord server