SecureVibes MCP
Click on "Install Server".
Wait a few minutes for the server to deploy. Once ready, it will show a "Started" state.
In the chat, type
@followed by the MCP server name and your instructions, e.g., "@SecureVibes MCPRun a security assessment on my project"
That's it! The server will respond to your query, and you can continue using it as needed.
Here is a step-by-step guide with screenshots.
SecureVibes MCP
A Model Context Protocol server that provides AI-powered security scanning through conversational analysis. Scan codebases for vulnerabilities using natural language with Claude.
Installation
# Clone the repository
git clone https://github.com/your-org/securevibes_mcp.git
cd securevibes_mcp
# Install with uv
uv syncRelated MCP server: Security-Use MCP Server
Configuration
Add to your Claude Desktop config (~/Library/Application Support/Claude/claude_desktop_config.json):
{
"mcpServers": {
"securevibes": {
"command": "uv",
"args": ["run", "python", "-m", "securevibes_mcp"],
"cwd": "/path/to/securevibes_mcp"
}
}
}Security Pipeline
SecureVibes uses a sequential pipeline where each stage builds on the previous:
run_assessment → run_threat_modeling → run_code_review → run_dast → generate_report
↓ ↓ ↓ ↓ ↓
SECURITY.md THREAT_MODEL.json VULNERABILITIES.json DAST_*.json scan_results.json
scan_report.mdUsage
1. Run Assessment
Analyzes your codebase and creates a security baseline document.
"Run a security assessment on /path/to/my/project"Creates: .securevibes/SECURITY.md
2. Run Threat Modeling
Performs STRIDE analysis based on the security document.
"Run threat modeling on /path/to/my/project"Creates: .securevibes/THREAT_MODEL.json
Options:
focus_components: Analyze specific components only
3. Run Code Review
Scans code for vulnerability patterns matching identified threats.
"Run code review on /path/to/my/project"Creates: .securevibes/VULNERABILITIES.json
Options:
focus_components: Scan specific paths only (e.g.,["auth", "api"])
4. Run DAST
Tests confirmed vulnerabilities against a running application.
"Run DAST on /path/to/my/project targeting http://localhost:8080"Creates: .securevibes/DAST_VALIDATION.json
Options:
target_url: Base URL of the running application (required)vulnerability_ids: Test specific vulnerabilities only
5. Generate Report
Compiles all findings into comprehensive reports.
"Generate a security report for /path/to/my/project"Creates: .securevibes/scan_results.json and .securevibes/scan_report.md
Options:
format: Output format -json,markdown, orboth(default)
6. Check Status
View the state of all security artifacts:
"What's the scan status for /path/to/my/project"7. Get Artifact
Retrieve any artifact content:
"Show me the THREAT_MODEL.json for /path/to/my/project"8. Get Vulnerabilities
Query and filter vulnerability data:
"Show me critical vulnerabilities for /path/to/my/project"
"Get SQL injection vulnerabilities (CWE-89) in /path/to/my/project"
"List vulnerabilities in the auth module"Options:
severity: Filter by minimum severity (critical, high, medium, low)cwe_id: Filter by specific CWE (e.g., "CWE-89")file_path: Filter by file path patternlimit: Maximum results (default: 10)
Example Conversation
User: Run a security assessment on /Users/me/myapp
Claude: I've completed the security assessment. Found 45 files across
Python and JavaScript. Detected Flask and React frameworks.
User: Now do threat modeling
Claude: Identified 12 threats across STRIDE categories:
- 3 critical (authentication, SQL injection, privilege escalation)
- 5 high (XSS, session management, data exposure)
- 4 medium (logging, DoS, input validation)
User: Run code review focusing on the auth module
Claude: Found 5 confirmed vulnerabilities in the auth module:
- VULN-001: Hardcoded credentials in config.py:23
- VULN-002: SQL injection in user_lookup.py:45
...Artifacts
All artifacts are stored in .securevibes/ within your project:
Artifact | Description |
| Architecture overview, components, data flows |
| STRIDE threats with severity and CVSS ranges |
| Code findings with file locations and CWE IDs |
| Exploitability test results from dynamic testing |
| Comprehensive JSON report with all findings |
| Human-readable Markdown security report |
Development
# Run tests
uv run pytest
# Run with coverage
uv run pytest --cov=securevibes_mcp
# Lint
uv run ruff check .
# Format
uv run ruff format .License
MIT
This server cannot be installed
Maintenance
Resources
Unclaimed servers have limited discoverability.
Looking for Admin?
If you are the server author, to access and configure the admin panel.
Latest Blog Posts
- Your AI Chatbot Just Exposed Your CEO's Salary to an InternBy Om-Shree-0709 on .Agent IdentityMCP SecurityOAuth Delegation
- Why MCP Servers Need Execution Sandboxing (And Why Your Current Stack Isn't Enough)By Om-Shree-0709 on .Agentic AiPrompt InjectionWebAssembly
MCP directory API
We provide all the information about MCP servers via our MCP API.
curl -X GET 'https://glama.ai/api/mcp/v1/servers/SimonvanAs/secure-vibes-mcp'
If you have feedback or need assistance with the MCP directory API, please join our Discord server