Enterprise DNA
M MCP Servers Developer low

Synvoya/codeinspectus

by Various

Local-first MCP security scanner for AI-generated web apps.

S

MCP

Synvoya/codeinspectus

Added 13 July 2026

#ai-generated-code #ai-security #appsec #devsecops #gitleaks #local-first #mcp #opengrep

Overview

Synvoya/codeinspectus is a local-first MCP security scanner that analyzes AI-generated web applications for vulnerabilities. It runs entirely on the developer's machine, scanning code for common security issues without sending data to external servers.

Best for

Best for
Developers building AI-generated web apps who want a quick local security check before deployment.

Use cases

  • Scanning AI-generated frontend code for XSS and injection flaws
  • Integrating security checks into local development workflows via MCP
  • Auditing third-party or generated code before deployment

How to use

Install

npx codeinspectus install-engines

Tools exposed

  • codeinspectus_scan
  • codeinspectus_rescan
  • codeinspectus_compliance_report
  • codeinspectus_explain_finding
  • codeinspectus_generate_sbom
  • codeinspectus_list_rules

Tested with

Claude Code, Cursor, Windsurf, Cline, VS Code

Notes

Synvoya/codeinspectus is a local-first MCP security scanner that analyzes AI-generated web applications for vulnerabilities. It runs entirely on the developer’s machine, scanning code for common security issues without sending data to external servers.

8 stars on GitHub. Last updated 2026-07-12. Licensed MIT.

Use cases

  • Scanning AI-generated frontend code for XSS and injection flaws
  • Integrating security checks into local development workflows via MCP
  • Auditing third-party or generated code before deployment

Pros

  • Local-first design keeps sensitive code on the developer’s machine
  • Integrates with MCP-compatible tools for automated scanning
  • Lightweight TypeScript implementation with low overhead

Cons

  • Limited to web application security; does not cover infrastructure or backend
  • Relies on MCP protocol support, which may not be available in all environments
  • Small community and limited documentation due to early stage

Indexed from awesome-mcp-servers-punkpeye and enriched against its public facts.

Pros

  • Local-first design keeps sensitive code on the developer's machine
  • Integrates with MCP-compatible tools for automated scanning
  • Lightweight TypeScript implementation with low overhead

Cons

  • Limited to web application security; does not cover infrastructure or backend
  • Relies on MCP protocol support, which may not be available in all environments
  • Small community and limited documentation due to early stage

Pairs with

Other entries in the index that connect to this one. Click through to see the chain.

Free 27-page guide

Get the free Developer’s Field Guide

A 27-page field guide to the AI coding workflow with Claude. Claude Code, MCP servers, the prompt patterns that work, and what to delegate. Free.

Enter your work email. We send it straight over, plus a few short notes worth knowing. Unsubscribe any time.

No spam. Unsubscribe any time.

Running a business, not writing the code? See the MCP servers picked for operators, and get your first one wired up with us.

Operator picks