Scan codebases for security vulnerabilities with deterministic checks and graph-aware severity scoring. Detects CVEs, injection, secrets, XSS, and more, returning prioritized findings with attack scenarios and fixes.
Scan a Docker image for known CVEs using Docker Scout. Filter results by severity, fix availability, or base image, and choose from JSON, SARIF, SPDX, list, markdown, or text output.
Zero-dependency MCP server that provides AI models with secure read/write/exec access to local files and directories over HTTP and SSE, designed to be tunneled via ngrok for integration with Claude Web.
Retrieve CVEs affecting your account, including metadata and affected system counts. Filter by CVSS score, impact, known exploits, and advisory availability to pinpoint critical vulnerabilities.
Audit a technology stack for exploitable vulnerabilities. Accepts a comma-separated list of technologies (max 5) and returns risk-sorted critical/high severity CVEs with public exploits.
Batch-scan MCP server names against the security metadata registry to return per-server risk assessment with registry match status, risk category, known CVEs, and verdict.
Search and filter vulnerabilities using criteria like severity, status, CVSS score, publication date, or keywords to identify security risks in systems.
Scan SKILL.md packages and agent tool definitions for security vulnerabilities including tool poisoning, command injection, data exfiltration, and prompt injection. Maps findings to OWASP Agentic and MCP Top 10.
Search for vulnerabilities (CVEs) with full-text search and filters for severity, exploit status, CISA KEV, ransomware, and CVSS/EPSS thresholds. Returns exploitation signals and attribution.
Scan an MCP server for security vulnerabilities, description quality, and architecture issues. Get a security rating from F to A+ with actionable recommendations for safe deployment.
Search the Common Platform Enumeration (CPE) dictionary to find CPE 2.3 URIs for product identifiers used by CVEs. Required before searching CVEs by affected product.
Lists Common Weakness Enumeration (CWE) categories sorted by number of vulnerabilities. Provides CWE ID, name, label, exploit likelihood, and linked CVEs.
Scan AI supply chain security by analyzing repositories, Docker images, packages, or local MCP configurations. Returns an AI-BOM with dependencies, vulnerabilities, blast radius, and remediation.
Scan project dependencies for known vulnerabilities using npm audit and the GitHub Advisory Database. Returns CVEs, severity levels, and patched versions to identify security risks.
Scans npm dependencies for known vulnerabilities using the GitHub Advisory Database. Identifies CVEs, severity levels, and patched versions to help secure your project.