Frogeye Security Scanner
Run a zero-config vulnerability scan on AI-generated codebases from your agent before you ship or merge risky changes.
Overview
Frogeye Security Scanner is a MCP server for the Ship phase that scans AI-generated apps against 25K+ vulnerability patterns with zero local scanner setup.
What is this MCP server?
- Zero-config remote MCP over SSE and streamable-http endpoints
- Catalog cites 25,000+ vulnerability patterns aimed at AI-generated applications
- Hosted remotes at mcp.frogeye.ai—no local npm package required to start
- Open-source server metadata on GitHub (frogeye-ai/mcp) at version 1.5.18
- Fits agent-led review loops right before deploy or after major codegen sessions
- Advertises 25,000+ vulnerability patterns for AI-generated apps
- MCP server version 1.5.18 per server metadata
- Two hosted remotes: SSE and streamable-http on mcp.frogeye.ai
What problem does it solve?
AI-assisted code ships fast but often hides common vulnerabilities that solo builders do not have time or tooling to hunt manually.
Who is it for?
Solo builders who ship MVPs with Claude or Cursor and want a lightweight security pass without installing enterprise SAST.
Skip if: Organizations needing formal compliance sign-off, pentests, or air-gapped scanning with no third-party remote MCP.
What do I get? / Deliverables
After you connect the remote MCP endpoints, your agent can surface security findings tied to known bad patterns before you deploy or share the repo.
- Agent-invokable security scan results grounded in Frogeye’s pattern library
- Faster triage of common issues in AI-assisted projects
- Repeatable pre-ship security checks without local scanner install
Recommended MCP Servers
Journey fit
Frogeye belongs in Ship because its value is pre-release and ongoing appsec review, not greenfield feature coding or launch marketing. Security subphase matches a scanner MCP: agents invoke checks against patterns common in vibe-coded and LLM-assisted apps without standing up a separate SAST pipeline first.
How it compares
Hosted security-scan MCP remote, not a local code-review skill or generic lint formatter.
Common Questions / FAQ
Who is Frogeye Security Scanner for?
Builders and small teams shipping AI-assisted web apps who want MCP-driven security checks without configuring a traditional scanner appliance.
When should I use Frogeye Security Scanner?
Use it in Ship before release, after large agent-generated diffs, or when you suspect common misconfigurations in a fast-built codebase.
How do I add Frogeye Security Scanner to my agent?
Register the remote MCP URLs https://mcp.frogeye.ai/sse or https://mcp.frogeye.ai/mcp in your client’s MCP remotes list and invoke scan tools from your agent session.