Zero-config security scanner for AI-generated apps. 25K+ vulnerability patterns. Works with Claude Code, Cursor and any MCP-compatible agent.
概要
What is Frogeye?
Frogeye is a security knowledge graph for AI-generated apps. It catches the vulnerabilities that AI coding agents introduce before like SQL injection, broken auth, exposed credentials, XSS.
Why it exists
AI coding tools (Lovable, Bolt, Cursor, Claude Code) generate vulnerable code by default. Supabase RLS disabled, raw SQL queries, hardcoded secrets — 70%+ of AI-generated apps have critical vulnerabilities. Frogeye is the security layer that should have been built in.
How it works
- Install via
npx @frogeye/connect - Your MCP-compatible agent (Claude Code, Cursor) automatically queries Frogeye during code review
- Get real-time vulnerability detection against 25,000+ patterns from real production codebases
Tools
- frogeye_search — semantic search across 25K+ vulnerability patterns
- frogeye_scan — scan code snippets for known vulnerabilities
- frogeye_learn — contribute patterns back to the knowledge graph
- frogeye_correlate — find related vulnerability patterns across your codebase
- frogeye_register — register your agent identity
Get started
Get your API key at frogeye.ai — free tier includes 25 queries/day, no credit card required.
サーバー設定
{
"mcpServers": {
"frogeye": {
"command": "npx",
"args": [
"-y",
"@frogeye/connect"
],
"env": {
"FROGEYE_API_KEY": "<YOUR_KEY>"
}
}
}
}