Synvoya/codeinspectus
by Various
Local-first MCP security scanner for AI-generated web apps.
MCP
Synvoya/codeinspectus
Added 13 July 2026
Overview
Synvoya/codeinspectus is a local-first MCP security scanner that analyzes AI-generated web applications for vulnerabilities. It runs entirely on the developer's machine, scanning code for common security issues without sending data to external servers.
Best for
Best for
Developers building AI-generated web apps who want a quick local security check before deployment.
Use cases
- Scanning AI-generated frontend code for XSS and injection flaws
- Integrating security checks into local development workflows via MCP
- Auditing third-party or generated code before deployment
How to use
Install
npx codeinspectus install-engines Tools exposed
codeinspectus_scancodeinspectus_rescancodeinspectus_compliance_reportcodeinspectus_explain_findingcodeinspectus_generate_sbomcodeinspectus_list_rules
Tested with
Claude Code, Cursor, Windsurf, Cline, VS Code
Notes
Synvoya/codeinspectus is a local-first MCP security scanner that analyzes AI-generated web applications for vulnerabilities. It runs entirely on the developer’s machine, scanning code for common security issues without sending data to external servers.
8 stars on GitHub. Last updated 2026-07-12. Licensed MIT.
Use cases
- Scanning AI-generated frontend code for XSS and injection flaws
- Integrating security checks into local development workflows via MCP
- Auditing third-party or generated code before deployment
Pros
- Local-first design keeps sensitive code on the developer’s machine
- Integrates with MCP-compatible tools for automated scanning
- Lightweight TypeScript implementation with low overhead
Cons
- Limited to web application security; does not cover infrastructure or backend
- Relies on MCP protocol support, which may not be available in all environments
- Small community and limited documentation due to early stage
Indexed from awesome-mcp-servers-punkpeye and enriched against its public facts.
Pros
- Local-first design keeps sensitive code on the developer's machine
- Integrates with MCP-compatible tools for automated scanning
- Lightweight TypeScript implementation with low overhead
Cons
- Limited to web application security; does not cover infrastructure or backend
- Relies on MCP protocol support, which may not be available in all environments
- Small community and limited documentation due to early stage
Pairs with
Other entries in the index that connect to this one. Click through to see the chain.
Get the free Developer’s Field Guide
A 27-page field guide to the AI coding workflow with Claude. Claude Code, MCP servers, the prompt patterns that work, and what to delegate. Free.
Enter your work email. We send it straight over, plus a few short notes worth knowing. Unsubscribe any time.