Mcp Code Sanitizer

1authSTDIOregistry active

Summary

Plugs Groq's free AI API into your editor to do strict code reviews. You get six tools: analyze_code scores snippets 0-100 and lists bugs, compare_code diffs two versions and recommends merge or request changes, explain_code breaks things down by experience level, generate_tests writes pytest or jest cases, analyze_file chunks large files and parallelizes review, and generate_report outputs HTML. Ships with a GitHub Action that auto-reviews PRs and posts structured comments. Uses llama-3.3-70b by default with in-memory caching. Reach for this when you want automated security and bug scanning without leaving Claude Desktop, Cursor, or VS Code. No credit card needed for the Groq key.

CodeRabbit

AI writes the code. CodeRabbit catches the slop.

Try For Free →

Keep your Mac awake

Keep your Mac awake while Claude Code and 40+ AI agents run. Sleeps when they're idle.

One time payment $9 →

Context.dev

Integrate web data into your AI product. One API to scrape website & brand data.

Get API Key Now →

Make your agent a DeFi expert

Agent, run crypto. Access onchain data & trade routes via 1inch.

Install now →

Make money from your Skills

On Capafy, your Skill runs online 24/7 as an agent product, and you get paid every time someone uses it.

Start earning →

AppSignal

Monitor with ease. Code with confidence.

Start Free Trial →

CodeRabbit

AI writes the code. CodeRabbit catches the slop.

Try For Free →

Keep your Mac awake

Keep your Mac awake while Claude Code and 40+ AI agents run. Sleeps when they're idle.

One time payment $9 →

Context.dev

Integrate web data into your AI product. One API to scrape website & brand data.

Get API Key Now →

Make your agent a DeFi expert

Agent, run crypto. Access onchain data & trade routes via 1inch.

Install now →

Make money from your Skills

On Capafy, your Skill runs online 24/7 as an agent product, and you get paid every time someone uses it.

Start earning →

AppSignal

Monitor with ease. Code with confidence.

Start Free Trial →

mcp-code-sanitizer

Strict AI-powered code reviewer for Claude Desktop, Cursor, VS Code, and Claude Code CLI. Finds bugs, vulnerabilities, and security issues — powered by Groq (free API).

PyPI

Claude / Cursor / VS Code  ──MCP──►  code-sanitizer  ──REST──►  Groq API
                                        (server.py)              (llama-3.3-70b)

demo

Features

Tool	What it does
`analyze_code`	Strict review — bugs, security issues, score 0–100
`compare_code`	Compares two versions, detects regressions, recommends merge/request_changes
`explain_code`	Step-by-step explanation for junior / middle / senior audience
`generate_tests`	Generates pytest / jest / go test — happy path, edge cases, security
`analyze_file`	Analyzes a whole file from disk with parallel chunking
`generate_report`	Builds an HTML report from any analysis result
`cache_info`	Cache statistics and clearing

Example output

{
  "summary": "Critical SQL injection and secret exposed in logs",
  "score": 23,
  "issues": [
    {
      "severity": "critical",
      "line": 2,
      "title": "SQL Injection",
      "description": "f-string directly interpolates user_id into query",
      "fix": "cursor.execute('SELECT * FROM users WHERE id = %s', (user_id,))"
    }
  ],
  "warnings": [{"title": "No exception handling", "description": "..."}],
  "suggestions": ["Consider using an ORM instead of raw SQL"]
}

Installation

Prerequisite: Get a free Groq API key at console.groq.com/keys — no credit card required.

Claude Code CLI

claude mcp add code-sanitizer -e GROQ_API_KEY=gsk_your_key -- uvx mcp-code-sanitizer

Claude Desktop

OS	Config file
macOS	`~/Library/Application Support/Claude/claude_desktop_config.json`
Windows	`%APPDATA%\Claude\claude_desktop_config.json`
Linux	`~/.config/Claude/claude_desktop_config.json`

{
  "mcpServers": {
    "code-sanitizer": {
      "command": "uvx",
      "args": ["mcp-code-sanitizer"],
      "env": {
        "GROQ_API_KEY": "gsk_your_key_here"
      }
    }
  }
}

Cursor

Create .cursor/mcp.json in your project (or ~/.cursor/mcp.json globally):

{
  "mcpServers": {
    "code-sanitizer": {
      "command": "uvx",
      "args": ["mcp-code-sanitizer"],
      "env": {
        "GROQ_API_KEY": "gsk_your_key_here"
      }
    }
  }
}

VS Code

Requires VS Code 1.99+ with GitHub Copilot. Create .vscode/mcp.json in your project:

{
  "servers": {
    "code-sanitizer": {
      "command": "uvx",
      "args": ["mcp-code-sanitizer"],
      "env": {
        "GROQ_API_KEY": "gsk_your_key_here"
      }
    }
  }
}

Or add globally via Ctrl+Shift+P → "MCP: Add Server".

Don't have uvx? Install it with pip install uv, then use the commands above.

Manual install (alternative)

If you prefer cloning the repo:

git clone https://github.com/notasandy/mcp-code-sanitizer
cd mcp-code-sanitizer
pip install -r requirements.txt
cp .env.example .env   # add your GROQ_API_KEY
python server.py

Then point the client config to:

{
  "command": "python",
  "args": ["/full/path/to/server.py"],
  "env": { "GROQ_API_KEY": "gsk_your_key_here" }
}

GitHub Action — automatic PR review

Add AI code review to any repository in 5 lines. The action posts a structured comment on every PR with score, issues, and fix suggestions.

# .github/workflows/ai-review.yml
name: AI Code Review
on:
  pull_request:
    types: [opened, synchronize]

permissions:
  contents: read
  pull-requests: write

jobs:
  review:
    runs-on: ubuntu-latest
    steps:
      - uses: notasandy/mcp-code-sanitizer@v1
        with:
          groq_api_key: ${{ secrets.GROQ_API_KEY }}

Add GROQ_API_KEY to your repository secrets → Settings → Secrets → Actions.

The action automatically:

Reviews only changed files (up to 10 per PR)
Posts a score and structured issue list as a PR comment
Fails the check if critical issues are found

Usage in chat

After connecting, just write naturally:

Review this code for vulnerabilities:

def get_user(user_id):
    query = f"SELECT * FROM users WHERE id = {user_id}"
    return db.execute(query)

Or call tools explicitly:

analyze_file /path/to/my_script.py
generate_tests for this function: ...
compare_code — before vs after refactor, did it get better?
generate_report and save to /tmp/report.html

Architecture

mcp-code-sanitizer/
├── server.py          # FastMCP entry point
├── config.py          # Constants — keys, limits, extension map
├── groq_client.py     # Async Groq client with auto-retry on 429
├── cache.py           # In-memory LRU cache with TTL
├── prompts.py         # System prompts for all tools
└── tools/
    ├── analyze.py     # analyze_code
    ├── compare.py     # compare_code
    ├── explain.py     # explain_code
    ├── tests.py       # generate_tests
    ├── file_tool.py   # analyze_file — chunking + parallel analysis
    ├── cache_tool.py  # cache_info
    └── report.py      # generate_report — HTML output

Configuration

All settings via .env or environment variables:

Variable	Default	Description
`GROQ_API_KEY`	—	Required. Get at console.groq.com
`GROQ_MODEL`	`llama-3.3-70b-versatile`	Groq model to use
`CACHE_TTL`	`3600`	Cache TTL in seconds
`CACHE_MAX`	`200`	Max cached entries

Available Groq models

Model	Speed	Quality
`llama-3.3-70b-versatile`	Fast	Best (default)
`llama-3.1-8b-instant`	Fastest	Good
`mixtral-8x7b-32768`	Fast	Great

Contributing

PRs and Issues are welcome. Most wanted:

Support for other LLM providers (OpenAI, Anthropic)
New tools: dependency audit, complexity score, docstring generator
Prompt improvements and new language support

License

MIT — do whatever you want. A star would be appreciated.

Links

Featured

CodeRabbit

AI writes the code. CodeRabbit catches the slop.

Try For Free →

Keep your Mac awake

Keep your Mac awake while Claude Code and 40+ AI agents run. Sleeps when they're idle.

One time payment $9 →

Context.dev

Integrate web data into your AI product. One API to scrape website & brand data.

Get API Key Now →

Make your agent a DeFi expert

Agent, run crypto. Access onchain data & trade routes via 1inch.

Install now →

Make money from your Skills

On Capafy, your Skill runs online 24/7 as an agent product, and you get paid every time someone uses it.

Start earning →

AppSignal

Monitor with ease. Code with confidence.

Start Free Trial →

Configuration

GROQ_API_KEY*secret

Groq API key from console.groq.com/keys

Registryactive

Packagemcp-code-sanitizer

TransportSTDIO

AuthRequired

UpdatedMay 4, 2026

View on GitHub

mcp-code-sanitizer

Strict AI-powered code reviewer for Claude Desktop, Cursor, VS Code, and Claude Code CLI. Finds bugs, vulnerabilities, and security issues — powered by Groq (free API).

PyPI

Claude / Cursor / VS Code  ──MCP──►  code-sanitizer  ──REST──►  Groq API
                                        (server.py)              (llama-3.3-70b)

demo

Features

Tool	What it does
`analyze_code`	Strict review — bugs, security issues, score 0–100
`compare_code`	Compares two versions, detects regressions, recommends merge/request_changes
`explain_code`	Step-by-step explanation for junior / middle / senior audience
`generate_tests`	Generates pytest / jest / go test — happy path, edge cases, security
`analyze_file`	Analyzes a whole file from disk with parallel chunking
`generate_report`	Builds an HTML report from any analysis result
`cache_info`	Cache statistics and clearing

Example output

{
  "summary": "Critical SQL injection and secret exposed in logs",
  "score": 23,
  "issues": [
    {
      "severity": "critical",
      "line": 2,
      "title": "SQL Injection",
      "description": "f-string directly interpolates user_id into query",
      "fix": "cursor.execute('SELECT * FROM users WHERE id = %s', (user_id,))"
    }
  ],
  "warnings": [{"title": "No exception handling", "description": "..."}],
  "suggestions": ["Consider using an ORM instead of raw SQL"]
}

Installation

Prerequisite: Get a free Groq API key at console.groq.com/keys — no credit card required.

Claude Code CLI

claude mcp add code-sanitizer -e GROQ_API_KEY=gsk_your_key -- uvx mcp-code-sanitizer

Claude Desktop

OS	Config file
macOS	`~/Library/Application Support/Claude/claude_desktop_config.json`
Windows	`%APPDATA%\Claude\claude_desktop_config.json`
Linux	`~/.config/Claude/claude_desktop_config.json`

{
  "mcpServers": {
    "code-sanitizer": {
      "command": "uvx",
      "args": ["mcp-code-sanitizer"],
      "env": {
        "GROQ_API_KEY": "gsk_your_key_here"
      }
    }
  }
}

Cursor

Create .cursor/mcp.json in your project (or ~/.cursor/mcp.json globally):

{
  "mcpServers": {
    "code-sanitizer": {
      "command": "uvx",
      "args": ["mcp-code-sanitizer"],
      "env": {
        "GROQ_API_KEY": "gsk_your_key_here"
      }
    }
  }
}

VS Code

Requires VS Code 1.99+ with GitHub Copilot. Create .vscode/mcp.json in your project:

{
  "servers": {
    "code-sanitizer": {
      "command": "uvx",
      "args": ["mcp-code-sanitizer"],
      "env": {
        "GROQ_API_KEY": "gsk_your_key_here"
      }
    }
  }
}

Or add globally via Ctrl+Shift+P → "MCP: Add Server".

Don't have uvx? Install it with pip install uv, then use the commands above.

Manual install (alternative)

If you prefer cloning the repo:

git clone https://github.com/notasandy/mcp-code-sanitizer
cd mcp-code-sanitizer
pip install -r requirements.txt
cp .env.example .env   # add your GROQ_API_KEY
python server.py

Then point the client config to:

{
  "command": "python",
  "args": ["/full/path/to/server.py"],
  "env": { "GROQ_API_KEY": "gsk_your_key_here" }
}

GitHub Action — automatic PR review

Add AI code review to any repository in 5 lines. The action posts a structured comment on every PR with score, issues, and fix suggestions.

# .github/workflows/ai-review.yml
name: AI Code Review
on:
  pull_request:
    types: [opened, synchronize]

permissions:
  contents: read
  pull-requests: write

jobs:
  review:
    runs-on: ubuntu-latest
    steps:
      - uses: notasandy/mcp-code-sanitizer@v1
        with:
          groq_api_key: ${{ secrets.GROQ_API_KEY }}

Add GROQ_API_KEY to your repository secrets → Settings → Secrets → Actions.

The action automatically:

Reviews only changed files (up to 10 per PR)
Posts a score and structured issue list as a PR comment
Fails the check if critical issues are found

Usage in chat

After connecting, just write naturally:

Review this code for vulnerabilities:

def get_user(user_id):
    query = f"SELECT * FROM users WHERE id = {user_id}"
    return db.execute(query)

Or call tools explicitly:

analyze_file /path/to/my_script.py
generate_tests for this function: ...
compare_code — before vs after refactor, did it get better?
generate_report and save to /tmp/report.html

Architecture

mcp-code-sanitizer/
├── server.py          # FastMCP entry point
├── config.py          # Constants — keys, limits, extension map
├── groq_client.py     # Async Groq client with auto-retry on 429
├── cache.py           # In-memory LRU cache with TTL
├── prompts.py         # System prompts for all tools
└── tools/
    ├── analyze.py     # analyze_code
    ├── compare.py     # compare_code
    ├── explain.py     # explain_code
    ├── tests.py       # generate_tests
    ├── file_tool.py   # analyze_file — chunking + parallel analysis
    ├── cache_tool.py  # cache_info
    └── report.py      # generate_report — HTML output

Configuration

All settings via .env or environment variables:

Variable	Default	Description
`GROQ_API_KEY`	—	Required. Get at console.groq.com
`GROQ_MODEL`	`llama-3.3-70b-versatile`	Groq model to use
`CACHE_TTL`	`3600`	Cache TTL in seconds
`CACHE_MAX`	`200`	Max cached entries

Available Groq models

Model	Speed	Quality
`llama-3.3-70b-versatile`	Fast	Best (default)
`llama-3.1-8b-instant`	Fastest	Good
`mixtral-8x7b-32768`	Fast	Great

Contributing

PRs and Issues are welcome. Most wanted:

Support for other LLM providers (OpenAI, Anthropic)
New tools: dependency audit, complexity score, docstring generator
Prompt improvements and new language support

License

MIT — do whatever you want. A star would be appreciated.