Skip to content

sky-in-code/ai-scanner-mcp

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

9 Commits
.github
.github
 
 
.gitignore
.gitignore
 
 
CONTRIBUTING.md
CONTRIBUTING.md
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
index.js
index.js
 
 
package.json
package.json
 
 
server.json
server.json
 
 

Repository files navigation

ai-scanner logo

ai-scanner-mcp

MCP server for ai-scanner - let AI agents scan codebases for LLM usage, AI frameworks, and exposed secrets.

License: MIT Node.js MCP

An MCP server that exposes ai-scanner as tools for AI agents. Works with Claude Code, Claude Desktop, Cursor, Windsurf, and any MCP-compatible client.

Tools

Tool Description
scan_directory Full scan — LLM SDKs, AI frameworks, exposed tokens, and hardcoded secrets with severity levels
check_secrets Security check — pass/fail scan for exposed credentials only. Perfect for pre-commit checks
ai_inventory AI stack overview — which SDKs, frameworks, models, and API endpoints are used (no secret detection)

Setup

Claude Code

claude mcp add ai-scanner npx ai-scanner-mcp

Claude Desktop

Add to your claude_desktop_config.json:

{
  "mcpServers": {
    "ai-scanner": {
      "command": "npx",
      "args": ["ai-scanner-mcp"]
    }
  }
}

Config file location:

  • macOS: ~/Library/Application Support/Claude/claude_desktop_config.json
  • Windows: %APPDATA%\Claude\claude_desktop_config.json

Cursor

Add to .cursor/mcp.json in your project:

{
  "mcpServers": {
    "ai-scanner": {
      "command": "npx",
      "args": ["ai-scanner-mcp"]
    }
  }
}

Windsurf

Add to ~/.windsurf/mcp.json:

{
  "mcpServers": {
    "ai-scanner": {
      "command": "npx",
      "args": ["ai-scanner-mcp"]
    }
  }
}

Example Usage

Once connected, you can ask your AI agent:

  • "Scan this project for any exposed API keys"
  • "Check if there are any hardcoded secrets before I commit"
  • "What AI SDKs and frameworks does this codebase use?"
  • "Run a security scan on ./src and tell me if it's safe to push"
  • "Give me an AI inventory of this project"

Tool Details

scan_directory

Full scan with all detection categories. Parameters:

Parameter Type Default Description
directory string required Path to scan
ai_only boolean false Skip generic secrets (Stripe, GitHub, etc.)
scan_env boolean false Include .env files
include_endpoints boolean true Detect LLM API endpoint URLs
include_models boolean true Detect model name references

check_secrets

Security-focused pass/fail check. Parameters:

Parameter Type Default Description
directory string required Path to scan
ai_only boolean false Only check AI tokens
scan_env boolean false Include .env files

ai_inventory

AI stack awareness (no secret detection). Parameters:

Parameter Type Default Description
directory string required Path to scan

Detection Coverage

  • AI Tokens (20+) — OpenAI, Anthropic, Google, AWS, HuggingFace, Groq, Replicate, and more
  • Generic Secrets (59) — Stripe, Twilio, GitHub, Slack, Discord, database URIs, private keys, JWTs
  • LLM SDKs (23) — OpenAI, Anthropic, Google Gemini, LiteLLM, AWS Bedrock, and more
  • AI Frameworks (24) — LangChain, LlamaIndex, CrewAI, AutoGen, DSPy, Vercel AI SDK, and more
  • 145 total detection patterns

License

MIT

About

A powerful tool that scans your codebase to detect LLM SDK usage, AI framework integrations, and exposed API tokens/keys for any LLM provider.

aakashbhardwaj27.github.io/ai-scanner/

Resources

Readme

License

MIT license

Contributing

Contributing
Activity

Stars

1 star

Watchers

0 watching

Forks

1 fork
Report repository

Releases 4

v1.0.3 Latest
Mar 21, 2026
+ 3 releases

Packages

 
 
 

Contributors

Languages