Mcp Codeaudit

Name: Mcp Codeaudit
Author: infoinlet-marketplace

infoinlet-marketplace/marketplace

Scan local code and diffs for leaked secrets and check dependencies against OSV before you ship from an AI-assisted workflow.

Overview

mcp-codeaudit is a MCP server for the Ship phase that lets AI agents scan code and diffs for leaked secrets and check dependencies via OSV.

What is this MCP server?

Scan code and diffs for leaked secrets
Dependency vulnerability checks using OSV
Agent-invokable audit tools over MCP stdio
npm package @infoinlet/mcp-codeaudit v0.1.1
From infoinlet-marketplace/services/mcp-codeaudit
Server version 0.1.1
npm identifier @infoinlet/mcp-codeaudit
Capabilities: secret scan on code/diffs plus OSV dependency checks

Compatible agents: Claude Code, Cursor, Codex, Windsurf

What problem does it solve?

AI-generated commits and rushed releases make it easy to commit API keys or pull in vulnerable packages without a quick audit in the agent loop.

Who is it for?

Indie developers who want Claude Code or Cursor to gate PRs and releases with secrets and dependency vulnerability passes.

Skip if: Organizations needing formal compliance attestations, DAST, or full commercial SAST coverage from this MCP alone.

What do I get? / Deliverables

After MCP setup, your agent can run secret scans and OSV-backed dependency checks and surface findings before you ship.

Secret-leak findings on code and diffs via agent tools
OSV-based dependency vulnerability reports
Repeatable pre-ship security pass inside the agent session

Recommended MCP Servers

1Claw Vault1clawAI/1claw-mcp

1Claw Vault exposes a stdio MCP server (@1claw/mcp) that connects AI agents to HSM-backed secret storage with just-in-ti…2 stars

1passwordCakeRepository/1Password-MCP

The 1Password MCP server lets solo builders wire service-account access into Claude Code, Cursor, or other stdio MCP hos…16 stars

402sentinel Mcpkaditang/402sentinel-mcp

402 Sentinel MCP gives solo builders and agent authors a pre-flight check before honoring x402 payment flows on Base. In…1 stars

A2adependencyinspector Mcpclauxel/a2a-dependency-inspector-mcp

A2A Dependency Inspector MCP is a hosted Clauxel server for builders shipping agent-to-agent (A2A) workflows who must pr…

A2a Governance Bridge Mcp

A2A Governance Bridge is a Model Context Protocol server that exposes governance-oriented tools for multi-agent setups: …

A2aidentitytoll Mcpclauxel/a2a-identity-toll-mcp

A2A Identity Toll MCP is a Clauxel-hosted remote MCP server that acts as an identity and policy toll booth for agent-to-…

Journey fit

Primary fit

Pre-release security checks belong on the Ship shelf under security—right before launch when secrets and vulnerable deps hurt fastest. Codeaudit targets secret leakage in sources/diffs and dependency risk via OSV—core ship-time appsec gates for solo builders.

How it compares

Focused secrets-and-OSV MCP audit, not a complete DevSecOps platform or generic code-review skill.

Common Questions / FAQ

Who is mcp-codeaudit for?

Solo and small-team builders using MCP agents who want fast secret-leak and dependency vulnerability checks before shipping.

When should I use mcp-codeaudit?

Use it in Ship—before merging AI-assisted changes, tagging a release, or deploying when you need diff-aware secret scans and OSV dependency lookups.

How do I add mcp-codeaudit to my agent?

Install @infoinlet/mcp-codeaudit from npm, add the stdio MCP server to Claude Code, Cursor, or another MCP client, and invoke audit tools against your workspace per marketplace docs.

Mcp Codeaudit

infoinlet-marketplace/marketplace

Scan local code and diffs for leaked secrets and check dependencies against OSV before you ship from an AI-assisted workflow.

Overview

mcp-codeaudit is a MCP server for the Ship phase that lets AI agents scan code and diffs for leaked secrets and check dependencies via OSV.

What is this MCP server?

Scan code and diffs for leaked secrets
Dependency vulnerability checks using OSV
Agent-invokable audit tools over MCP stdio
npm package @infoinlet/mcp-codeaudit v0.1.1
From infoinlet-marketplace/services/mcp-codeaudit
Server version 0.1.1
npm identifier @infoinlet/mcp-codeaudit
Capabilities: secret scan on code/diffs plus OSV dependency checks

Compatible agents: Claude Code, Cursor, Codex, Windsurf

What problem does it solve?

AI-generated commits and rushed releases make it easy to commit API keys or pull in vulnerable packages without a quick audit in the agent loop.

Who is it for?

Indie developers who want Claude Code or Cursor to gate PRs and releases with secrets and dependency vulnerability passes.

Skip if: Organizations needing formal compliance attestations, DAST, or full commercial SAST coverage from this MCP alone.

What do I get? / Deliverables

After MCP setup, your agent can run secret scans and OSV-backed dependency checks and surface findings before you ship.

Secret-leak findings on code and diffs via agent tools
OSV-based dependency vulnerability reports
Repeatable pre-ship security pass inside the agent session

Recommended MCP Servers

1Claw Vault1clawAI/1claw-mcp

1Claw Vault exposes a stdio MCP server (@1claw/mcp) that connects AI agents to HSM-backed secret storage with just-in-ti…2 stars

1passwordCakeRepository/1Password-MCP

The 1Password MCP server lets solo builders wire service-account access into Claude Code, Cursor, or other stdio MCP hos…16 stars

402sentinel Mcpkaditang/402sentinel-mcp

402 Sentinel MCP gives solo builders and agent authors a pre-flight check before honoring x402 payment flows on Base. In…1 stars

A2adependencyinspector Mcpclauxel/a2a-dependency-inspector-mcp

A2A Dependency Inspector MCP is a hosted Clauxel server for builders shipping agent-to-agent (A2A) workflows who must pr…

A2a Governance Bridge Mcp

A2A Governance Bridge is a Model Context Protocol server that exposes governance-oriented tools for multi-agent setups: …

A2aidentitytoll Mcpclauxel/a2a-identity-toll-mcp

A2A Identity Toll MCP is a Clauxel-hosted remote MCP server that acts as an identity and policy toll booth for agent-to-…

Journey fit

Primary fit

How it compares

Focused secrets-and-OSV MCP audit, not a complete DevSecOps platform or generic code-review skill.

Common Questions / FAQ

Who is mcp-codeaudit for?

Solo and small-team builders using MCP agents who want fast secret-leak and dependency vulnerability checks before shipping.

When should I use mcp-codeaudit?

Use it in Ship—before merging AI-assisted changes, tagging a release, or deploying when you need diff-aware secret scans and OSV dependency lookups.

How do I add mcp-codeaudit to my agent?

Install @infoinlet/mcp-codeaudit from npm, add the stdio MCP server to Claude Code, Cursor, or another MCP client, and invoke audit tools against your workspace per marketplace docs.

Overview

What is this MCP server?

What problem does it solve?

Who is it for?

What do I get? / Deliverables

Recommended MCP Servers

Journey fit

Who is mcp-codeaudit for?

When should I use mcp-codeaudit?

How do I add mcp-codeaudit to my agent?

This week for builders

Overview

What is this MCP server?

What problem does it solve?

Who is it for?

What do I get? / Deliverables

Recommended MCP Servers

Journey fit

Who is mcp-codeaudit for?

When should I use mcp-codeaudit?

How do I add mcp-codeaudit to my agent?