goldmembrane/cleaner-code

Overview

An MCP server that scans code for security threats including invisible Unicode characters, Trojan Source attacks, homoglyphs, Glassworm steganography, rules file backdoors, and dependency attacks. It combines static analysis with a CodeBERT deep learning model and runs entirely locally.

Best for

Best for
Developers and security engineers who need to vet AI-generated code for subtle, hard-to-detect attacks before deployment

Use cases

• Auditing AI-generated code for hidden malicious characters or steganographic payloads
• Preventing supply chain attacks by scanning dependencies and rules files for backdoors
• Integrating into CI/CD pipelines to catch Trojan Source and homoglyph vulnerabilities

Notes

An MCP server that scans code for security threats including invisible Unicode characters, Trojan Source attacks, homoglyphs, Glassworm steganography, rules file backdoors, and dependency attacks. It combines static analysis with a CodeBERT deep learning model and runs entirely locally.

0 stars on GitHub. Last updated 2026-05-04. Licensed MIT.

Use cases

• Auditing AI-generated code for hidden malicious characters or steganographic payloads
• Preventing supply chain attacks by scanning dependencies and rules files for backdoors
• Integrating into CI/CD pipelines to catch Trojan Source and homoglyph vulnerabilities

Pros

• Detects a broad range of obscure code-level attacks not covered by standard linters
• Runs locally without sending code to external servers, preserving privacy
• Combines static analysis with deep learning for higher detection accuracy

Cons

• Zero GitHub stars suggests limited community validation or adoption
• Written in HTML which is unusual for a security tool and may indicate a prototype or unconventional implementation
• No usage or installation documentation provided in the available facts

Indexed from awesome-mcp-servers-punkpeye and enriched against its public facts.