mycop MCP Server

1

Add it to Claude Code

Run this in a terminal.

Run in terminal
claude mcp add mycop -- docker run --rm -v "$(pwd):/src" -w /src ghcr.io/abdumajidrashidov/mycop scan .
README.md

AI Code Security Scanner — detect and auto-fix vulnerabilities in AI code.

mycop

AI Code Security Scanner — detect and auto-fix vulnerabilities in AI-generated code.

mycop scans Python, JavaScript, TypeScript, Go, and Java codebases for security vulnerabilities using pattern matching, AST analysis, and optional AI-powered explanations and auto-fix. It ships with 200 built-in security rules covering OWASP Top 10 and CWE Top 25 categories.

Why mycop?

AI-generated code is fast, but it is not safe. Research from Veracode shows that 45% of AI-generated code contains security vulnerabilities. Copilot, ChatGPT, and other AI assistants produce functional code that often includes SQL injection, hardcoded secrets, command injection, and other critical flaws.

mycop was built specifically to solve this problem:

  • First SAST tool designed for AI-generated code -- 200 rules targeting the exact vulnerability patterns that LLMs produce most often, covering OWASP Top 10 and CWE Top 25.
  • AI-powered auto-fix, not just detection -- mycop does not just find vulnerabilities, it fixes them. The mycop fix command rewrites insecure code using AI while preserving functionality.
  • Multi-language with a single tool -- scan Python, JavaScript, TypeScript, Go, and Java codebases without juggling Bandit, ESLint, and separate configs.
  • Zero configuration -- all 200 security rules are compiled into the binary. No rule downloads, no config files, no internet connection required. Just mycop scan . and go.
  • MCP server for agentic workflows -- plug mycop directly into Claude Code, Cursor, Windsurf, and other AI coding assistants via the Model Context Protocol.
  • Free and open source -- MIT licensed, forever.

Installation

Install script (macOS / Linux)

curl -fsSL https://raw.githubusercontent.com/AbdumajidRashidov/mycop/main/install.sh | sh

Homebrew

brew install AbdumajidRashidov/tap/mycop

Cargo

cargo install mycop

Docker

docker run --rm -v "$(pwd):/src" -w /src ghcr.io/abdumajidrashidov/mycop scan .

Build from source

git clone https://github.com/AbdumajidRashidov/mycop.git
cd mycop
cargo install --path .

Quick Start

# Scan current directory
mycop scan .

# Auto-fix all vulnerabilities using AI
mycop fix .

# Deep AI security review of a single file
mycop review src/auth.py

# Initialize config for your project
mycop init

# List all security rules
mycop rules list

Commands

`mycop scan`

Scan files for security vulnerabilities.

mycop scan .                              # Scan current directory
mycop scan src/ lib/                      # Scan specific directories
mycop scan --severity high                # Only report high/critical
mycop scan --fail-on critical             # Exit 1 only on critical findings
mycop scan --format json                  # JSON output
mycop scan --format sarif                 # SARIF output (for IDE integration)
mycop scan --explain                      # AI-powered explanations
mycop scan --diff                         # Only scan git-changed files
mycop scan --fix                          # Auto-fix (same as `mycop fix`)

Exit code 1 when findings meet the --fail-on threshold (default: high).

`mycop fix`

Auto-fix security vulnerabilities using AI. Groups all findings per file, sends the entire file to an AI provider, and writes back the fixed version.

mycop fix .                               # Fix all files
mycop fix src/auth.py                     # Fix specific file
mycop fix . --severity high               # Only fix high/critical
mycop fix . --dry-run                     # Show diffs without writing
mycop fix . --ai-provider anthropic       # Force specific AI provider
mycop fix . --diff                        # Only fix git-changed files

`mycop review`

Deep AI-powered security review of a single file. Goes beyond rule matching to find logic flaws, race conditions, and architectural issues.

mycop review src/server.ts
mycop review app.py --ai-provider openai

`mycop init`

Generate a .scanrc.yml configuration file. Automatically detects your project typ

Tools (3)

scanScan files for security vulnerabilities using pattern matching and AST analysis.
fixAuto-fix security vulnerabilities using AI.
reviewPerform a deep AI-powered security review of a single file.

Configuration

claude_desktop_config.json
{"mcpServers": {"mycop": {"command": "mycop", "args": ["mcp"]}}}

Try it

Scan the current directory for high-severity security vulnerabilities.
Fix all security issues found in the src/auth.py file.
Perform a deep security review of the main application file and explain any logic flaws.
Scan the project and output the results in SARIF format for my IDE.

Frequently Asked Questions

What are the key features of mycop?

Detects vulnerabilities in Python, JavaScript, TypeScript, Go, and Java.. Includes 200 built-in security rules covering OWASP Top 10 and CWE Top 25.. AI-powered auto-fix capabilities to rewrite insecure code.. Zero-configuration binary with no external rule downloads required.. Supports SARIF and JSON output formats for IDE integration..

What can I use mycop for?

Auditing AI-generated code snippets for common flaws like SQL injection or hardcoded secrets.. Automating security compliance checks in CI/CD pipelines for multi-language projects.. Performing deep security reviews on sensitive authentication or authorization modules.. Quickly remediating security debt by using AI to suggest and apply fixes to vulnerable code..

How do I install mycop?

Install mycop by running: curl -fsSL https://raw.githubusercontent.com/AbdumajidRashidov/mycop/main/install.sh | sh

What MCP clients work with mycop?

mycop works with any MCP-compatible client including Claude Desktop, Claude Code, Cursor, and other editors with MCP support.

Turn this server into reusable context

Keep mycop docs, env vars, and workflow notes in Conare so your agent carries them across sessions.

Need the old visual installer? Open Conare IDE.
Open Conare
View all ai-tools servers →

Related MCP Servers

Skill Seekers
The data layer for AI systems.
ai-tools11.1K stars
Context Mode
The other half of the context problem.
ai-tools5.6K stars
Semiotic
A React data visualization library designed for AI-assisted development.
ai-tools2.6K stars
RocketRide
Self-hosted, open-source AI pipeline platform for MCP tools
ai-tools1.6K stars
Context+
Semantic Intelligence for Large-Scale Engineering.
ai-tools1.5K stars
ShipSwift
AI-native SwiftUI component library — production-ready code for LLMs
ai-tools1.3K stars