io.github.andrasfe/vulnicheck

io.github.andrasfe/vulnicheck·v0.1.0·Security

Quality Score

/100

HTTP MCP Server for comprehensive Python vulnerability scanning and security analysis.

Repository →

§01 Install

Claude Desktop (Docker)

{
  "mcpServers": {
    "vulnicheck": {
      "command": "docker",
      "args": [
        "run",
        "--rm",
        "-i",
        "docker.io/andrasfe/vulnicheck:main"
      ],
      "env": {
        "NVD_API_KEY": "<your-nvd_api_key>",
        "GITHUB_TOKEN": "<your-github_token>",
        "OPENAI_API_KEY": "<your-openai_api_key>",
        "ANTHROPIC_API_KEY": "<your-anthropic_api_key>",
        "MCP_PORT": "<mcp_port>",
        "CACHE_TTL": "<cache_ttl>",
        "VULNICHECK_HTTP_ONLY": "<vulnicheck_http_only>"
      }
    }
  }
}

§02 Environment variables

NVD_API_KEY

secret

API key for NIST National Vulnerability Database (increases rate limit from 5 to 50 requests per 30 seconds)

GITHUB_TOKEN

secret

GitHub token for Advisory Database access (increases rate limit to 5000 requests per hour)

OPENAI_API_KEY

secret

OpenAI API key for LLM-based risk assessment in MCP passthrough operations

ANTHROPIC_API_KEY

secret

Anthropic API key for LLM-based risk assessment (alternative to OpenAI)

MCP_PORT

Port for MCP HTTP server (default: 3000)

CACHE_TTL

Cache time-to-live in seconds for vulnerability data (default: 900)

VULNICHECK_HTTP_ONLY

Enable HTTP-only mode with MCP client delegation (true/false, default: auto-detect)

§03 MCP Quality Score · methodology

freshness

completeness

installability

documentation

stability

§04 Alternatives in Security

Helixar Security

ai.helixar/mcp

Security tools for AI agents: scan MCP servers, validate HDP delegation chains, audit releases.

ai.smithery/Nekzus-npm-sentinel-mcp

Provide AI-powered real-time analysis and intelligence on NPM packages, including security, depend…

app.zenable/zenable

Zenable cleans up sloppy AI code and prevents vulnerabilities with deterministic guardrails