Summary
Wraps the ai-scanner CLI tool to expose three distinct operations: scan_directory does a full sweep for LLM SDKs, AI frameworks, exposed tokens, and hardcoded secrets with severity ratings. check_secrets runs a focused pass/fail security check that's meant for pre-commit hooks. ai_inventory catalogs which AI SDKs, frameworks, models, and API endpoints your codebase uses without looking for secrets. Covers 20+ AI-specific tokens like OpenAI and Anthropic keys, 59 generic secrets including Stripe and GitHub tokens, plus 23 LLM SDKs and 24 AI frameworks. You'd reach for this when auditing a project's AI dependencies, hunting for exposed credentials before a push, or mapping out what LLM infrastructure a codebase actually relies on.
Keep your Mac awake while Claude Code and 40+ AI agents run. Sleeps when they're idle.
One time payment $9 →
Integrate web data into your AI product. One API to scrape website & brand data.
Get API Key Now →
Agent, run crypto. Access onchain data & trade routes via 1inch.
Install now →
On Capafy, your Skill runs online 24/7 as an agent product, and you get paid every time someone uses it.
Start earning →
ai-scanner-mcp
MCP server for ai-scanner - let AI agents scan codebases for LLM usage, AI frameworks, and exposed secrets.
An MCP server that exposes ai-scanner as tools for AI agents. Works with Claude Code, Claude Desktop, Cursor, Windsurf, and any MCP-compatible client.
Tools
| Tool | Description |
|---|---|
scan_directory | Full scan — LLM SDKs, AI frameworks, exposed tokens, and hardcoded secrets with severity levels |
check_secrets | Security check — pass/fail scan for exposed credentials only. Perfect for pre-commit checks |
ai_inventory | AI stack overview — which SDKs, frameworks, models, and API endpoints are used (no secret detection) |
Setup
Claude Code
claude mcp add ai-scanner npx ai-scanner-mcp
Claude Desktop
Add to your claude_desktop_config.json:
{
"mcpServers": {
"ai-scanner": {
"command": "npx",
"args": ["ai-scanner-mcp"]
}
}
}
Config file location:
- macOS:
~/Library/Application Support/Claude/claude_desktop_config.json - Windows:
%APPDATA%\Claude\claude_desktop_config.json
Cursor
Add to .cursor/mcp.json in your project:
{
"mcpServers": {
"ai-scanner": {
"command": "npx",
"args": ["ai-scanner-mcp"]
}
}
}
Windsurf
Add to ~/.windsurf/mcp.json:
{
"mcpServers": {
"ai-scanner": {
"command": "npx",
"args": ["ai-scanner-mcp"]
}
}
}
Example Usage
Once connected, you can ask your AI agent:
- "Scan this project for any exposed API keys"
- "Check if there are any hardcoded secrets before I commit"
- "What AI SDKs and frameworks does this codebase use?"
- "Run a security scan on ./src and tell me if it's safe to push"
- "Give me an AI inventory of this project"
Tool Details
scan_directory
Full scan with all detection categories. Parameters:
| Parameter | Type | Default | Description |
|---|---|---|---|
directory | string | required | Path to scan |
ai_only | boolean | false | Skip generic secrets (Stripe, GitHub, etc.) |
scan_env | boolean | false | Include .env files |
include_endpoints | boolean | true | Detect LLM API endpoint URLs |
include_models | boolean | true | Detect model name references |
check_secrets
Security-focused pass/fail check. Parameters:
| Parameter | Type | Default | Description |
|---|---|---|---|
directory | string | required | Path to scan |
ai_only | boolean | false | Only check AI tokens |
scan_env | boolean | false | Include .env files |
ai_inventory
AI stack awareness (no secret detection). Parameters:
| Parameter | Type | Default | Description |
|---|---|---|---|
directory | string | required | Path to scan |
Detection Coverage
- AI Tokens (20+) — OpenAI, Anthropic, Google, AWS, HuggingFace, Groq, Replicate, and more
- Generic Secrets (59) — Stripe, Twilio, GitHub, Slack, Discord, database URIs, private keys, JWTs
- LLM SDKs (23) — OpenAI, Anthropic, Google Gemini, LiteLLM, AWS Bedrock, and more
- AI Frameworks (24) — LangChain, LlamaIndex, CrewAI, AutoGen, DSPy, Vercel AI SDK, and more
- 145 total detection patterns
License
Featured
Keep your Mac awake while Claude Code and 40+ AI agents run. Sleeps when they're idle.
One time payment $9 →Integrate web data into your AI product. One API to scrape website & brand data.
Get API Key Now →Agent, run crypto. Access onchain data & trade routes via 1inch.
Install now →On Capafy, your Skill runs online 24/7 as an agent product, and you get paid every time someone uses it.
Start earning →Categories
Registryactive
Packageai-scanner-mcp
TransportSTDIO
UpdatedMar 21, 2026
