Python Code Review MCP Agent

Python Code Review MCP Agent 🐍🔍

A comprehensive Model Context Protocol (MCP) server designed specifically for backend developers working with Python. This agent provides detailed code quality and security analysis with consistent, actionable reporting.

🎯 Key Features

🔒 Security-First Analysis

SQL Injection Detection - String formatting, concatenation, f-strings
Command Injection Prevention - os.system(), subprocess with shell=True
Code Injection Scanning - eval(), exec() usage detection
Secrets Detection - Hardcoded passwords, API keys, tokens
Crypto Security - Weak random number generation, SSL issues

📊 Code Quality Assessment

PEP 8 Compliance - Naming conventions, style guidelines
Exception Handling - Bare except, broad exceptions
Performance Patterns - Inefficient loops, list operations
Import Management - Wildcard imports, multiple imports
Code Complexity - Function length, maintainability

📋 Detailed Reporting

Executive Summaries - Risk assessment, deployment readiness
Quality Scorecards - 0-100 scoring for quality and security
Severity Levels - Critical, High, Medium, Low prioritization
Actionable Suggestions - Specific fix recommendations
Comparison Reports - Before/after improvement tracking

🛠️ Available MCP Tools

1. `review_python_code`

Comprehensive analysis with detailed, summary, or security-focused reports.

{
  "code": "your_python_code_here",
  "filename": "optional_filename.py",
  "reportType": "detailed" // "detailed", "summary", or "security"
}

2. `security_audit`

Focused security vulnerability scanning with threat analysis.

{
  "code": "your_python_code_here",
  "filename": "optional_filename.py"
}

3. `analyze_code_quality`

Deep code quality analysis with configurable focus areas.

{
  "code": "your_python_code_here",
  "filename": "optional_filename.py",
  "includeStyle": true,
  "includeMaintainability": true
}

4. `compare_code_versions`

Compare original vs. revised code to track improvements.

{
  "originalCode": "original_version_here",
  "revisedCode": "improved_version_here",
  "filename": "optional_filename.py"
}

5. `get_improvement_suggestions`

Get targeted suggestions for specific areas of concern.

{
  "code": "your_python_code_here",
  "filename": "optional_filename.py",
  "focusArea": "security" // "security", "quality", "performance", "style", "all"
}

🚀 Quick Start

Installation

npm install
npm run build

Running Tests

npm test

Starting the MCP Server

npm start

Running Demo

node dist/demo.js

⚙️ MCP Client Configuration

Add to your MCP client configuration:

{
  "mcpServers": {
    "python-code-review": {
      "command": "node",
      "args": ["/path/to/python_code_review_mcp/dist/index.js"]
    }
  }
}

📖 Usage Examples

Security Analysis

"Audit this Python Flask endpoint for security vulnerabilities"

@app.route('/user/<user_id>')
def get_user(user_id):
    query = f"SELECT * FROM users WHERE id = {user_id}"
    cursor.execute(query)
    return cursor.fetchone()

Result: Detects SQL injection vulnerability, provides secure parameterized query solution.

Code Quality Review

"Review this data processing function for quality issues"

def process_data(items):
    result = []
    for i in range(len(items)):
        result += [items[i].upper()]
    return result

Result: Identifies performance issues, suggests enumerate() and list comprehensions.

Improvement Tracking

"Compare my original code with the improved version"

Result: Shows quality score improvements, security enhancements, and resolved issues.

🎯 Perfect for Backend Developers

🏗️ Framework Support

Django - Models, views, security best practices
Flask - Route handlers, authentication, security
FastAPI - Async patterns, data validation
SQLAlchemy - Query security, ORM patterns

🔧 Development Workflow

Pre-commit Analysis - Catch issues before they reach production
Code Review Assistant - Comprehensive analysis for pull requests
Security Auditing - Regular vulnerability assessments
Refactoring Guide - Systematic improvement tracking

📊 Quality Metrics

Security Score (0-100) - Vulnerability risk assessment
Quality Score (0-100) - Code quality measurement
Issue Density - Problems per 100 lines of code
Risk Level - Overall deployment readiness

🧪 Comprehensive Testing

40/40 Tests Passing - 100% test coverage
Security Detection - All major vulnerability types
Quality Analysis - PEP 8, best practices, performance
Report Generation - Multiple formats and detail levels
Edge Cases - Empty code, comments, mixed indentation
Real-World Examples - Flask apps, Django models, data processing

🔍 Detection Capabilities

🚨 Critical Security Issues

SQL injection vulnerabilities
Command injection risks
Code injection through eval/exec
Hardcoded secrets and credentials

⚠️ High Priority Issues

SSL verification disabled
Subprocess with shell=True
Broad exception handling

📋 Quality Improvements

PEP 8 naming conventions
Performance anti-patterns
Import organization
Documentation completeness

📈 Scoring System

Security Score Calculation

100: No security vulnerabilities detected
70-99: Minor security concerns
30-69: Moderate security risks
0-29: Critical security vulnerabilities

Quality Score Calculation

90-100: Excellent code quality
80-89: Good code quality
70-79: Fair code quality
60-69: Poor code quality
0-59: Critical quality issues

🎉 Production Ready

✅ Zero Dependencies - No external APIs required
✅ Fast Analysis - Local pattern matching
✅ Consistent Reports - Standardized output format
✅ TypeScript - Full type safety and IntelliSense
✅ Error Handling - Graceful failure and recovery
✅ MCP Standards - Compatible with all MCP clients

Transform your Python code review process with intelligent, automated analysis focused on the specific needs of backend developers! 🐍✨

Deploy Server

HTTP connection URL

security - not tested

license - not found

quality - not tested

How are these scores calculated?

hybrid server

The server is able to function both locally and remotely, depending on the configuration or use case.

Tools

Enables comprehensive security vulnerability scanning and code quality analysis for Python applications. Provides detailed reports with scoring, actionable suggestions, and comparison tracking specifically designed for backend developers working with frameworks like Django, Flask, and FastAPI.

Related MCP Servers

Trivy Security Scanner MCP Server
norbinsh
-
security
A
license
-
quality
Provides Trivy security scanning capabilities through a standardized interface, allowing users to scan projects for vulnerabilities and automatically fix them by updating dependencies.
Last updated -
10
MIT License
MCP Vulnerability Checker Server
firetix
A
security
A
license
A
quality
A Model Context Protocol server providing security vulnerability intelligence tools including CVE lookup, EPSS scoring, CVSS calculation, exploit detection, and Python package vulnerability checking.
Last updated -
8
6
MIT License
Lanalyzer MCP Server
bayuncao
-
security
A
license
-
quality
Provides Python code security analysis through the Model Context Protocol, enabling AI tools to detect potential vulnerabilities like SQL injection and XSS by identifying tainted data flows from untrusted sources to sensitive operations.
Last updated -
34
AGPL 3.0
Quack MCP Server
DXC-Lab-Linkage
-
security
F
license
-
quality
A continuous integration server that automates Python code analysis, providing linting and static type checking tools for quality assurance.
Last updated -

View all related MCP servers