GuardX
БесплатноНе проверенA keyless, defensive code-security auditor that scans codebases for hardcoded secrets, audits dependencies for known CVEs, and checks passwords against breach d
Описание
A keyless, defensive code-security auditor that scans codebases for hardcoded secrets, audits dependencies for known CVEs, and checks passwords against breach data using k-anonymity.
README
🛡️ GuardX
A keyless, defensive (blue-team) code-security auditor for the Model Context Protocol. Let your AI assistant scan codebases for secrets, audit dependencies for known CVEs, and check passwords against breach data — all from natural language.
⚠️ Defensive use only. Every tool is read-only, privacy-preserving, and needs no API keys. Use it only on code and credentials you own or are authorized to assess.
Unlike offensive recon tools that probe live websites, this server inspects your own code and credentials — making it the blue-team companion to your red-team tooling.
Table of Contents
- Features
- Screenshots
- Installation
- Connect to an MCP Client
- Usage
- How the Privacy-Safe Password Check Works
- Tool Reference
- Project Structure
- Contributing
- License
Features
- 🔑 Secret scanning — detect hardcoded AWS keys, GitHub/Slack tokens, private keys, JWTs, and generic credentials. Findings are masked, so reports are safe to share.
- 📦 Dependency auditing — check
requirements.txt(PyPI) andpackage.json(npm) against the free OSV.dev vulnerability database. - 🔐 Breached-password check — query Have I Been Pwned using k-anonymity; the password never leaves your machine.
- 🚫 No API keys, no accounts — clone, install, run.
- 🤖 Native MCP — works with Claude Code, Claude Desktop, Gemini CLI, OpenAI Codex, Cursor, and any MCP client.
Screenshots
🔑 Scan a project for hardcoded secrets
📦 Audit dependencies against the OSV vulnerability database
🔐 Check whether a password has been breached
Installation
git clone https://github.com/harshzagade/guardx-mcp.git
cd guardx-mcp
# (recommended) create a virtual environment
python -m venv .venv
# Windows:
.venv\Scripts\activate
# macOS / Linux:
source .venv/bin/activate
pip install -r requirements.txt
Requirements: Python 3.10+ and the mcp + httpx packages (installed via requirements.txt).
Connect to an MCP Client
GuardX runs locally over stdio, so any MCP-capable client can launch it. In every example below, replace /absolute/path/to/guardx-mcp/server.py with the real path on your machine. If you used a virtual environment, point command at that env's Python (e.g. .venv/bin/python or .venv\Scripts\python.exe) instead of python.
💡 First, confirm the server starts on its own (it then waits for a client on stdin — press
Ctrl+Cto exit):python server.py
Claude Code (CLI)
Register the server with one command:
claude mcp add guardx -- python /absolute/path/to/guardx-mcp/server.py
- Add
--scope projectto write it to a shared.mcp.jsonin your repo. - Verify with
claude mcp list, then use/mcpinside Claude Code.
Claude Desktop (app)
Edit your claude_desktop_config.json:
- macOS:
~/Library/Application Support/Claude/claude_desktop_config.json - Windows:
%APPDATA%\Claude\claude_desktop_config.json
{
"mcpServers": {
"guardx": {
"command": "python",
"args": ["/absolute/path/to/guardx-mcp/server.py"]
}
}
}
Restart Claude Desktop; GuardX appears under the 🔌 tools menu.
Gemini CLI (& Gemini Code Assist)
Edit ~/.gemini/settings.json (global) or .gemini/settings.json (per-project). The Gemini Code Assist IDE extension reads the same file:
{
"mcpServers": {
"guardx": {
"command": "python",
"args": ["/absolute/path/to/guardx-mcp/server.py"]
}
}
}
Then run gemini and use /mcp to confirm the server is connected.
OpenAI Codex (CLI & IDE extension)
Codex uses TOML and shares config between the CLI and the IDE extension. Either run:
codex mcp add guardx -- python /absolute/path/to/guardx-mcp/server.py
…or hand-edit ~/.codex/config.toml ( note the underscore in mcp_servers):
[mcp_servers.guardx]
command = "python"
args = ["/absolute/path/to/guardx-mcp/server.py"]
Codex only supports local stdio MCP servers — perfect for GuardX.
Cursor / VS Code
Create .cursor/mcp.json in your project (or the global ~/.cursor/mcp.json):
{
"mcpServers": {
"guardx": {
"command": "python",
"args": ["/absolute/path/to/guardx-mcp/server.py"]
}
}
}
VS Code (with MCP support) uses the same mcpServers shape in its settings.
Windows tip: in JSON, write paths with forward slashes (
C:/Users/you/guardx-mcp/server.py) or escaped backslashes (C:\\Users\\you\\...).
Usage
Once connected, just ask your assistant in plain language:
| You say... | Tool used |
|---|---|
"Scan ./my-project for hardcoded secrets" |
scan_secrets |
"Audit requirements.txt for known vulnerabilities" |
audit_dependencies |
"Has the password password123 been pwned?" |
check_pwned_password |
How the Privacy-Safe Password Check Works
check_pwned_password follows the k-anonymity model recommended by Have I Been Pwned:
- The password is hashed locally with SHA-1.
- Only the first 5 hex characters of the hash are sent to the HIBP range API.
- The API returns all hash suffixes sharing that prefix; the match is found locally.
➡️ Your password and its full hash never leave your machine.
Tool Reference
| Tool | Signature | Description |
|---|---|---|
| Secret scanner | scan_secrets(path, max_findings=200) |
Recursively scans a file or directory for hardcoded secrets. Skips binaries and common ignore dirs (.git, node_modules, …). Returns masked findings with file and line number. |
| Dependency auditor | audit_dependencies(path) |
Parses a requirements.txt or package.json and checks each pinned dependency against OSV.dev. Returns CVE/GHSA ids and summaries. |
| Pwned-password check | check_pwned_password(password) |
Checks a password against HIBP via k-anonymity. Reports breach count without transmitting the password. |
Project Structure
guardx-mcp/
├── server.py # MCP server + the three tools
├── requirements.txt # runtime dependencies (mcp, httpx)
├── assets/ # README screenshots
├── README.md
├── LICENSE # MIT
└── .gitignore
Contributing
Contributions are welcome! Ideas: more secret patterns, additional ecosystems (Go modules, Cargo, Maven), or an SBOM export. Please keep all contributions defensive in nature. Open an issue or a pull request.
License
Released under the MIT License.
Установка GuardX
У этого сервера нет опубликованного пакета — он собирается из исходников. Открой репозиторий и следуй инструкции в README.
▸ github.com/harshzagade/Guardx-mcpFAQ
GuardX MCP бесплатный?
Да, GuardX MCP бесплатный — установка в пару кликов через Unyly без оплаты.
Нужен ли API-ключ для GuardX?
Нет, GuardX работает без API-ключей и переменных окружения.
GuardX — hosted или self-hosted?
Self-hosted: сервер запускается локально на твоей машине командой из раздела установки.
Как установить GuardX в Claude Desktop, Claude Code или Cursor?
Открой GuardX на unyly.org, выбери вкладку своего клиента (Claude Desktop, Claude Code, Cursor) и нажми Install — конфиг сгенерируется автоматически, без правки JSON.
Похожие MCP
GitHub
PRs, issues, code search, CI status
автор: GitHubFilesystem
Secure file operations with configurable access controls.
Memory
Knowledge graph-based persistent memory system.
Template MCP Server
A CLI tool to create a new Model Context Protocol server project with TypeScript support, dual transport options, and an extensible structure
автор: mcpdotdirectCompare GuardX with
Не уверен что выбрать?
Найди свой стек за 60 секунд
Автор?
Embed-бейдж для README
Похожее
Все в категории development
