10 servers curated

Enhance Your AI Agent's Security Posture with MCP

Security scanning in modern development requires constant vigilance against evolving threats, from hardcoded secrets to complex injection vulnerabilities. Manually auditing codebases or running disparate CLI tools often creates friction, leading to missed vulnerabilities and delayed remediation cycles.

Model Context Protocol (MCP) servers bridge this gap by providing AI agents with direct, tool-based access to security scanners. By integrating these servers into environments like Claude Code or Cursor, developers can trigger automated audits, dependency checks, and vulnerability assessments directly within their IDE, turning the AI into a proactive security partner.

When selecting an MCP server, prioritize tools that offer clear audit trails, framework-aware analysis, and compatibility with your existing CI/CD pipeline. Look for servers that provide structured output, such as SARIF or JSON, to ensure findings can be easily parsed and acted upon by your AI agent.

Our Top Picks

Sorted by community adoption and relevance. Each server plugs into Claude Code, Cursor, or Codex in under 2 minutes.

Best Overall
S

SQL Injection MCP Server

vivashu27
0

Targeted web application injection testing

This server specializes in discovering SQL injection vulnerabilities using tools like scan_url and scan_post_parameter. It is a robust choice for testing authenticated endpoints and bypassing WAFs through various encoding strategies.

6 toolsstdiocd SQLinjector_MCP && uv sync
View setup guide
Runner Up
m

mycop

AbdumajidRashidov
7

AI-powered vulnerability detection and auto-fix

Mycop provides a zero-configuration approach to security, utilizing scan and fix tools to address OWASP Top 10 issues. It stands out for its ability to rewrite insecure code automatically across multiple languages.

3 toolsstdiocurl -fsSL https://raw.githubusercontent.com/AbdumajidRashidov/mycop/main/install.sh | sh
View setup guide
Strong Pick
V

VibeCheck

philiphess1
1

Real-time codebase security auditing

VibeCheck leverages MCP sampling to perform deep codebase analysis and dependency checks. It is ideal for developers needing real-time vulnerability definitions mapped directly to the MITRE CWE API.

2 toolsstdio/plugin marketplace add philiphess1/vibecheck-mcp && /plugin install vibecheck@vibecheck
View setup guide

Also Worth Trying

VibeCheck MCP Server

0 stars

This server focuses on the full lifecycle of a security audit, from scan_codebase to providing structured remediation steps. It is particularly useful for teams that need clear, actionable guidance on how to fix identified issues.

2 toolsBPN-Solutions

Skylos

344 stars

Skylos excels at identifying exploitable flows and hardcoded secrets in Python, TypeScript, and Go. Its framework-aware analysis for tools like FastAPI and Django makes it a top choice for modern web backends.

2 toolsduriantaco

mcpwall

2 stars

Acting as an 'iptables for MCP,' this server enforces strict, rule-based security policies. It prevents dangerous commands and unauthorized file access, ensuring your AI agent operates within a secure, sandboxed environment.

behrensd

GoThreatScope

2 stars

GoThreatScope provides a natural language interface for querying SBOMs and vulnerability data. It is highly effective for maintaining visibility into project dependencies and identifying malicious packages via OSV.dev.

4 toolsanotherik

Sentinel MCP Server

1 stars

Sentinel acts as a central hub for enterprise tools like Semgrep, Trivy, and OWASP ZAP. It is designed for complex environments requiring isolated containerized scanning and AI-powered threat modeling.

8 toolspranjal-lnct

Trust Security

0 stars

Trust Security combines DAST and SAST capabilities with over 5,000 Nuclei templates. It is best for developers who need a unified tool to handle both code-level vulnerabilities and external repository scanning.

8 toolsJaden-JJH

BinjaLattice MCP

61 stars

This server facilitates secure communication between Binary Ninja and your AI agent. It is essential for reverse engineering tasks, allowing for the extraction of pseudocode and the modification of binary databases.

5 toolsInvoke-RE

Side-by-Side Comparison

ServerStarsToolsTransportAuthor
1SQL Injection MCP Server06stdiovivashu27
2mycop73stdioAbdumajidRashidov
3VibeCheck12stdiophiliphess1
4VibeCheck MCP Server02stdioBPN-Solutions
5Skylos3442stdioduriantaco
6mcpwall20stdiobehrensd
7GoThreatScope24stdioanotherik
8Sentinel MCP Server18stdiopranjal-lnct
9Trust Security08httpJaden-JJH
10BinjaLattice MCP615stdioInvoke-RE

Keep the winning workflow in memory

Find the right server here, then save the docs, prompts, and setup rules in Conare so your agent can reuse them across clients.

Open Conare

Explore More Use Cases

Best MCP Servers for AI DevelopmentExplore 10 essential Model Context Protocol (MCP) servers to extend your AI agents with specialized tools for evaluation, memory, and CAD automation.Best MCP Servers for API TestingExplore 10 top-rated MCP servers for API testing, monitoring, and documentation. Streamline your development workflow with AI-native tool integration.Best MCP Servers for CI/CDA curated list of 10 MCP servers to streamline CI/CD, automate failure diagnosis, and manage deployments directly from your AI coding agent.Best MCP Servers for Cloud DeploymentExplore 10 essential MCP servers for cloud deployment, enabling AI agents to manage infrastructure, databases, and network configurations directly.Best MCP Servers for Code ReviewExplore 10 top-rated MCP servers designed to automate code reviews, PR generation, and security scanning for your AI coding agents.Best MCP Servers for Content GenerationExplore 10 essential MCP servers to streamline content creation, from SwiftUI UI components to automated Google Workspace and knowledge base management.
Browse all MCP servers →