Local-first security check MCP server for AI coding agents — finds hardcoded secrets, exposed .env files, secrets in git history, and vulnerable dependencies in your workspace, entirely on your machine.
Verification confirms publisher identity (repo ownership), not code safety. The security scan covers known CVEs and suspicious install scripts — it cannot prove the absence of malicious code.
Local-first security check MCP server for AI coding agents — finds hardcoded secrets, exposed .env files, secrets in git history, and vulnerable dependencies in your workspace, entirely on your machine.