- Zfuzz
Zfuzz
Zfuzz — the security engineer your AI agent never had
AI coding agents write code fast but know about security rather than scanning for it — so they ship hardcoded keys, vulnerable deps and injectable code. Zfuzz is an MCP server that plugs 10 real security tools into any agent.
Tools: scan_code (SAST, 441 rules, taint analysis, 7 languages) · scan_secrets (419+ patterns + entropy) · scan_dependencies (CVEs via OSV.dev) · scan_mcp_config & scan_skill (vet MCP configs/skills for prompt injection, booby-trapped scripts) · check_mitre · threat_model · search_security_procedures · explain_finding · reconcile_permissions.
Install: claude mcp add zfuzz -- npx -y @zfuzz/mcp — or add { "mcpServers": { "zfuzz": { "command": "npx", "args": ["-y", "@zfuzz/mcp"] } } } to any MCP
client.
Real scanners, not the model guessing. Rust · Apache-2.0 · 100% local, no account, no telemetry. Repo: https://github.com/Zfuzz-dev/zfuzz-mcp · Site: https://zfuzz.com
Server Config
{
"mcpServers": {
"zfuzz": {
"command": "npx",
"args": [
"-y",
"@zfuzz/mcp"
]
}
}
}Recommend Servers
View AllA Serper MCP Server