ai-scanner-mcp
Detects usage of CrewAI framework in codebases.
Detects Discord bot tokens and credentials in codebases.
Detects GitHub tokens and credentials in codebases.
Detects Google API tokens in codebases.
Detects usage of Google Gemini SDK in codebases.
Detects usage of LangChain framework in codebases.
Detects OpenAI API keys and SDK usage in codebases.
Detects Replicate API tokens in codebases.
Detects Slack tokens and credentials in codebases.
Detects Stripe secret keys and tokens in codebases.
Detects Twilio credentials in codebases.
Detects usage of Vercel AI SDK in codebases.
Click on "Install Server".
Wait a few minutes for the server to deploy. Once ready, it will show a "Started" state.
In the chat, type
@followed by the MCP server name and your instructions, e.g., "@ai-scanner-mcpScan this project for any exposed API keys"
That's it! The server will respond to your query, and you can continue using it as needed.
Here is a step-by-step guide with screenshots.
An MCP server that exposes ai-scanner as tools for AI agents. Works with Claude Code, Claude Desktop, Cursor, Windsurf, and any MCP-compatible client.
Tools
Tool | Description |
| Full scan — LLM SDKs, AI frameworks, exposed tokens, and hardcoded secrets with severity levels |
| Security check — pass/fail scan for exposed credentials only. Perfect for pre-commit checks |
| AI stack overview — which SDKs, frameworks, models, and API endpoints are used (no secret detection) |
Setup
Claude Code
claude mcp add ai-scanner npx ai-scanner-mcpClaude Desktop
Add to your claude_desktop_config.json:
{
"mcpServers": {
"ai-scanner": {
"command": "npx",
"args": ["ai-scanner-mcp"]
}
}
}Config file location:
macOS:
~/Library/Application Support/Claude/claude_desktop_config.jsonWindows:
%APPDATA%\Claude\claude_desktop_config.json
Cursor
Add to .cursor/mcp.json in your project:
{
"mcpServers": {
"ai-scanner": {
"command": "npx",
"args": ["ai-scanner-mcp"]
}
}
}Windsurf
Add to ~/.windsurf/mcp.json:
{
"mcpServers": {
"ai-scanner": {
"command": "npx",
"args": ["ai-scanner-mcp"]
}
}
}Example Usage
Once connected, you can ask your AI agent:
"Scan this project for any exposed API keys"
"Check if there are any hardcoded secrets before I commit"
"What AI SDKs and frameworks does this codebase use?"
"Run a security scan on ./src and tell me if it's safe to push"
"Give me an AI inventory of this project"
Tool Details
scan_directory
Full scan with all detection categories. Parameters:
Parameter | Type | Default | Description |
| string | required | Path to scan |
| boolean |
| Skip generic secrets (Stripe, GitHub, etc.) |
| boolean |
| Include .env files |
| boolean |
| Detect LLM API endpoint URLs |
| boolean |
| Detect model name references |
check_secrets
Security-focused pass/fail check. Parameters:
Parameter | Type | Default | Description |
| string | required | Path to scan |
| boolean |
| Only check AI tokens |
| boolean |
| Include .env files |
ai_inventory
AI stack awareness (no secret detection). Parameters:
Parameter | Type | Default | Description |
| string | required | Path to scan |
Detection Coverage
AI Tokens (20+) — OpenAI, Anthropic, Google, AWS, HuggingFace, Groq, Replicate, and more
Generic Secrets (59) — Stripe, Twilio, GitHub, Slack, Discord, database URIs, private keys, JWTs
LLM SDKs (23) — OpenAI, Anthropic, Google Gemini, LiteLLM, AWS Bedrock, and more
AI Frameworks (24) — LangChain, LlamaIndex, CrewAI, AutoGen, DSPy, Vercel AI SDK, and more
145 total detection patterns
License
This server cannot be installed
Maintenance
Resources
Unclaimed servers have limited discoverability.
Looking for Admin?
If you are the server author, to access and configure the admin panel.
Latest Blog Posts
MCP directory API
We provide all the information about MCP servers via our MCP API.
curl -X GET 'https://glama.ai/api/mcp/v1/servers/sky-in-code/ai-scanner-mcp'
If you have feedback or need assistance with the MCP directory API, please join our Discord server