A security scanner purpose-built for MCP servers and AI skill files that produces OWASP AIVSS vulnerability scores without executing your code. It runs six detection engines in parallel (regex, YARA, Semgrep, LLM semantic analysis, and optional Docker sandbox) to catch 48 known AVE vulnerabilities, then chains findings together to detect toxic flows like credential exfiltration. The eight-layer false positive reduction strips code fences, detects negation context in docs, and supports justified suppression with audit trails and expiry dates. Outputs include per-finding remediation reports, conformance grades from A+ to F, and git-committed rug pull detection via pinned hashes. Install via pip and scan directories, individual files, or remote MCP manifests without spinning up servers.
claude mcp add --transport stdio bawbel-bawbel-scanner uvx bawbel-scanner