Zfuzz
@Zfuzz-dev
About Zfuzz
Real security scanners for AI coding agents: SAST (441 rules), secret detection (419+ patterns), dependency CVEs, MCP/skill vetting, MITRE ATT&CK. Real scanners,
Basic information
Config
Add this server to your MCP-compatible client using the configuration below.
{
"mcpServers": {
"zfuzz": {
"command": "npx",
"args": [
"-y",
"@zfuzz/mcp"
]
}
}
}Tools
No tools detected
We auto-extract tools from the README. The maintainer can list them under a ## Tools heading to populate this section.
Overview
What is Zfuzz?
Zfuzz is an MCP server that integrates ten real security tools into AI coding agents, enabling them to scan code, secrets, dependencies, MCP configs, and more. It runs 100% locally with no account or telemetry.
How to use Zfuzz?
Install via claude mcp add zfuzz -- npx -y @zfuzz/mcp or add the standard MCP client configuration with the command npx and args ["-y", "@zfuzz/mcp"]. No configuration keys are mentioned beyond the JSON snippet.
Key features of Zfuzz
- Plugs 10 real security tools into any AI agent.
- scan_code covers SAST with 441 rules, taint analysis, 7 languages.
- scan_secrets detects 419+ patterns plus entropy analysis.
- scan_dependencies checks CVEs via OSV.dev.
- scan_mcp_config and scan_skill vet for prompt injection and booby-trapped scripts.
- 100% local, no account, no telemetry.
Use cases of Zfuzz
- Prevent AI agents from shipping hardcoded keys or vulnerable dependencies.
- Vet MCP configurations and skills for security risks before use.
- Perform threat modeling and MITRE ATT&CK mapping during development.
- Search for security procedures and reconcile permissions across code.
FAQ from Zfuzz
What security tools does Zfuzz include?
It includes scan_code, scan_secrets, scan_dependencies, scan_mcp_config, scan_skill, check_mitre, threat_model, search_security_procedures, explain_finding, and reconcile_permissions.
Does Zfuzz require an internet connection or an account?
No, Zfuzz runs 100% locally with no required account and no telemetry.
What languages are supported for code scanning?
Seven languages are supported for SAST with taint analysis and 441 rules.
Is Zfuzz open source and licensed?
Yes, it is licensed under Apache-2.0 and the repository is at https://github.com/Zfuzz-dev/zfuzz-mcp.
More Developer Tools MCP servers
mcp-excalidraw
yctimlinMCP server and Claude Code skill for Excalidraw — programmatic canvas toolkit to create, edit, and export diagrams via AI agents with real-time canvas sync.
Code Index MCP
johnhuang316A Model Context Protocol (MCP) server that helps large language models index, search, and analyze code repositories with minimal setup
Grafana MCP server
grafanaMCP server for Grafana
Golf
golf-mcpProduction-Ready MCP Server Framework • Build, deploy & scale secure AI agent infrastructure • Includes Auth, Observability, Debugger, Telemetry & Runtime • Run real-world MCPs powering AI Agents
MCP Containers
metorialConnect any AI model to 1200+ integrations (MCP, CLI, API)
Comments