MCP.so
Sign In
Servers

GuardVibe — Security MCP for Vibe Coding

@goklab

Security MCP server with 300+ rules for AI-generated code. Scans Next.js, Supabase, Clerk, Stripe, Prisma, Hono, GraphQL, and 20+ modules. Zero config, runs locally.

Overview

What is GuardVibe?

GuardVibe is a security MCP server with 300+ security rules designed to protect AI-generated code from the first line to production deployment. It works with Claude Code, Cursor, Gemini CLI, Codex, VS Code (Copilot), Windsurf, and any MCP-compatible coding agent.

How to use GuardVibe?

Install and configure GuardVibe by adding it as an MCP server in your agent’s configuration using the command npx -y guardvibe. No account or API keys are required; scanning starts immediately with zero setup.

Key features of GuardVibe

  • 300+ security rules for Next.js, Supabase, Clerk, Stripe, Prisma, and more
  • 20+ tools — scan files, check code, fix vulnerabilities, export SARIF
  • Zero setup — run npx guardvibe and start scanning
  • 100% local execution — no account or API keys needed
  • CVE detection for 20+ known vulnerable package versions
  • Pre-commit hook to block insecure code before it reaches your repo

Use cases of GuardVibe

  • Scan AI-generated code for security vulnerabilities before committing
  • Auto-fix common security issues in web frameworks and authentication modules
  • Detect prompt injection and MCP server vulnerabilities in agent workflows
  • Block insecure dependencies and known CVEs during development
  • Generate security policies and export findings in SARIF format

FAQ from GuardVibe

What kind of security rules does GuardVibe include?

It covers 300+ rules across 20+ modules including web, authentication, database, API, cloud, AI/LLM, supply chain, mobile, frontend, and secrets detection.

Do I need an account or API keys to use GuardVibe?

No. GuardVibe runs 100% locally, requires no account, and does not send your code anywhere.

Which coding agents does GuardVibe work with?

It works with Claude Code, Cursor, Gemini CLI, Codex, VS Code (Copilot), Windsurf, and any MCP-compatible coding agent.

How do I enable GuardVibe in my MCP configuration?

Add the following to your MCP server configuration: {"mcpServers": {"guardvibe": {"command": "npx", "args": ["-y", "guardvibe"]}}}.

Can GuardVibe automatically fix vulnerabilities?

Yes, GuardVibe provides concrete auto-fix patches that the AI agent can apply directly.

Tags

More from Developer Tools