Codesafer

AI code security scanner as a Model Context Protocol (MCP) server. Detects hidden threats in AI-generated code that traditional linters miss.

npm license: ISC Node

Website: codesafer.org  ·  MCP Clients: Claude Code, Cursor, VS Code + Copilot, Cline

---

Why CodeSafer?

AI coding assistants generate code fast — but who's checking it for hidden threats?

Recent supply-chain attacks show that malicious code can hide in ways human reviewers and traditional linters routinely miss:

• Invisible Unicode characters injected into identifiers (30+ variants)
• BiDi / Trojan Source attacks that reorder how code is displayed vs. executed (CVE-2021-42574)
• Homoglyphs — Cyrillic characters masquerading as Latin (CVE-2021-42694)
• Glassworm-style Unicode steganography hiding payloads in whitespace
• Rules file backdoors planted in .cursorrules, CLAUDE.md, and other AI config files
• Typosquatted dependencies in package.json
• Obfuscation patterns — eval + base64, reverse shells, packed payloads

CodeSafer scans for all of these before the code runs on your machine.

---

How it works

CodeSafer runs as a local MCP server. Your AI client (Claude Code, Cursor, etc.) calls its tools when reviewing or generating code, and findings are returned inline.

Hybrid detection:

1. 8 static analysis scanners — deterministic rules for known attack categories (fast, zero false-negatives on the patterns they cover).
2. CodeBERT deep analysis — transformer model classifies code chunks as malicious/benign with confidence scores. Catches obfuscated or novel patterns that static rules miss.

Nothing leaves your machine. The AI analysis runs locally against a tokenizer server.

---

Features

Capability	Details
Invisible character detection	30+ Unicode variants including Zero-Width Space, Mongolian Vowel Separator
BiDi / Trojan Source	Full CVE-2021-42574 coverage
Homoglyph detection	Cyrillic/Greek/Latin confusables (CVE-2021-42694)
Unicode steganography	Glassworm-style whitespace payloads
Rules file backdoors	Scans .cursorrules, CLAUDE.md, .claude/, Cursor rules
Dependency scanning	Typosquatting + suspicious install scripts in package.json
Obfuscation detection	eval + base64, reverse shells, packed payloads
AI deep analysis	CodeBERT transformer classifier with confidence scores
MCP native	6 MCP tools, stdio transport
Local-first	No code uploaded — runs entirely on your machine

---

MCP Tools

CodeSafer exposes six tools to your MCP client:

Tool	Purpose
scan_file	Scan a single file for hidden malicious code patterns
scan_directory	Recursively scan a directory across all source files
scan_rules_file	Scan an AI configuration/rules file for prompt injection and Rules File Backdoor attacks
check_dependencies	Check package.json for typosquatting, suspicious install scripts, and dependency risks
ai_analyze	Deep AI analysis using the trained CodeBERT model (classifies chunks as malicious/benign with confidence)
explain_finding	Get detailed explanation of a specific threat category, with attack scenarios and remediation

---

Installation

Prerequisites

• Node.js 18 or later
• An MCP-compatible client (Claude Code, Cursor, VS Code + Copilot, Cline)

From source

git clone https://github.com/goldmembrane/cleaner-code.git
cd cleaner-code
npm install
npm run build

Configure your MCP client

Claude Code (~/.claude.json or project .mcp.json):

{
  "mcpServers": {
    "codesafer": {
      "command": "node",
      "args": ["/absolute/path/to/cleaner-code/dist/index.js"]
    }
  }
}

Cursor (.cursor/mcp.json):

{
  "mcpServers": {
    "codesafer": {
      "command": "node",
      "args": ["/absolute/path/to/cleaner-code/dist/index.js"]
    }
  }
}

Restart your client, and CodeSafer tools will appear in the tool picker.

---

Usage

Once configured, ask your AI client things like:

• "Scan this file for hidden security issues."
• "Check the dependencies in package.json for typosquatting."
• "Scan .cursorrules for a rules-file backdoor."
• "Run a deep AI analysis of src/auth.ts."
• "Explain what a Trojan Source attack is and how to fix the finding above."

The client will call the appropriate MCP tool and return findings with severity, line numbers, and remediation guidance.

---

Free tier & Plans

CodeSafer is free to use. Static analysis (scan_file, scan_directory, scan_rules_file, check_dependencies, explain_finding) has no limits.

AI deep analysis (ai_analyze) includes 10 free runs per session. Paid plans for higher AI quotas are available at codesafer.org.

---

Detection categories

CodeSafer detects threats across 9 categories:

1. Invisible Unicode characters — 30+ variants including Zero-Width Space, Zero-Width Joiner
2. BiDi / Trojan Source attacks — CVE-2021-42574
3. Homoglyphs — Cyrillic/Greek characters masquerading as Latin (CVE-2021-42694)
4. Unicode steganography — Glassworm patterns in whitespace
5. Rules file backdoors — malicious instructions in .cursorrules, CLAUDE.md, etc.
6. Dependency risks — typosquatting and suspicious install scripts
7. Obfuscation patterns — eval + base64, packed payloads, reverse shells
8. Static analysis findings — 8 deterministic scanners
9. AI deep analysis — CodeBERT transformer for novel and obfuscated threats

---

Project structure

cleaner-code/
├── src/
│   ├── index.ts           # MCP server entry point
│   ├── api-server.ts      # Optional HTTP API server
│   ├── types.ts           # Scanner interfaces
│   ├── utils.ts           # File collection, summary formatting
│   └── scanner/
│       ├── invisible.ts       # Invisible Unicode scanner
│       ├── bidi.ts            # BiDi / Trojan Source scanner
│       ├── homoglyph.ts       # Homoglyph scanner
│       ├── encoding.ts        # Encoding / charset scanner
│       ├── obfuscation.ts     # Obfuscation pattern scanner
│       ├── steganography.ts   # Unicode steganography scanner
│       ├── rules-backdoor.ts  # Rules file backdoor scanner
│       ├── dependency.ts      # Dependency risk scanner
│       └── ai-analyzer.ts     # CodeBERT deep analyzer
├── ml/                    # ML model assets and tokenizer
├── functions/             # Cloud function deployments
├── deploy/                # Deployment manifests
└── web/                   # Landing page assets

---

License

ISC — see the LICENSE file for details.

---

Links

• Website: codesafer.org
• Model Context Protocol: modelcontextprotocol.io
• Report issues: GitHub Issues