Back to MCP Servers

Guardvibe

Security MCP for vibe coding with 330 rules and 29 tools. Purpose-built for AI-generated code — scans Next.js, Supabase, Clerk, Stripe, Prisma, Hono, GraphQL, and 25+ modules. Cross-file taint analysis, host security audit, auto-fix, SARIF export, pre-commit hook, and CVE versio…

securitygraphqlai
By goklab
3Updated 2 days agoTypeScriptApache-2.0

Installation

npx -y guardvibe

Configuration

{
  "mcpServers": {
    "guardvibe": {
      "command": "npx",
      "args": ["-y", "guardvibe"]
    }
  }
}

How to use

  1. Run the installation command above (if needed)
  2. Open your Claude Code settings file (~/.claude/settings.json)
  3. Add the configuration to the mcpServers section
  4. Restart Claude Code to apply changes

GuardVibe

npm version License: Apache-2.0 Node.js CI npm provenance codecov

Security infrastructure your AI can't be. No matter how good your coding agent gets, it can't know the CVE published after its training cutoff, it can't deterministically guarantee the same check every run, it can't hold your whole repo in context, and it can't objectively review its own code. GuardVibe does all four — the deterministic, post-cutoff-current, whole-repo, author-independent verification layer for AI-written code.

  • 🗓️ Knows what your AI doesn't. CVE rules refreshed daily from GHSA / OSV.dev / CISA KEV — GuardVibe flags vulnerable dependencies published after your model's training cutoff. (80 CVE rules, npm run intel daily triage.)
  • 🎯 Deterministic, not probabilistic. Same code = same result, every run (content-hashed). Your AI guesses; GuardVibe doesn't.
  • 🗺️ Sees the whole repo. Cross-file taint + auth-coverage across every route — catches the unprotected endpoint your agent's narrow context missed.
  • 🔍 An independent second pair of eyes. The thing that wrote the code can't review itself. GuardVibe is the outside checker on AI-written code — in the loop while your AI codes (real-time edit hook), not after.
  • ⬅️ NEW: Starts before the first line of code. Every scanner on earth — including your agent reviewing itself — acts after the code exists. secure_prompt acts before: it analyzes the coding prompt itself, detects the stack and attack surfaces it implies, and embeds severity-ranked GuardVibe requirements into the prompt your AI executes. The vulnerability is prevented, not caught. Deterministic, zero LLM calls — and if the prompt is already secure, it passes through untouched.

The security MCP built for vibe coding. 453 security rules, 39 tools covering the entire AI-generated code journey — from the prompt itself to production deployment.

Works with Claude Code, Cursor, Gemini CLI, Codex, VS Code (Copilot), Windsurf, and any MCP-compatible coding agent.

Why a tool, when your AI is so good?

"More rules" was never the moat — a strong model already knows most security rules by heart. What it can't do is be deterministic, know the CVE published after its training cutoff, hold your whole repo in context, or objectively review the code it just wrote. Those four gaps are structural; they don't close as models improve. GuardVibe is the layer that fills them — running while your AI codes, not in a separate audit later. And since v3.19, it runs before your AI codes too: secure_prompt rewrites the task itself so the security requirements are in the prompt, not in the post-mortem.

Why GuardVibe

Most security tools are built for enterprise security teams. GuardVibe is built for you — the developer using AI to build and ship web apps fast.

  • 453 security rules, 39 tools purpose-built for the stacks AI agents generate
  • Zero setup frictionnpx guardvibe and you're scanning
  • No account required — runs 100% locally, no API keys, no cloud
  • Understands your stack — not generic SAST, but rules that know Next.js, Supabase, Stripe, Clerk, and the tools you actually use
  • CVE version intelligence — detects 80 known vulnerable package versions in package.json, refreshed every day from GHSA / OSV.dev / CISA KEV
  • AI agent & MCP security — detects MCP server vulnerabilities, tool-description prompt injection (OWASP MCP Top 10), model-controlled sandbox-disable flags, excessive AI permissions, indirect prompt injection
  • Auto-fix suggestionsfix_code tool returns concrete patches and structured edits the AI agent can apply mechanically. Coverage: hardcoded credentials → env-var migration; public-prefix LLM keys (NEXT_PUBLIC_/VITE_/EXPO_PUBLIC_/REACT_APP_) → prefix removal; CORS wildcards → env allowlist; dangerouslyAllowBrowser flags → drop; sandbox bypass flags (unsafe/noSandbox/allowEval) → drop; agent loops → add maxSteps; raw-HTML React props → <ReactMarkdown>; missing auth checks → insert auth guard; SQL injection → parameterized queries; missing rate limiters / CSRF / security headers → snippet templates.
  • Pre-commit hook — block insecure code before it reaches your repo
  • CI/CD ready — GitHub Actions workflow with SARIF upload to Security tab
  • Agent-friendly output — JSON format for AI agents, Markdown for humans, SARIF for CI/CD
  • Plugin system — extend with community or premium rule packs

New in v3.1.x

  • Daily threat-intel pipeline — rule set tracks GHSA / OSV.dev / CISA KEV every day. Latest shipments (v3.1.24 → v3.1.26) added VG1069 node-ipc protestware detection, VG1070 CI npm provenance / --ignore-scripts hardening, VG1071 axios proxy-auth redirect credential leak, VG1072 hono setCookie attribute injection, VG1073 drizzle sql.raw interpolation, VG1074 Miasma @redhat-cloud-services namespace compromise IOC (RHSB-2026-006), and VG1075 Session messenger exfil endpoint IOC (filev2.getsession.org). The hono override floor is pinned to ^4.12.21. Earlier in the v3.1.2x line: Next.js May 2026 13-advisory cluster, Drizzle ORM SQL identifier injection (CVE-2026-39356), Clerk clerkFrontendApiProxy SSRF (CVE-2026-34076), tRPC experimental_nextAppDirCaller prototype pollution (CVE-2025-68130), MikroORM SQL injection, angular-expressions filter RCE, @tanstack/* Mini Shai-Hulud supply-chain attack, Kysely JSON-path traversal, @nyariv/sandboxjs sandbox escape, OpenClaude dangerouslyDisableSandbox model-controlled flag, Strapi content-type builder SQL injection, LangSmith untrusted prompt-manifest deserialization, and more
  • OWASP MCP Top 10 alignmentVG1068 flags MCP / AI tool definitions whose description, instructions, or systemPrompt fields carry prompt-injection markers (ignore previous instructions, you are now, jailbreak mode, system prompt:, override safety, …); pair with VG1063 which catches dangerouslyDisableSandbox: true in agent runtimes
  • Inline suppress// guardvibe-ignore VG001 silences individual findings per-line
  • CLI-first approachnpx guardvibe audit, npx guardvibe scan, npx guardvibe doctor all work standalone without MCP
  • Embedded remediation planremediation_plan generates a section-by-section fix checklist after every audit
  • Score reflects all sections — security score now factors code, dependencies, config, secrets, auth coverage, and taint analysis
  • Gitignored secrets excluded — files matched by .gitignore are automatically skipped during secret scanning
  • Taint sanitizer recognition — dataflow analysis recognizes common sanitizers (DOMPurify, escape functions, parameterized queries) and stops propagation

How GuardVibe Compares

GuardVibe is purpose-built for the AI coding workflow. Traditional tools are excellent for enterprise CI/CD pipelines — GuardVibe fills a different gap.

CapabilityGuardVibeTraditional SASTDependency Scanners
Runs inside AI agents (MCP)NativeNot supportedNot supported
Zero config setupnpx guardvibeAccount + config requiredBuilt-in (limited)
Vibecoding stack rules (Next.js, Supabase, Clerk, tRPC, Hono)100+ dedicatedGeneric patternsNot applicable
AI/LLM security (prompt injection, MCP, tool abuse)68 rulesExperimental/NoneNone
AI host security (CVE-2025-59536, CVE-2026-21852)guardvibe doctorNot supportedNot supported
Auto-fix suggestions for AI agentsfix_code toolCLI autofixNot supported
CVE version detection80 packages, refreshed dailyExtensiveExtensive
Compliance mapping (SOC2, PCI-DSS, HIPAA)Built-inPaid tierNone
SARIF CI/CD exportYesYesLimited
Rule count453 (focused, 68 AI-native)5000+ (broad)N/A

When to use GuardVibe: You're building with AI agents and want security scanning integrated into your coding workflow — no dashboard, no account, no CI setup.

When to use traditional tools: You need deep AST analysis, enterprise dashboards, org-wide policy enforcement, or coverage across hundreds of languages.

Quick Start

Claude Code

npx guardvibe init claude

Creates .mcp.json MCP config (pinned to current version), .claude/settings.json auto-scan hooks, and CLAUDE.md security rules. Restart Claude Code after setup.

Cursor

npx guardvibe init cursor

Creates .cursor/mcp.json and .cursorrules with security rules. Restart Cursor after setup.

Gemini CLI

npx guardvibe init gemini

Creates ~/.gemini/settings.json MCP config and GEMINI.md security rules.

Codex (OpenAI)

codex mcp add guardvibe -- npx -y guardvibe

VS Code (GitHub Copilot)

Create .vscode/mcp.json in your project:

{
  "servers": {
    "guardvibe": {
      "command": "npx",
      "args": ["-y", "guardvibe"]
    }
  }
}

Note: VS Code uses "servers", not "mcpServers".

Windsurf

Add to ~/.codeium/windsurf/mcp_config.json:

{
  "mcpServers": {
    "guardvibe": {
      "command": "npx",
      "args": ["-y", "guardvibe"]
    }
  }
}

All platforms at once

npx guardvibe init all       # Claude + Cursor + Gemini

Pre-commit hook

npx guardvibe hook install   # Blocks commits with critical/high findings
npx guardvibe hook uninstall # Remove hook

CI/CD (GitHub Actions)

npx guardvibe ci github          # Generates .github/workflows/guardvibe.yml (SARIF scan)
npx guardvibe ci github --pr     # + a diff-aware PR review workflow that posts inline comments

What GuardVibe Scans

Application Code

Next.js App Router, Server Actions, Server Components, React, Express, Hono, tRPC, GraphQL, FastAPI, Go

Authentication & Authorization

Clerk, Auth.js (NextAuth), Supabase Auth, OAuth/OIDC (state parameter, PKCE) — middleware checks, secret exposure, session handling, SSR cookie auth, admin method protection

Database & ORM

Supabase (RLS, anon vs service role), Prisma (raw query injection, CVEs), Drizzle (SQL injection — including CVE-2026-39356 identifier-injection), MikroORM (CVE-2026-44680 runtime-identifier injection), Kysely (CVE-2026-44635 JSON-path traversal), Turso/LibSQL (client exposure, SQL injection), Convex (auth bypass, internal function exposure)

Payments

Stripe (webhook signatures, replay protection, secret keys), Polar.sh, LemonSqueezy

Third-Party Services

Resend (email HTML injection), Upstash Redis, Pinecone, PostHog, Google Analytics (PII tracking), Uploadthing (auth, file type/size)

AI / LLM Security

Prompt injection detection, LLM output sinks, system prompt leaks, MCP server SSRF/path traversal/command injection, MCP tool description prompt-injection markers (OWASP MCP Top 10 alignment, VG1068), model-controlled sandbox-disable flags (dangerouslyDisableSandbox, VG1063), AI agent unrestricted shell/database access, dangerouslyAllowBrowser, missing maxTokens, agent loop without maxSteps, AI API key client exposure, indirect prompt injection via external data, RAG/vector poisoning, public-prefix LLM key leaks (NEXT_PUBLIC_*, VITE_*, EXPO_PUBLIC_*)

AI Host Security

guardvibe doctor — unified host hardeni

View source on GitHub