mcpindex.aiv0
← Index

GhostFree

io.github.shane-js/ghostfree·v0.2.0·Security
Quality Score
95
/100

MCP server that scans your repo's dependencies for security vulnerabilities based on published CVEs.

Repository →Website →
§01  Install
Claude Desktop (claude_desktop_config.json)
{
  "mcpServers": {
    "ghostfree": {
      "command": "npx",
      "args": [
        "-y",
        "ghostfree"
      ],
      "env": {
        "GHOSTFREE_DIR": "<ghostfree_dir>",
        "GHOSTFREE_MIN_SEVERITY": "MEDIUM",
        "NVD_API_KEY": "<your-nvd_api_key>"
      }
    }
  }
}
Cursor (.cursor/mcp.json)
{
  "mcpServers": {
    "ghostfree": {
      "command": "npx",
      "args": [
        "-y",
        "ghostfree"
      ],
      "env": {
        "GHOSTFREE_DIR": "<ghostfree_dir>",
        "GHOSTFREE_MIN_SEVERITY": "MEDIUM",
        "NVD_API_KEY": "<your-nvd_api_key>"
      }
    }
  }
}
Cline (cline_mcp_settings.json)
npx -y ghostfree
§02  Environment variables
GHOSTFREE_DIR

Override the directory where GhostFree stores its data files (accepted-risks.yml, config.yml). Defaults to .ghostfree/ in the scanned repository root.

GHOSTFREE_MIN_SEVERITY

Minimum CVE severity level to surface. One of: CRITICAL, HIGH, MEDIUM (default), LOW.

NVD_API_KEY
secret

Optional NVD API key for higher rate limits when enriching CVE details. Free to request at https://nvd.nist.gov/developers/request-an-api-key.

§03  MCP Quality Score  ·  methodology
freshness
25
completeness
25
installability
25
documentation
15
stability
5
§04  Alternatives in Security
Helixar Security
ai.helixar/mcp

Security tools for AI agents: scan MCP servers, validate HDP delegation chains, audit releases.

ai.smithery/Nekzus-npm-sentinel-mcp
ai.smithery/Nekzus-npm-sentinel-mcp

Provide AI-powered real-time analysis and intelligence on NPM packages, including security, depend…

app.zenable/zenable
app.zenable/zenable

Zenable cleans up sloppy AI code and prevents vulnerabilities with deterministic guardrails