GuardVibe

The security MCP built for vibe coding. 300+ security rules covering the entire AI-generated code journey — from first line to production deployment.

Works with Claude Code, Cursor, Gemini CLI, Codex, VS Code (Copilot), Windsurf, and any MCP-compatible coding agent.

Quick Start

{
 "mcpServers": {
 "guardvibe": {
 "command": "npx",
 "args": ["-y", "guardvibe"]
 }
 }
}
Features
- 300+ security rules for Next.js, Supabase, Clerk, Stripe, Prisma,
Hono, GraphQL, Convex, Turso, and more
- 20+ tools — scan files, check code, fix vulnerabilities, generate
policies, export SARIF
- Zero setup — npx guardvibe and you're scanning
- No account required — runs 100% locally, no API keys
- CVE detection — 20+ known vulnerable package versions
- AI agent security — MCP server vulnerabilities, prompt injection
detection
- Auto-fix — concrete patches the AI agent can apply
- Pre-commit hook — block insecure code before it reaches your repo
20+ Security Modules
Core Web, Authentication, Database, API Security, Cloud &
Infrastructure, AI/LLM Security, Supply Chain, Mobile, Frontend,
Secrets Detection, and more.
License
Apache-2.0