Overview
What is GuardVibe?
GuardVibe is a security MCP server with 300+ security rules designed to protect AI-generated code from the first line to production deployment. It works with Claude Code, Cursor, Gemini CLI, Codex, VS Code (Copilot), Windsurf, and any MCP-compatible coding agent.
How to use GuardVibe?
Install and configure GuardVibe by adding it as an MCP server in your agent’s configuration using the command npx -y guardvibe. No account or API keys are required; scanning starts immediately with zero setup.
Key features of GuardVibe
- 300+ security rules for Next.js, Supabase, Clerk, Stripe, Prisma, and more
- 20+ tools — scan files, check code, fix vulnerabilities, export SARIF
- Zero setup — run
npx guardvibeand start scanning - 100% local execution — no account or API keys needed
- CVE detection for 20+ known vulnerable package versions
- Pre-commit hook to block insecure code before it reaches your repo
Use cases of GuardVibe
- Scan AI-generated code for security vulnerabilities before committing
- Auto-fix common security issues in web frameworks and authentication modules
- Detect prompt injection and MCP server vulnerabilities in agent workflows
- Block insecure dependencies and known CVEs during development
- Generate security policies and export findings in SARIF format
FAQ from GuardVibe
What kind of security rules does GuardVibe include?
It covers 300+ rules across 20+ modules including web, authentication, database, API, cloud, AI/LLM, supply chain, mobile, frontend, and secrets detection.
Do I need an account or API keys to use GuardVibe?
No. GuardVibe runs 100% locally, requires no account, and does not send your code anywhere.
Which coding agents does GuardVibe work with?
It works with Claude Code, Cursor, Gemini CLI, Codex, VS Code (Copilot), Windsurf, and any MCP-compatible coding agent.
How do I enable GuardVibe in my MCP configuration?
Add the following to your MCP server configuration: {"mcpServers": {"guardvibe": {"command": "npx", "args": ["-y", "guardvibe"]}}}.
Can GuardVibe automatically fix vulnerabilities?
Yes, GuardVibe provides concrete auto-fix patches that the AI agent can apply directly.