%20--%3e%3cdefs%3e%3cstyle%3e%20.st0%20{%20fill:%20%23061b40;%20}%20.st1%20{%20fill:%20%23306af1;%20}%20.st2%20{%20fill:%20%235ce5cf;%20}%20%3c/style%3e%3c/defs%3e%3cg%3e%3cpath%20class='st0'%20d='M55,10.5h9v3h-9v9h12V7.5h-12v3ZM64,19.5h-6v-3h6v3Z'/%3e%3cpolygon%20class='st0'%20points='69%2016.5%2078%2016.5%2078%2019.5%2069%2019.5%2069%2022.5%2081%2022.5%2081%2013.5%2072%2013.5%2072%2010.5%2081%2010.5%2081%207.5%2069%207.5%2069%2016.5'/%3e%3cpolygon%20class='st0'%20points='95%2010.5%2095%207.5%2083%207.5%2083%2022.5%2095%2022.5%2095%2019.5%2086%2019.5%2086%2016.5%2095%2016.5%2095%2013.5%2086%2013.5%2086%2010.5%2095%2010.5'/%3e%3cpath%20class='st0'%20d='M40,1.5v21h11.6l1.4-1.4v-7.6h0c0,0-1.4-1.5-1.4-1.5l1.4-1.4V2.9l-1.4-1.4h-11.6ZM50,19.5h-7v-6h7v6ZM50,10.5h-7v-6h7v6Z'/%3e%3c/g%3e%3cpath%20class='st1'%20d='M23.1,24L14.7,4.8l-4.9,11.2h3.8l-1.8,4H3.3L12.1,0H2C.9,0,0,.9,0,2v20c0,1.1.9,2,2,2h21.1Z'/%3e%3cpath%20class='st2'%20d='M34,0h-16.8l10.6,24h6.2c1.1,0,2-.9,2-2V2C36,.9,35.1,0,34,0ZM32.5,20h-4V4h4v16Z'/%3e%3c/svg%3e)
Vulnicheck
VulniCheck is an AI - driven security scanner that provides comprehensive security analysis for Python projects and GitHub repositories. It runs as a Docker - based HTTP MCP server, supports standard HTTP streaming, and offers containerized deployment and comprehensive vulnerability scanning capabilities, including dependency checking, key detection, Docker file analysis, and AI risk assessment.
rating : 2.5 points
downloads : 0
What is VulniCheck?
VulniCheck is an intelligent security scanning tool specifically designed to help developers and teams discover security vulnerabilities in their code. It combines AI analysis with multiple security databases to automatically detect dependency vulnerabilities, exposed sensitive information, Docker configuration issues, etc. in Python projects.How to use VulniCheck?
Using VulniCheck is very simple: First, run the service via Docker, then configure the connection in Claude Code. After that, you can directly request a security scan through a conversation, such as 'Scan the security of my project' or 'Check the vulnerabilities of a GitHub repository'.Use Cases
VulniCheck is particularly suitable for the following scenarios: Code security checks before developing new features, automatic security scans in CI/CD pipelines, security reviews before contributing to open - source projects, regular security audits of team codebases, and as an auxiliary tool for learning security best practices.Main Features
Docker Containerized Deployment
One - click deployment via Docker ensures environment consistency, supports HTTP streaming, and does not require SSE configuration.
Multi - source Vulnerability Detection
Integrates more than 5 security databases such as OSV.dev, NVD, and GitHub Advisory to comprehensively detect known vulnerabilities.
AI Risk Assessment
Utilizes OpenAI/Anthropic API for intelligent security assessment, providing risk levels and suggestions.
Sensitive Information Detection
Automatically scans code for exposed sensitive information such as API keys, passwords, and tokens.
GitHub Repository Scanning
Supports direct scanning of GitHub repositories (including private repositories), with a maximum support of 1GB in size.
Docker Security Analysis
Specifically analyzes security configurations and dependency vulnerabilities in Dockerfiles.
Intelligent Caching Mechanism
Based on commit - level caching, it avoids redundant scans and improves efficiency.
Optional Authentication
Supports Google OAuth 2.0 authentication to enhance access security (disabled by default).
Advantages
Out - of - the - box: No complex configuration required, start with one - click in Docker
Comprehensive coverage: Integrates multiple security databases with a wide detection scope
Intelligent analysis: AI - assisted risk assessment provides actionable suggestions
Easy to integrate: Supports MCP clients such as Claude Code
Flexible deployment: Supports local and cloud deployment with optional authentication
Continuous updates: Docker images are regularly updated to maintain detection capabilities
Limitations
Mainly for Python: Although it supports multi - language scanning, it is mainly optimized for Python projects
API dependency: Advanced AI features require OpenAI/Anthropic API keys
Network requirements: Requires access to external security databases, which may be affected by the network
OAuth limitation: In the current FastMCP version, OAuth is not fully compatible with HTTP transmission
Resource consumption: Scanning large projects may require more memory and storage
Private repository limitation: Scanning private GitHub repositories requires a GitHub Token
How to Use
Install Docker
Ensure that Docker is installed on your system. This is a prerequisite for running VulniCheck.
%20--%3e%3cdefs%3e%3cstyle%3e%20.st0%20{%20fill:%20%230080ff;%20}%20%3c/style%3e%3c/defs%3e%3cpath%20class='st0'%20d='M16.2,11.1c.4.5.4,1.2,0,1.8l-4.7,7.1h-3.8l5.3-8L7.6,4h3.8l4.7,7.1Z'/%3e%3c/svg%3e)
Pull and Run the Container
Pull the latest image from Docker Hub and run the container. You can choose whether to add an API key for enhanced functionality.
Configure Claude Code
Add VulniCheck as an MCP server in Claude Code.
Start Using
Use the security scanning function directly in the Claude conversation.
Usage Examples
New Project Security Check
Ensure that all dependencies are secure when starting a new Python project.
Review Before Contributing to an Open - Source GitHub Project
Ensure that the code has no security issues before submitting a PR to an open - source project.
CI/CD Pipeline Integration
Add a security check to the automated deployment process.
Docker Container Security Strengthening
Optimize the Dockerfile configuration to reduce security risks.
Frequently Asked Questions
Is VulniCheck free?
Which programming languages are supported?
Is it safe to scan private GitHub repositories?
Can OAuth authentication be used currently?
Will scanning affect project performance?
How to update to the latest version?
Is team collaboration supported?
Are the scanning results accurate?
Related Resources
GitHub Repository
Source code, issue tracking, and contribution guidelines for VulniCheck
Docker Hub Image
Official Docker image page, including version information and pull instructions
MCP Protocol Documentation
Official specification of the Model Context Protocol, understand how MCP works
OSV Vulnerability Database
Open - source vulnerability database, one of the data sources used by VulniCheck
Claude Code Documentation
Claude Code usage guide, learn how to configure the MCP server
Issue Feedback
Report bugs, request features, or get technical support
Notion Api MCP
Certified
A Python-based MCP Server that provides advanced to-do list management and content organization functions through the Notion API, enabling seamless integration between AI models and Notion.
Python
18.4K
4.5 points
Markdownify MCP
Markdownify is a multi-functional file conversion service that supports converting multiple formats such as PDFs, images, audio, and web page content into Markdown format.
TypeScript
28.2K
5 points
Duckduckgo MCP Server
Certified
The DuckDuckGo Search MCP Server provides web search and content scraping services for LLMs such as Claude.
Python
57.2K
4.3 points
Gitlab MCP Server
Certified
The GitLab MCP server is a project based on the Model Context Protocol that provides a comprehensive toolset for interacting with GitLab accounts, including code review, merge request management, CI/CD configuration, and other functions.
TypeScript
18.9K
4.3 points
Unity
Certified
UnityMCP is a Unity editor plugin that implements the Model Context Protocol (MCP), providing seamless integration between Unity and AI assistants, including real - time state monitoring, remote command execution, and log functions.
C#
25.7K
5 points
Figma Context MCP
Framelink Figma MCP Server is a server that provides access to Figma design data for AI programming tools (such as Cursor). By simplifying the Figma API response, it helps AI more accurately achieve one - click conversion from design to code.
TypeScript
54.4K
4.5 points
Minimax MCP Server
The MiniMax Model Context Protocol (MCP) is an official server that supports interaction with powerful text-to-speech, video/image generation APIs, and is suitable for various client tools such as Claude Desktop and Cursor.
Python
39.2K
4.8 points
Gmail MCP Server
A Gmail automatic authentication MCP server designed for Claude Desktop, supporting Gmail management through natural language interaction, including complete functions such as sending emails, label management, and batch operations.
TypeScript
19.4K
4.5 points