Opzyai
БесплатноНе проверенLocal-first security check for AI coding agents — finds hardcoded secrets, exposed .env files, git-history leaks and vulnerable dependencies (OSV), entirely on
Описание
Local-first security check for AI coding agents — finds hardcoded secrets, exposed .env files, git-history leaks and vulnerable dependencies (OSV), entirely on your machine. Ask your agent "is this safe to ship?" and get a Launch Readiness score with a fix for every finding.
README
Source for @opzyai/mcp — an MCP server that scans the project in your workspace for the mistakes that ship secrets and vulnerabilities to production, entirely on your machine. Ask your agent "is this safe to ship?" and get a Launch Readiness score with a fix for every finding.
Built by Opzyai — security for apps built with AI tools like Cursor, Lovable, v0 and Bolt.
Install
# Claude Code
claude mcp add opzyai -- npx -y @opzyai/mcp
// Cursor / generic MCP client
{
"mcpServers": {
"opzyai": { "command": "npx", "args": ["-y", "@opzyai/mcp"] }
}
}
What it checks
One tool — security_check({ path?, offline? }) — runs four detectors:
| Detector | Catches |
|---|---|
| Working-tree secrets | API keys/tokens hardcoded in source (OpenAI, Anthropic, Stripe, Supabase service-role, AWS, GitHub, …) |
.env exposure |
env files committed or not gitignored |
| Git-history secrets | credentials committed once and "removed" — still recoverable from history |
| Dependency CVEs | known-vulnerable packages via OSV (package-lock.json, pnpm-lock.yaml, yarn.lock) |
Detection is precision-first: an explicit allowlist keeps intentionally-public values
(Stripe pk_*, Supabase anon keys) from ever being flagged.
Privacy
Everything runs locally over stdio. The only network call is the OSV dependency check —
package names + versions only, never your code — and offline: true disables even
that.
Repository layout
This is the public source mirror of the local scanner; it is developed inside the private Opzyai monorepo and synced here on each release, byte-identical.
packages/
mcp-local/ @opzyai/mcp — the MCP server published to npm
detectors/ @appsec/detectors — shared secret-detection patterns + allowlist
core/ @appsec/core — trimmed shim (shared types only; the full package is server-side)
Develop
pnpm install
pnpm typecheck && pnpm test # vitest, all packages
pnpm build # tsup → packages/mcp-local/dist/cli.js
Requires Node >= 20 and git on PATH (for the git-history detector's tests).
Related
- Free URL scan (no account): paste your deployed URL at
opzyai.com/scan — passive check for
leaked client-bundle keys, exposed
.env/.git/source maps, missing headers. - Hosted Pro MCP: deep scans of repos you own (dependency CVEs, SAST, git-history
secrets) plus
propose_fix— the exact change for your agent to apply: opzyai.com/mcp.
License
MIT © Opzyai
Установка Opzyai
У этого сервера нет опубликованного пакета — он собирается из исходников. Открой репозиторий и следуй инструкции в README.
▸ github.com/thfothijn/opzyai-mcpFAQ
Opzyai MCP бесплатный?
Да, Opzyai MCP бесплатный — установка в пару кликов через Unyly без оплаты.
Нужен ли API-ключ для Opzyai?
Нет, Opzyai работает без API-ключей и переменных окружения.
Opzyai — hosted или self-hosted?
Self-hosted: сервер запускается локально на твоей машине командой из раздела установки.
Как установить Opzyai в Claude Desktop, Claude Code или Cursor?
Открой Opzyai на unyly.org, выбери вкладку своего клиента (Claude Desktop, Claude Code, Cursor) и нажми Install — конфиг сгенерируется автоматически, без правки JSON.
Похожие MCP
GitHub
PRs, issues, code search, CI status
автор: GitHubFilesystem
Secure file operations with configurable access controls.
Memory
Knowledge graph-based persistent memory system.
Template MCP Server
A CLI tool to create a new Model Context Protocol server project with TypeScript support, dual transport options, and an extensible structure
автор: mcpdotdirectCompare Opzyai with
Не уверен что выбрать?
Найди свой стек за 60 секунд
Автор?
Embed-бейдж для README
Похожее
Все в категории development
