Lanalyzer MCP Server
Click on "Install Server".
Wait a few minutes for the server to deploy. Once ready, it will show a "Started" state.
In the chat, type
@followed by the MCP server name and your instructions, e.g., "@Lanalyzer MCP Serveranalyze app.py for SQL injection vulnerabilities"
That's it! The server will respond to your query, and you can continue using it as needed.
Here is a step-by-step guide with screenshots.

Lanalyzer
Lanalyzer is an advanced Python static taint analysis tool designed to detect potential security vulnerabilities in Python projects. It identifies data flows from untrusted sources (Sources) to sensitive operations (Sinks) and provides detailed insights into potential risks.
📖 Table of Contents
Related MCP server: Joern MCP Server
✨ Features
Taint Analysis: Tracks data flows from sources to sinks.
Customizable Rules: Define your own sources, sinks, sanitizers, and taint propagation paths.
Static Analysis: No need to execute the code.
Extensibility: Easily add new rules for detecting vulnerabilities like SQL Injection, XSS, and more.
Detailed Reports: Generate comprehensive analysis reports with vulnerability details and mitigation suggestions.
Command-Line Interface: Run analyses directly from the terminal.
🚀 Getting Started
Prerequisites
Python 3.10 or higher
uv (recommended for dependency management)
Steps
Clone the repository:
git clone https://github.com/mxcrafts/lanalyzer.git cd lanalyzerCreate a virtual environment and install dependencies:
uv venv uv pip sync pyproject.toml --all-extrasActivate the virtual environment:
source .venv/bin/activate
💻 Usage
Basic Analysis
Run a taint analysis on a Python file:
lanalyzer --target <target_file> --config <config_file> --pretty --output <output_file> --log-file <log_file> --debugCommand-Line Options
--target: Path to the Python file or directory to analyze.--config: Path to the configuration file.--output: Path to save the analysis report.--log-file: Path to save the log file.--pretty: Pretty-print the output.--detailed: Show detailed analysis statistics.--debug: Enable debug mode with detailed logging.
Example
lanalyzer --target example.py --config rules/sql_injection.json --pretty --output example_analysis.json --log-file example_analysis.log --debug🤝 Contributing
We welcome contributions! Please see the CONTRIBUTING.md file for guidelines on how to contribute to Lanalyzer.
📄 License
This project is licensed under the GNU Affero General Public License v3.0. See the LICENSE file for details.
📞 Contact
Contact
Issues: GitHub Issues
Email: support@mx-crafts.com
🧩 Model Context Protocol (MCP) Support
Lanalyzer now supports the Model Context Protocol (MCP), allowing it to run as an MCP server that AI models and tools can use to access taint analysis functionality through a standard interface.
Installing MCP Dependencies
If you're using pip:
pip install "lanalyzer[mcp]"If you're using uv:
uv pip install -e ".[mcp]"Starting the MCP Server
There are multiple ways to start the MCP server:
Using Python Module:
# View help information
python -m lanalyzer.mcp --help
# Start the server
python -m lanalyzer.mcp run --host 0.0.0.0 --port 8000 --debugUsing the lanalyzer Command-Line Tool:
# View help information
lanalyzer mcp --help
# Start the server
lanalyzer mcp run --host 0.0.0.0 --port 8000 --debug
# Use FastMCP development mode (if applicable, verify this command)
# lanalyzer mcp devMCP Server Features
The MCP server provides the following core functionalities:
Code Analysis: Analyze Python code strings for security vulnerabilities
File Analysis: Analyze specific files for security vulnerabilities
Path Analysis: Analyze entire directories or projects for security vulnerabilities
Vulnerability Explanation: Provide detailed explanations of discovered vulnerabilities
Configuration Management: Get, validate, and create analysis configurations
Integration with AI Tools
The MCP server can be integrated with AI tools that support the MCP protocol:
# Using the FastMCP client
from fastmcp import FastMCPClient
# Create a client connected to the server
client = FastMCPClient("http://127.0.0.1:8000")
# Analyze code
result = client.call({
"type": "analyze_code",
"code": "user_input = input()\nquery = f\"SELECT * FROM users WHERE name = '{user_input}'\"",
"file_path": "example.py",
"config_path": "/path/to/config.json"
})
# Print analysis results
print(result)Using in Cursor
If you're working in the Cursor editor, you can directly ask the AI to use Lanalyzer to analyze your code:
Please use lanalyzer to analyze the current file for security vulnerabilities and explain the potential risks.MCP Command-Line Options
The MCP server supports the following command-line options:
--debug: Enable debug mode with detailed logging--host: Set the server listening address (default: 127.0.0.1)--port: Set the server listening port (default: 8000)
Advanced MCP Usage
Custom Configurations
You can use the get_config, validate_config, and create_config tools to manage vulnerability detection configurations:
# Get the default configuration
config = client.call({
"type": "get_config"
})
# Create a new configuration
result = client.call({
"type": "create_config",
"config_data": {...}, # Configuration data
"config_path": "/path/to/save/config.json" # Optional
})Batch File Analysis
Analyze an entire project or directory:
result = client.call({
"type": "analyze_path",
"target_path": "/path/to/project",
"config_path": "/path/to/config.json",
"output_path": "/path/to/output.json" # Optional
})This server cannot be installed
Maintenance
Resources
Unclaimed servers have limited discoverability.
Looking for Admin?
If you are the server author, to access and configure the admin panel.
Latest Blog Posts
- Your AI Chatbot Just Exposed Your CEO's Salary to an InternBy Om-Shree-0709 on .Agent IdentityMCP SecurityOAuth Delegation
- Why MCP Servers Need Execution Sandboxing (And Why Your Current Stack Isn't Enough)By Om-Shree-0709 on .Agentic AiPrompt InjectionWebAssembly
MCP directory API
We provide all the information about MCP servers via our MCP API.
curl -X GET 'https://glama.ai/api/mcp/v1/servers/hkxiaoyao/lanalyzer'
If you have feedback or need assistance with the MCP directory API, please join our Discord server