Adds six security scanning tools to your MCP client for catching threats that slip past traditional linters. Scan individual files or entire directories for invisible Unicode characters, BiDi/Trojan Source attacks, homoglyphs, and obfuscation patterns. Check package.json for typosquatted dependencies, scan AI rules files like .cursorrules and CLAUDE.md for backdoors, and run deep CodeBERT analysis on suspicious code chunks. Everything runs locally over stdio. The static scanners cover known attack patterns with deterministic rules, while the transformer model catches novel or heavily obfuscated code. Ten free AI analysis runs per session, unlimited static scans. Useful when reviewing AI generated code before merging or when auditing dependencies in supply chain sensitive projects.
claude mcp add --transport stdio io.github.goldmembrane-codesafer uvx codesafer