CodeVulnerability

Let your agent run OWASP-oriented threat scans on the codebase to catch safety leaks before release.

Overview

CodeVulnerability is a MCP server for the Ship phase that provides OWASP-oriented codebase threat scanning for coding agents via remote SSE.

What is this MCP server?

CodeVulnerability MCP audits codebases for safety leaks with OWASP-oriented threat scanning
Remote SSE endpoint at codevulnerability-mcp.vercel.app/api/mcp
Security & Pentesting category fit for pre-release appsec passes
Premium remote access may require EIP-3009 payment-signature header
MCP security scanner integration—not a hosted WAF or dependency-only bot
MCP server schema 2025-12-11
Server version 1.0.0
Single remote SSE endpoint (codevulnerability-mcp.vercel.app)

Compatible agents: Claude Code, Cursor, Codex, Windsurf

What problem does it solve?

Shipping fast with AI assistance makes it easy to miss injection, auth, and data-handling flaws until someone else finds them.

Who is it for?

Indie developers preparing a first production release who want agent-assisted security passes on their own source tree.

Skip if: Organizations needing formal pentests, compliance sign-off, or air-gapped scanning with no remote MCP.

What do I get? / Deliverables

After you add CodeVulnerability to your MCP client, your agent can trigger OWASP-style audits and surface safety issues to fix before launch.

OWASP-oriented threat and safety findings returned through MCP tools
Prioritized security fix backlog for pre-ship hardening
Configured CodeVulnerability remote server in your agent setup

Recommended MCP Servers

1Claw Vault1clawAI/1claw-mcp

1Claw Vault exposes a stdio MCP server (@1claw/mcp) that connects AI agents to HSM-backed secret storage with just-in-ti…2 stars

1passwordCakeRepository/1Password-MCP

The 1Password MCP server lets solo builders wire service-account access into Claude Code, Cursor, or other stdio MCP hos…16 stars

402sentinel Mcpkaditang/402sentinel-mcp

402 Sentinel MCP gives solo builders and agent authors a pre-flight check before honoring x402 payment flows on Base. In…1 stars

A2adependencyinspector Mcpclauxel/a2a-dependency-inspector-mcp

A2A Dependency Inspector MCP is a hosted Clauxel server for builders shipping agent-to-agent (A2A) workflows who must pr…

A2a Governance Bridge Mcp

A2A Governance Bridge is a Model Context Protocol server that exposes governance-oriented tools for multi-agent setups: …

A2aidentitytoll Mcpclauxel/a2a-identity-toll-mcp

A2A Identity Toll MCP is a Clauxel-hosted remote MCP server that acts as an identity and policy toll booth for agent-to-…

Journey fit

Primary fit

Security auditing is a gate in ship once functionality exists and you must reduce exploit risk before users touch the app. Security subphase is the canonical shelf for OWASP-style codebase scanning complementary to review and launch prep.

How it compares

OWASP-oriented codebase audit MCP, not infrastructure load simulation or catalog structuring.

Common Questions / FAQ

Who is CodeVulnerability for?

Solo builders and small teams using AI coding agents who need MCP-connected OWASP-style scanning on application code before ship.

When should I use CodeVulnerability?

Use it in the ship phase during security work—after core features are built and before production deploy—to catch safety leaks early.

How do I add CodeVulnerability to my agent?

Install the remote MCP server at https://codevulnerability-mcp.vercel.app/api/mcp with SSE transport and configure the payment-signature secret if premium settlement is required.

CodeVulnerability

Let your agent run OWASP-oriented threat scans on the codebase to catch safety leaks before release.

Overview

CodeVulnerability is a MCP server for the Ship phase that provides OWASP-oriented codebase threat scanning for coding agents via remote SSE.

What is this MCP server?

CodeVulnerability MCP audits codebases for safety leaks with OWASP-oriented threat scanning
Remote SSE endpoint at codevulnerability-mcp.vercel.app/api/mcp
Security & Pentesting category fit for pre-release appsec passes
Premium remote access may require EIP-3009 payment-signature header
MCP security scanner integration—not a hosted WAF or dependency-only bot
MCP server schema 2025-12-11
Server version 1.0.0
Single remote SSE endpoint (codevulnerability-mcp.vercel.app)

Compatible agents: Claude Code, Cursor, Codex, Windsurf

What problem does it solve?

Shipping fast with AI assistance makes it easy to miss injection, auth, and data-handling flaws until someone else finds them.

Who is it for?

Indie developers preparing a first production release who want agent-assisted security passes on their own source tree.

Skip if: Organizations needing formal pentests, compliance sign-off, or air-gapped scanning with no remote MCP.

What do I get? / Deliverables

After you add CodeVulnerability to your MCP client, your agent can trigger OWASP-style audits and surface safety issues to fix before launch.

OWASP-oriented threat and safety findings returned through MCP tools
Prioritized security fix backlog for pre-ship hardening
Configured CodeVulnerability remote server in your agent setup

Recommended MCP Servers

1Claw Vault1clawAI/1claw-mcp

1Claw Vault exposes a stdio MCP server (@1claw/mcp) that connects AI agents to HSM-backed secret storage with just-in-ti…2 stars

1passwordCakeRepository/1Password-MCP

The 1Password MCP server lets solo builders wire service-account access into Claude Code, Cursor, or other stdio MCP hos…16 stars

402sentinel Mcpkaditang/402sentinel-mcp

402 Sentinel MCP gives solo builders and agent authors a pre-flight check before honoring x402 payment flows on Base. In…1 stars

A2adependencyinspector Mcpclauxel/a2a-dependency-inspector-mcp

A2A Dependency Inspector MCP is a hosted Clauxel server for builders shipping agent-to-agent (A2A) workflows who must pr…

A2a Governance Bridge Mcp

A2A Governance Bridge is a Model Context Protocol server that exposes governance-oriented tools for multi-agent setups: …

A2aidentitytoll Mcpclauxel/a2a-identity-toll-mcp

A2A Identity Toll MCP is a Clauxel-hosted remote MCP server that acts as an identity and policy toll booth for agent-to-…

Journey fit

Primary fit

How it compares

OWASP-oriented codebase audit MCP, not infrastructure load simulation or catalog structuring.

Common Questions / FAQ

Who is CodeVulnerability for?

Solo builders and small teams using AI coding agents who need MCP-connected OWASP-style scanning on application code before ship.

When should I use CodeVulnerability?

Use it in the ship phase during security work—after core features are built and before production deploy—to catch safety leaks early.

How do I add CodeVulnerability to my agent?

Install the remote MCP server at https://codevulnerability-mcp.vercel.app/api/mcp with SSE transport and configure the payment-signature secret if premium settlement is required.

Overview

What is this MCP server?

What problem does it solve?

Who is it for?

What do I get? / Deliverables

Recommended MCP Servers

Journey fit

Who is CodeVulnerability for?

When should I use CodeVulnerability?

How do I add CodeVulnerability to my agent?

This week for builders

Overview

What is this MCP server?

What problem does it solve?

Who is it for?

What do I get? / Deliverables

Recommended MCP Servers

Journey fit

Who is CodeVulnerability for?

When should I use CodeVulnerability?

How do I add CodeVulnerability to my agent?