MCP.so
登录

Zfuzz

@Zfuzz-dev

关于 Zfuzz

Real security scanners for AI coding agents: SAST (441 rules), secret detection (419+ patterns), dependency CVEs, MCP/skill vetting, MITRE ATT&CK. Real scanners,

基本信息

分类

开发工具

传输方式

stdio

发布者

Zfuzz-dev

提交者

Gio

配置

使用下面的配置,将此服务器添加到你的 MCP 客户端。

{
  "mcpServers": {
    "zfuzz": {
      "command": "npx",
      "args": [
        "-y",
        "@zfuzz/mcp"
      ]
    }
  }
}

工具

未检测到工具

工具是从 README 中自动提取的。维护者可以在 ## Tools 标题下列出工具,即可填充这部分内容。

概览

What is Zfuzz?

Zfuzz is an MCP server that integrates ten real security tools into AI coding agents, enabling them to scan code, secrets, dependencies, MCP configs, and more. It runs 100% locally with no account or telemetry.

How to use Zfuzz?

Install via claude mcp add zfuzz -- npx -y @zfuzz/mcp or add the standard MCP client configuration with the command npx and args ["-y", "@zfuzz/mcp"]. No configuration keys are mentioned beyond the JSON snippet.

Key features of Zfuzz

  • Plugs 10 real security tools into any AI agent.
  • scan_code covers SAST with 441 rules, taint analysis, 7 languages.
  • scan_secrets detects 419+ patterns plus entropy analysis.
  • scan_dependencies checks CVEs via OSV.dev.
  • scan_mcp_config and scan_skill vet for prompt injection and booby-trapped scripts.
  • 100% local, no account, no telemetry.

Use cases of Zfuzz

  • Prevent AI agents from shipping hardcoded keys or vulnerable dependencies.
  • Vet MCP configurations and skills for security risks before use.
  • Perform threat modeling and MITRE ATT&CK mapping during development.
  • Search for security procedures and reconcile permissions across code.

FAQ from Zfuzz

What security tools does Zfuzz include?

It includes scan_code, scan_secrets, scan_dependencies, scan_mcp_config, scan_skill, check_mitre, threat_model, search_security_procedures, explain_finding, and reconcile_permissions.

Does Zfuzz require an internet connection or an account?

No, Zfuzz runs 100% locally with no required account and no telemetry.

What languages are supported for code scanning?

Seven languages are supported for SAST with taint analysis and 441 rules.

Is Zfuzz open source and licensed?

Yes, it is licensed under Apache-2.0 and the repository is at https://github.com/Zfuzz-dev/zfuzz-mcp.

评论

开发工具 分类下的更多 MCP 服务器