vibecode-checker

Overview Schema Related Servers Score Discussions

scan_path

Scans local file or folder for security vulnerabilities against public sector standards. Detects issues with explanations and fixes, without sending code externally.

Instructions

파일 또는 폴더를 공공기관 보안 기준으로 점검(보안·검토·체크·검사)합니다.

사용자가 "이 폴더/프로젝트 보안 점검해줘", "이 파일 검토/체크해줘", "안전한지 검사해줘"처럼 로컬 경로를 가리키면 이 도구를 사용하세요. 메모리의 코드 조각이면 대신 scan_code 를 씁니다. "기존 코드베이스 감사" 흐름의 진입점입니다.

경로를 로컬에서 순회하며 빌드·vendor 디렉터리를 건너뛰고 바이너리는 무시하며, 소스 코드를 외부 API로 전혀 보내지 않습니다. 각 발견 사항에는 why_it_matters 와 safe_fix 가 포함됩니다. 검사 후 render_report 로 한국어 보고서를 만드세요.

Input Schema

TableJSON Schema

Name	Required	Default
`path`	Yes
`scenario`	No
`profile`	No	public-default-strict
`max_files`	No

Output Schema

TableJSON Schema

Name	Required	Description	Default
No arguments

Tool Definition Quality

A4.4/5.0

Behavior5/5

Does the description disclose side effects, auth requirements, rate limits, or destructive behavior?

Detailed behavioral disclosure: traverses locally, skips build/vendor dirs, ignores binaries, no external API calls for source code. Mentions findings include why_it_matters and safe_fix. No annotations provided, so description fully compensates.

Agents need to know what a tool does to the world before calling it. Descriptions should go beyond structured annotations to explain consequences.

Conciseness4/5

Is the description appropriately sized, front-loaded, and free of redundancy?

Well-structured with bullet points, but somewhat lengthy. Could be more concise without losing key information.

Shorter descriptions cost fewer tokens and are easier for agents to parse. Every sentence should earn its place.

Completeness5/5

Given the tool's complexity, does the description cover enough for an agent to succeed on first attempt?

Given no annotations, description covers behavioral traits, workflow (use render_report), and constraints. Output schema exists so return values need not be explained. Comprehensive for a scanning tool.

Complex tools with many parameters or behaviors need more documentation. Simple tools need less. This dimension scales expectations accordingly.

Parameters2/5

Does the description clarify parameter syntax, constraints, interactions, or defaults beyond what the schema provides?

Schema coverage is 0%, but description only implicitly covers 'path'. It does not explain 'scenario', 'profile', or 'max_files' parameters, leaving gaps in meaning beyond schema.

Input schemas describe structure but not intent. Descriptions should explain non-obvious parameter relationships and valid value ranges.

Purpose5/5

Does the description clearly state what the tool does and how it differs from similar tools?

The description clearly states the tool scans files/folders for security compliance, using specific verb '점검' and resource 'path'. It distinguishes from sibling 'scan_code' by specifying local paths vs in-memory code.

Agents choose between tools based on descriptions. A clear purpose with a specific verb and resource helps agents select the right tool.

Usage Guidelines5/5

Does the description explain when to use this tool, when not to, or what alternatives exist?

Explicitly states when to use (local path security check) and when not (use scan_code for code snippets). It also positions the tool as entry point for 'existing codebase audit' flow.

Agents often have multiple tools that could apply. Explicit usage guidance like "use X instead of Y when Z" prevents misuse.

Install Server

Other Tools

Latest Blog Posts

Lightport: Open-Sourcing Glama's AI Gateway
By punkpeye on April 27, 2026.
open source
OpenAI
Tool Definition Quality Score (TDQS)
By punkpeye on April 3, 2026.
mcp
The Hackers Who Tracked My Sleep Cycle
By punkpeye on March 26, 2026.
security

MCP directory API

We provide all the information about MCP servers via our MCP API.

curl -X GET 'https://glama.ai/api/mcp/v1/servers/Lex6won/vibecode-checker'

If you have feedback or need assistance with the MCP directory API, please join our Discord server