Last updated
March 16, 2026
MCP profile
Github Andrasfe Vulnicheck
HTTP MCP Server for comprehensive Python vulnerability scanning and security analysis.
Security & IdentityPackageociOpen SourceExternal
Visibility
Public
ByRegistry
About This MCP Server
VulniCheck provides comprehensive security analysis for Python projects and GitHub repositories using AI-powered vulnerability detection. It runs as a Docker-based HTTP MCP server with standard HTTP streaming (no SSE required), providing secure containerized deployment with comprehensive vulnerability scanning capabilities.
Capabilities
Dependencies: requirements.txt, pyproject.toml, setup.py, lock filesContainers: Dockerfile, docker-compose.ymlSecrets: All text-based source filesGitHub: Any public or private repository URL
Tools & Endpoints
Example Workflow
cp .env.example .env
What Problems It Solves
- ✅ Scan dependencies for known vulnerabilities (requirements.txt, pyproject.toml, setup.py)
- ✅ Detect exposed secrets and credentials
- ✅ Analyze Dockerfiles for security issues
- ✅ Validate MCP configurations
- ✅ Generate AI-powered risk assessments
- ✅ Provide actionable remediation recommendations
Why Use Github Andrasfe Vulnicheck?
- Docker Deployment: Secure containerized deployment with HTTP streaming (no SSE/Server-Sent Events required)
- Optional Authentication: Supports Google OAuth 2.0 for secure access control (disabled by default)
- Production Ready: Scalable HTTP server architecture
- Comprehensive Coverage: Queries 5+ vulnerability databases (OSV.dev, NVD, GitHub Advisory, CIRCL, Safety DB)
- GitHub Integration: Scan any public/private GitHub repository directly (up to 1GB)
- AI-Powered Analysis: Uses OpenAI/Anthropic APIs for intelligent security assessment
- Secrets Detection: Finds exposed API keys, passwords, and credentials
- Docker Security: Analyzes Dockerfiles for vulnerable dependencies
- Smart Caching: Avoids redundant scans with commit-level caching
- Space Management: Automatic cleanup prevents disk exhaustion (2GB total limit)
- Zero Config: Works out of the box, enhanced with optional API keys
Limitations
- ✅ Local connections (when supported in future FastMCP versions)
- ✅ OAuth discovery endpoint works (/.well-known/oauth-protected-resource)
- ❌ HTTP transport with external clients (ChatGPT, Claude Desktop, etc.)
- ❌ Authorization endpoints return 404
- ❌ Token exchange fails
Specifications
Status
live
Industry
Security & Identity
Category
General
Server type
Package
Language
oci
License
Open Source
Verified
Yes
Requirements
- Docker
- Claude Code or any MCP client with HTTP transport support (standard HTTP, no SSE required)
- Optional: API keys for enhanced features
Hosting
Hosting Options
- Package
API
Integrate this server into your application. Choose a connection method below.
1
Install
Install command
oci
docker pull andrasfe/vulnicheck:latestPerformance
Usage
Quick Reference
- Name
- Github Andrasfe Vulnicheck
- Function
- HTTP MCP Server for comprehensive Python vulnerability scanning and security analysis.
- Transport
- Package
- Language
- oci
- Install
- docker pull andrasfe/vulnicheck:latest
- Source
- External (Registry)
- License
- Open Source
Get started
Ready to integrate this MCP server?
Book a demo to see how this server fits your workflow, or explore the full catalog.