Kira-Lite MCP Server

Real-time security scanning for AI coding assistants — by Offgrid Security

Kira-Lite catches vulnerabilities before code is written to disk. It integrates into your AI coding assistant via MCP (Model Context Protocol) and scans every code change for OWASP Top 10, CWEs, hardcoded secrets, and insecure patterns.

Why Kira-Lite

Security tools shouldn't live in a separate tab. Kira-Lite runs inside your AI coding assistant — the same place you write code. No context switching, no separate dashboards, no CI pipeline to wait for.

• Scans before code hits disk — vulnerabilities are caught and fixed in the same conversation
• Works where you already are — Claude Code, Cursor, Windsurf, Codex, Antigravity, or any MCP-compatible editor
• Zero config to start — one npx command, no API keys, no accounts
• Your code stays local — source code never leaves your machine; dependency scanning queries OSV.dev with package names only

Prerequisites

• Node.js >= 18
• An MCP-compatible AI coding assistant

Quick Start

npx -y @offgridsec/kira-lite-mcp

No global install needed. All IDE setups below use npx -y, which fetches the latest version automatically on every launch — you'll always be up to date.

Setup by IDE / Tool

Pick your IDE or tool below and follow the steps. Each section is self-contained.

Claude Code (CLI)

Claude Code requires three things: (1) register the MCP server, (2) add a CLAUDE.md file so Claude knows to scan automatically, and (3) add .claude/settings.local.json for auto-permissions and hook enforcement.

Step 1 — Register the MCP server (one-time, global)

claude mcp add --scope user kira-lite -- npx -y @offgridsec/kira-lite-mcp

This makes kira-lite available in every project.

Step 2 — Per-project setup

Navigate to your project directory, then copy the two config files:

macOS / Linux:

cd /path/to/your-project

# Resolve the package path via npx cache
PKG=$(node -e "console.log(require.resolve('@offgridsec/kira-lite-mcp/config/CLAUDE.md').replace('/config/CLAUDE.md',''))")

# Copy CLAUDE.md (tells Claude to scan before every write)
cp "$PKG/config/CLAUDE.md" .

# Copy settings (auto-allows kira-lite tools + adds post-write hook)
mkdir -p .claude
cp "$PKG/config/settings.local.json" .claude/settings.local.json

Windows (PowerShell):

cd C:\path\to\your-project

$pkg = Split-Path (node -e "console.log(require.resolve('@offgridsec/kira-lite-mcp/package.json'))")
Copy-Item "$pkg\config\CLAUDE.md" .
New-Item -ItemType Directory -Force .claude | Out-Null
Copy-Item "$pkg\config\settings.local.json" .claude\settings.local.json

Tip: If the package isn't cached yet, run npx -y @offgridsec/kira-lite-mcp once first to download it.

Already have a CLAUDE.md or .claude/settings.local.json? Don't overwrite them — merge manually:

Append the kira-lite instructions to the end of your existing file:

# macOS / Linux
PKG=$(node -e "console.log(require.resolve('@offgridsec/kira-lite-mcp/config/CLAUDE.md').replace('/config/CLAUDE.md',''))")
echo "" >> CLAUDE.md
cat "$PKG/config/CLAUDE.md" >> CLAUDE.md

Or manually add this block to the bottom of your CLAUDE.md:

# SECURITY SCANNING — REQUIRED ON EVERY CODE CHANGE

You MUST call the `scan_code` MCP tool before EVERY single Edit or Write tool call. No exceptions. This is not optional.

## How it works

1. Before you use Edit or Write, call `scan_code` with the code you are about to write
2. If findings are returned, fix them and call `scan_code` again
3. Only write the code after scan returns clean
4. For edits to existing files, use `scan_diff` with original and new code

## Rules

- EVERY Edit/Write MUST be preceded by a scan_code call
- If scan returns critical or high findings, DO NOT write the code
- Tell the user what you found and what you fixed
- This applies to ALL files: .js, .ts, .py, .go, .java, .rb, .php, .yaml, .tf, Dockerfile, etc.

Merge these entries into your existing file:

Add to permissions.allow array:

"mcp__kira-lite__scan_code",
"mcp__kira-lite__scan_file",
"mcp__kira-lite__scan_diff",
"mcp__kira-lite__fix_vulnerability",
"mcp__kira-lite__get_config",
"mcp__kira-lite__set_config"

Add to hooks object:

"PostToolUse": [
  {
    "matcher": "Write|Edit",
    "hooks": [
      {
        "type": "command",
        "command": "npx --yes @offgridsec/kira-lite-mcp/hook.mjs"
      }
    ]
  }
]

Example — before:

{
  "permissions": {
    "allow": [
      "Bash(npm test:*)"
    ]
  }
}

Example — after:

{
  "permissions": {
    "allow": [
      "Bash(npm test:*)",
      "mcp__kira-lite__scan_code",
      "mcp__kira-lite__scan_file",
      "mcp__kira-lite__scan_diff",
      "mcp__kira-lite__fix_vulnerability",
      "mcp__kira-lite__get_config",
      "mcp__kira-lite__set_config"
    ]
  },
  "hooks": {
    "PostToolUse": [
      {
        "matcher": "Write|Edit",
        "hooks": [
          {
            "type": "command",
            "command": "npx --yes @offgridsec/kira-lite-mcp/hook.mjs"
          }
        ]
      }
    ]
  }
}

Step 3 — Verify

Start a new Claude Code session in your project and run /mcp. You should see kira-lite listed with 7 tools. Claude will now automatically scan code before every write.

Cursor

Step 1 — Add MCP server

Open Cursor Settings > MCP and add a new server, or add this to your ~/.cursor/mcp.json (global) or .cursor/mcp.json (per-project):

{
  "mcpServers": {
    "kira-lite": {
      "command": "npx",
      "args": ["-y", "@offgridsec/kira-lite-mcp"]
    }
  }
}

Step 2 — Add project rules (recommended)

Create or append to your .cursorrules file in the project root:

# SECURITY SCANNING — REQUIRED ON EVERY CODE CHANGE

You MUST call the `scan_code` MCP tool before EVERY code change. No exceptions.

1. Before writing any code, call `scan_code` with the code you are about to write
2. If findings are returned, fix them and call `scan_code` again
3. Only write the code after scan returns clean
4. For edits to existing files, use `scan_diff` with original and new code
5. If scan returns critical or high findings, DO NOT write the code
6. Tell the user what you found and what you fixed

Step 3 — Verify

Open Cursor, start an Agent chat, and ask: "What MCP tools do you have?" You should see the kira-lite tools listed.

Windsurf

Step 1 — Add MCP server

Open Windsurf Settings > MCP and add a new server, or add this to your ~/.codeium/windsurf/mcp_config.json:

{
  "mcpServers": {
    "kira-lite": {
      "command": "npx",
      "args": ["-y", "@offgridsec/kira-lite-mcp"]
    }
  }
}

Step 2 — Add project rules (recommended)

Create or append to your .windsurfrules file in the project root:

# SECURITY SCANNING — REQUIRED ON EVERY CODE CHANGE

You MUST call the `scan_code` MCP tool before EVERY code change. No exceptions.

1. Before writing any code, call `scan_code` with the code you are about to write
2. If findings are returned, fix them and call `scan_code` again
3. Only write the code after scan returns clean
4. For edits to existing files, use `scan_diff` with original and new code
5. If scan returns critical or high findings, DO NOT write the code
6. Tell the user what you found and what you fixed

Step 3 — Verify

Start a Cascade session and ask: "What MCP tools do you have?" You should see the kira-lite tools listed.

VS Code (Copilot / GitHub Copilot)

Step 1 — Add MCP server

Add this to your .vscode/mcp.json (per-project) or user-level MCP settings:

{
  "servers": {
    "kira-lite": {
      "command": "npx",
      "args": ["-y", "@offgridsec/kira-lite-mcp"]
    }
  }
}

Step 2 — Add project instructions (recommended)

Create or append to your .github/copilot-instructions.md file:

# SECURITY SCANNING — REQUIRED ON EVERY CODE CHANGE

You MUST call the `scan_code` MCP tool before EVERY code change. No exceptions.

1. Before writing any code, call `scan_code` with the code you are about to write
2. If findings are returned, fix them and call `scan_code` again
3. Only write the code after scan returns clean
4. For edits to existing files, use `scan_diff` with original and new code
5. If scan returns critical or high findings, DO NOT write the code
6. Tell the user what you found and what you fixed

Step 3 — Verify

Open Copilot Chat in Agent mode and ask: "What MCP tools do you have?"

OpenAI Codex CLI

Step 1 — Add MCP server

Add this to your ~/.codex/config.yaml or project-level codex.yaml:

mcp_servers:
  - name: kira-lite
    command: npx
    args: ["-y", "@offgridsec/kira-lite-mcp"]

Step 2 — Add project instructions (recommended)

Create or append to your AGENTS.md file in the project root:

# SECURITY SCANNING — REQUIRED ON EVERY CODE CHANGE

You MUST call the `scan_code` MCP tool before EVERY code change. No exceptions.

1. Before writing any code, call `scan_code` with the code you are about to write
2. If findings are returned, fix them and call `scan_code` again
3. Only write the code after scan returns clean
4. For edits to existing files, use `scan_diff` with original and new code
5. If scan returns critical or high findings, DO NOT write the code
6. Tell the user what you found and what you fixed

Step 3 — Verify

Start a Codex session and ask: "What MCP tools do you have?"

Antigravity

Step 1 — Add MCP server

In Antigravity, open Settings > MCP Servers and add a new server with:

• Command: npx
• Args: -y @offgridsec/kira-lite-mcp

Or add to your MCP configuration file:

{
  "mcpServers": {
    "kira-lite": {
      "command": "npx",
      "args": ["-y", "@offgridsec/kira-lite-mcp"]
    }
  }
}

Step 2 — Add project rules (recommended)

Follow your IDE's instructions file convention (e.g., rules file or system prompt) and add:

# SECURITY SCANNING — REQUIRED ON EVERY CODE CHANGE

You MUST call the `scan_code` MCP tool before EVERY code change. No exceptions.

1. Before writing any code, call `scan_code` with the code you are about to write
2. If findings are returned, fix them and call `scan_code` again
3. Only write the code after scan returns clean
4. For edits to existing files, use `scan_diff` with original and new code
5. If scan returns critical or high findings, DO NOT write the code
6. Tell the user what you found and what you fixed

Step 3 — Verify

Start a chat and ask: "What MCP tools do you have?"

Other MCP-Compatible Clients

For any MCP-compatible tool not listed above:

Step 1 — Register the MCP server

Add this to your client's MCP configuration:

{
  "kira-lite": {
    "command": "npx",
    "args": ["-y", "@offgridsec/kira-lite-mcp"]
  }
}

The exact file location varies by client — check your tool's MCP documentation.

Step 2 — Add scanning instructions

Add the following to whatever instructions/rules file your tool supports (system prompt, rules file, etc.):

# SECURITY SCANNING — REQUIRED ON EVERY CODE CHANGE

You MUST call the `scan_code` MCP tool before EVERY code change. No exceptions.

1. Before writing any code, call `scan_code` with the code you are about to write
2. If findings are returned, fix them and call `scan_code` again
3. Only write the code after scan returns clean
4. For edits to existing files, use `scan_diff` with original and new code
5. If scan returns critical or high findings, DO NOT write the code
6. Tell the user what you found and what you fixed

Quick Reference: Instructions File by IDE

| IDE / Tool | Instructions File | MCP Config File | |------------|-------------------|-----------------| | Claude Code | CLAUDE.md (project root) | claude mcp add CLI or ~/.claude.json | | Cursor | .cursorrules (project root) | ~/.cursor/mcp.json or .cursor/mcp.json | | Windsurf | .windsurfrules (project root) | ~/.codeium/windsurf/mcp_config.json | | VS Code (Copilot) | .github/copilot-instructions.md | .vscode/mcp.json | | OpenAI Codex CLI | AGENTS.md (project root) | ~/.codex/config.yaml | | Antigravity | Check IDE docs | Check IDE docs |

MCP Tools

| Tool | Description | |------|-------------| | scan_code | Scan a code snippet before writing to disk | | scan_file | Scan an existing file on disk. Auto-triggers dependency vulnerability scanning on lockfiles | | scan_diff | Compare original vs modified code — reports only NEW vulnerabilities | | scan_dependencies | Scan project dependencies for known CVEs via OSV.dev (supports 13 lockfile formats across 11 ecosystems) | | fix_vulnerability | Get fix guidance for a specific vulnerability ID or CWE | | get_config | View current configuration and registration status | | set_config | Change scan frequency and other settings | | register | Register your email for security updates and vulnerability alerts | | skip_registration | Skip registration with a 7-day cooldown before being asked again |

Configuration

Kira-Lite supports user-configurable scan frequency via ~/.kira-lite/config.json.

Scan Modes

| Mode | Behavior | |------|----------| | "every-edit" | Scan on every scan_code / scan_diff / scan_file call (default) | | "on-save" | Only scan via scan_file (file on disk); scan_code / scan_diff return instantly | | "manual" | All scans are skipped — you must explicitly request scans |

Change scan mode

Use the set_config MCP tool:

set_config({ scanMode: "on-save" })

Or create/edit ~/.kira-lite/config.json manually:

{
  "scanMode": "on-save"
}

Check current mode

get_config()

Note: The default mode is "every-edit", which preserves the original behavior when no config file exists.

Registration (Optional)

Register your email to receive security updates — new vulnerability rules, security advisories for popular frameworks, and product updates.

What you get

| Benefit | Description | |---------|-------------| | New vulnerability rules | Get notified when Kira adds detection for new CVEs and attack patterns | | Security advisories | Early alerts for critical vulnerabilities affecting popular frameworks and libraries | | Product updates | New features, engine improvements, and expanded language support |

How it works

Registration is server-driven — no instructions file setup required. The first time you use any scan tool (scan_code, scan_file, or scan_diff), the server automatically appends a registration prompt to the scan results if you haven't registered yet. You can:

• Register — provide your email and the assistant calls register
• Skip — say "skip" and you won't be asked again for 7 days

The prompt appears once per session and respects the 7-day skip cooldown. No CLAUDE.md, .cursorrules, or other instructions file is needed to trigger registration.

Manual registration

You can also register anytime by asking your AI assistant:

Please register my email [email protected] with Kira-Lite

Or call the tool directly:

register({ email: "[email protected]" })

Data storage

• Your email is stored locally at ~/.kira-lite/profile.json
• Delete the file anytime to unregister
• No email is sent to external servers — registration is linked to your anonymous device ID via telemetry only

How It Works

Kira-Lite runs entirely on your machine using a built-in regex engine with 376 security rules — no external tools, no binaries, no compilation required. It works on every platform Node.js supports.

For dependency vulnerability scanning, Kira-Lite queries OSV.dev — your package list is sent to the OSV API, but your source code never leaves your machine.

Dependency Vulnerability Scanning

Kira-Lite scans your project's third-party dependencies for known CVEs using the OSV.dev database — the same data source behind Google's osv-scanner. No API keys, no accounts, no external tools required.

How It Works

1. Automatic — When scan_file is called on a lockfile, dependency scanning triggers automatically alongside the code scan
2. Manual — Call scan_dependencies with a project_path or lockfile_path for on-demand full scans

Supported Lockfiles

| Ecosystem | Lockfile | Languages | |-----------|----------|-----------| | npm | package-lock.json, yarn.lock, pnpm-lock.yaml | JavaScript, TypeScript | | PyPI | requirements.txt, Pipfile.lock | Python | | Go | go.sum | Go | | Maven | gradle.lockfile | Java, Kotlin | | crates.io | Cargo.lock | Rust | | RubyGems | Gemfile.lock | Ruby | | Packagist | composer.lock | PHP | | NuGet | packages.lock.json | C#, .NET, F# | | Pub | pubspec.lock | Dart, Flutter | | Hex | mix.lock | Elixir, Erlang |

What You Get

For each vulnerable dependency, Kira-Lite reports:

• Severity — Critical / High / Medium / Low (mapped from CVSS scores)
• Advisory ID — GHSA or OSV identifier
• CVE aliases — Associated CVE numbers
• Installed version — The version in your lockfile
• Fixed version — The minimum version that resolves the vulnerability
• Description — What the vulnerability is and how it can be exploited
• Remediation — Specific upgrade command to fix it

Example Output

## Kira-Lite Dependency Scan Results

**Packages scanned:** 142
**Vulnerable packages:** 2

#### [HIGH] [email protected] — Command Injection
- Advisory: GHSA-35jh-r3h4-6jhm (CVE-2021-23337)
- Fixed version: 4.17.21
- Fix: Upgrade lodash to >=4.17.21

#### [MEDIUM] [email protected] — Cross-Site Request Forgery
- Advisory: GHSA-wf5p-g6vw-rhxx (CVE-2023-45857)
- Fixed version: 1.6.0
- Fix: Upgrade axios to >=1.6.0

What It Detects

376 built-in rules across 15 languages/formats and 19 security categories, covering 45+ distinct CWEs.

At a Glance

| Metric | Count | |--------|-------| | Built-in regex rules | 376 | | Languages & formats | 15 | | Security categories | 19 | | CWEs covered | 45+ | | Secret detectors | 92 (30 core + 62 extended) | | Dependency ecosystems | 11 (npm, PyPI, Go, Maven, crates.io, RubyGems, Packagist, NuGet, Pub, Hex) | | Lockfile formats | 13 |

Severity Distribution

| Severity | Rules | Action | |----------|-------|--------| | Critical | ~145 | Block — do not write code (RCE, SQLi, hardcoded secrets, command injection) | | High | ~155 | Block — do not write code (XSS, SSRF, path traversal, privilege escalation) | | Medium | ~60 | Warn user (missing rate limiting, CORS issues, unpinned dependencies) | | Low | ~16 | Inform user (missing logging, verbose errors, debug flags) |

Standards Compliance

OWASP Top 10:2025

| OWASP ID | Category | Kira Coverage | |----------|----------|---------------| | A01 | Broken Access Control | BOLA/IDOR patterns, missing CSRF, mass assignment, CORS misconfiguration | | A02 | Security Misconfiguration | Debug mode, verbose errors, permissive CORS, default credentials | | A03 | Vulnerable & Outdated Components | Dependency CVE scanning via OSV.dev (13 lockfile formats, 11 ecosystems), unpinned dependencies, missing lockfile integrity, suspicious install scripts | | A04 | Cryptographic Failures | MD5/SHA1, ECB mode, hardcoded keys, Math.random for security, weak TLS | | A05 | Injection | SQL, command, XSS, SSTI, NoSQL, LDAP, header, log, ReDoS, SpEL injection | | A06 | Insecure Design | Fail-open patterns, missing auth checks, unrestricted file uploads | | A07 | Authentication Failures | Hardcoded credentials, missing rate limiting, JWT alg:none, insecure sessions | | A08 | Software & Data Integrity | Missing SRI hashes, unsigned CI/CD artifacts, unpinned GitHub Actions | | A09 | Logging & Monitoring Failures | Empty catch blocks, swallowed exceptions, sensitive data in logs | | A10 | Server-Side Request Forgery | User-controlled URLs in fetch/requests/axios without allowlist validation |

OWASP API Security Top 10

| API ID | Category | Kira Coverage | |--------|----------|---------------| | API1 | Broken Object Level Authorization | Direct object references without ownership validation | | API2 | Broken Authentication | Missing rate limiting on login, insecure token storage | | API3 | Broken Object Property Level Authorization | Mass assignment (Object.assign/spread from req.body) | | API4 | Unrestricted Resource Consumption | Missing pagination, GraphQL depth/complexity limits | | API5 | Broken Function Level Authorization | Missing auth middleware on endpoints | | API6 | Unrestricted Access to Sensitive Business Flows | Missing rate limiting on API routes | | API7 | Server-Side Request Forgery | SSRF via user-controlled URLs | | API8 | Security Misconfiguration | CORS wildcards, GraphQL introspection in production | | API9 | Improper Inventory Management | API keys in URLs instead of headers | | API10 | Unsafe Consumption of APIs | Disabled TLS verification, missing certificate validation |

OWASP LLM Top 10:2025

| LLM ID | Category | Kira Coverage | |--------|----------|---------------| | LLM01 | Prompt Injection | User input concatenated into prompt templates | | LLM02 | Insecure Output Handling | LLM output passed to eval/exec/SQL/shell, rendered as raw HTML | | LLM04 | Data and Model Poisoning | Unvalidated external content in embeddings | | LLM06 | Excessive Agency | Unrestricted tool access in function-calling agents |

Ref: CVE-2025-53773 (GitHub Copilot RCE, CVSS 9.6)

Security Categories

| Category | Rules | What It Catches | |----------|-------|-----------------| | Injection | 45 | SQL injection, command injection, XSS, SSTI, NoSQL injection, LDAP injection, header injection, log injection, ReDoS, Expression Language injection | | Secrets & Credentials | 93 | AWS, GitHub, GitLab, Slack, Stripe, Google, SendGrid, Twilio, npm, PyPI, Docker Hub, OpenAI, Anthropic, Azure (Storage, DevOps, SAS, App Config), Heroku, Supabase, Firebase, private keys, JWTs, connection strings, generic API keys, + 63 extended detectors: Groq, HuggingFace, Replicate, xAI/Grok, DeepSeek, ElevenLabs, Cohere (AI/ML); GCP Service Account, DigitalOcean, Fly.io, Vercel, Netlify, Alibaba Cloud (Cloud); CircleCI, Buildkite, Terraform Cloud, Pulumi, Drone, Travis (CI/CD); Discord, Telegram, Teams, Postmark, MessageBird, Vonage (Comms); PayPal, Square, Razorpay (Payments); Datadog, New Relic, Grafana, Sentry, PagerDuty, Splunk, Honeycomb, Logz.io (Monitoring); HashiCorp Vault, Portainer, ngrok (Infra); Shopify, Atlassian/Jira, Confluent, Okta, Auth0, Linear, Notion, Figma, Asana, Airtable, Bitbucket, NuGet, RubyGems (SaaS) | | Cryptography | 22 | MD5, SHA1, DES, ECB mode, Math.random/rand() for security, disabled TLS verification, weak TLS versions, timing attacks on secret comparison, hardcoded keys/IVs | | Deserialization | 15 | pickle, yaml.load, Marshal, shelve, dill, Java ObjectInputStream, XMLDecoder, PHP unserialize, BinaryFormatter (.NET), node-serialize | | Authentication & Sessions | 12 | JWT alg:none, missing cookie flags (HttpOnly/Secure/SameSite), OAuth implicit flow, missing CSRF protection, missing rate limiting on login, insecure random for tokens | | Supply Chain | 13 + OSV | Unpinned GitHub Actions (CVE-2025-30066), suspicious postinstall scripts, obfuscated install hooks, lockfile manipulation, unpinned dependencies, self-hosted runner risks, + dependency CVE scanning via OSV.dev across 11 ecosystems | | CI/CD Pipeline | 13 | Missing SHA pinning, pwn requests (pull_request_target), secrets in logs, script injection via github.event, curl|bash, overly permissive permissions, unsafe GITHUB_ENV writes, cache poisoning | | Container Security | 13 | Unpinned base images, running as root, ADD vs COPY, secrets in ENV/ARG, Docker socket mounts, privileged mode, missing HEALTHCHECK, sensitive port exposure | | Kubernetes | 18 | Privileged containers, host namespaces, dangerous capabilities (ALL/SYS_ADMIN/NET_RAW), missing resource limits, sensitive hostPath mounts, cluster-admin RBAC, wildcard permissions, hardcoded secrets in pod specs | | Infrastructure as Code | 18 | Public S3 buckets, open security groups, IAM wildcards, missing encryption (EBS/RDS/state), publicly accessible databases, hardcoded provider credentials, overly permissive Lambda roles | | API Security | 10 | BOLA/IDOR patterns, mass assignment, CORS misconfiguration, GraphQL introspection/depth/complexity, missing pagination, API keys in URLs | | AI/LLM Security | 4 | LLM output executed as code (ref: CVE-2025-53773), XSS via AI output, SQL injection via AI output, prompt injection | | Frontend & Browser | 10 | postMessage without origin check, localStorage for tokens, open redirects, Vue v-html, clickjacking, WebSocket hijacking (CSWSH), double encoding bypass, Unicode normalization | | File Operations | 8 | Path traversal, unrestricted file upload, symlink attacks, predictable temp files, world-writable permissions (chmod 777) | | Memory Safety (C/C++) | 17 | Buffer overflow (gets/strcpy/strcat/sprintf/scanf), format string vulnerabilities, integer overflow, use-after-free, dangerous functions, TOCTOU race conditions | | Encoding & Canonicalization | 3 | Double URL encoding bypass, Unicode normalization attacks, HTTP parameter pollution | | Race Conditions | 4 | TOCTOU in file operations, goroutine data races, check-then-act without locking | | Error Handling | 4 | Empty catch blocks, swallowed exceptions, missing set -e in shell, discarded error returns in Go | | Information Disclosure | 5 | Debug mode in production (Flask/Django/Rails), phpinfo(), verbose error pages, logging sensitive data |

Framework-Specific Coverage

Kira-Lite includes rules tailored to popular frameworks, catching misconfigurations that generic scanners miss:

| Framework | Key Detections | |-----------|---------------| | Django | DEBUG=True in production, hardcoded SECRET_KEY, CSRF exemptions, mass assignment (exclude vs fields), ALLOWED_HOSTS wildcard | | Flask | Debug mode enabled, hardcoded secret key, missing CSRF protection | | Spring | CSRF disabled, permitAll on sensitive endpoints, SpEL injection | | Rails | Hardcoded secret_key_base, debug breakpoints (binding.pry, byebug), permit! mass assignment | | Express.js | Missing helmet/CORS middleware, prototype pollution, NoSQL injection via req.body | | ASP.NET | Html.Raw XSS, BinaryFormatter deserialization, SqlCommand injection, disabled request validation | | Vue.js | v-html directive with dynamic content (XSS) | | React | dangerouslySetInnerHTML with unsanitized input |

Languages & Formats

| Language | Built-in Rules | Key Detections | |----------|---------------|----------------| | JavaScript / TypeScript | 144 | SQLi, XSS, command injection, prototype pollution, JWT misconfig, SSRF, NoSQL injection, CORS, eval, insecure random, timing attacks, GraphQL, OAuth, WebSocket, LLM output execution, prompt injection, supply chain, 93 secret detectors | | Python | 134 | SQLi, command injection, eval/exec, pickle/yaml/marshal deserialization, SSTI, SSRF, Django (CSRF, mass assignment, DEBUG, SECRET_KEY), Flask debug/secret, disabled TLS (verify=False), insecure random, XXE, temp file races, CORS, 93 secret detectors | | YAML (K8s, CI/CD, Docker Compose) | 124 | Privileged containers, host namespaces, dangerous capabilities, RBAC wildcards, hostPath mounts, unpinned GitHub Actions, pwn requests, secrets in logs, script injection, permissions, 93 secret detectors | | Java | 112 | SQLi, XXE, deserialization (ObjectInputStream, XMLDecoder), command injection, SSRF, weak crypto, LDAP injection, Spring Security (CSRF, permitAll), SpEL injection, disabled TLS, log injection, 93 secret detectors | | Ruby | 110 | SQLi, command injection, eval/send/constantize, mass assignment (permit!), YAML.load/Marshal.load, XSS (html_safe, raw), SSRF, CSRF skip, open redirect, hardcoded secret_key_base, 93 secret detectors | | Go | 109 | SQLi, command injection, path traversal, SSRF, weak crypto, insecure random, disabled TLS (InsecureSkipVerify), template injection, race conditions, unchecked errors, unsafe pointer, 93 secret detectors | | C# | 109 | SQLi (SqlCommand, EF Core), XSS (Html.Raw), command injection, path traversal, XXE, BinaryFormatter deserialization, weak crypto, disabled TLS, LDAP injection, CORS, mass assignment, open redirect, 93 secret detectors | | PHP | 106 | SQLi, command injection (system/exec/backticks), eval, LFI/RFI (include with user input), XSS, unserialize, extract(), file upload, deprecated mysql_*, SSRF, XXE, phpinfo(), 93 secret detectors | | Shell / Bash | 105 | eval injection, unquoted variables, curl|bash, chmod 777, predictable temp files, hardcoded credentials, SSH host key bypass, SQL in shell, missing set -e, 93 secret detectors | | JSON | 95 | Hardcoded secrets, IAM policy wildcards, suspicious install scripts in package.json, 93 secret detectors | | Terraform / HCL | 85 | Public S3 buckets, open security groups, IAM wildcards, missing encryption, publicly accessible RDS, hardcoded credentials in provider blocks, 93 secret detectors | | C / C++ | 84 | Buffer overflow (gets, strcpy, sprintf, scanf), format string, integer overflow, use-after-free, command injection (system, popen), insecure random, TOCTOU, 93 secret detectors | | Dockerfile | 78 | Unpinned base images, running as root, ADD vs COPY, secrets in ENV/ARG, Docker socket mount, curl|bash, sensitive ports, 93 secret detectors | | Rust | 67 | Secrets detection (93 detectors: API keys, private keys, connection strings, credentials, AI/ML tokens, cloud provider keys, CI/CD tokens, SaaS tokens) | | HTML | 1 | Hardcoded Google API keys |

CWE Coverage

The built-in rules map to 50+ distinct CWEs, including:

| CWE | Description | Rules | |-----|-------------|-------| | CWE-798 | Hardcoded Credentials | 90+ | | CWE-89 | SQL Injection | 15+ | | CWE-78 | OS Command Injection | 14+ | | CWE-327 | Weak Cryptography | 12+ | | CWE-502 | Insecure Deserialization | 12+ | | CWE-250 | Execution with Unnecessary Privileges | 10+ | | CWE-79 | Cross-Site Scripting (XSS) | 8+ | | CWE-94 | Code Injection | 8+ | | CWE-295 | Improper Certificate Validation | 7+ | | CWE-918 | Server-Side Request Forgery (SSRF) | 7+ | | CWE-22 | Path Traversal | 6+ | | CWE-829 | Inclusion of Untrusted Functionality | 6+ | | CWE-338 | Insecure PRNG | 5+ | | CWE-120 | Buffer Overflow | 5+ | | CWE-269 | Improper Privilege Management | 5+ | | CWE-284 | Improper Access Control | 5+ | | CWE-611 | XML External Entity (XXE) | 4+ | | CWE-352 | Cross-Site Request Forgery (CSRF) | 3+ | | CWE-1321 | Prototype Pollution | 2+ | | CWE-134 | Format String Vulnerability | 1+ | | CWE-190 | Integer Overflow | 1+ | | CWE-416 | Use After Free | 1+ |

Troubleshooting

Claude doesn't scan before writing

1. Check that CLAUDE.md exists in the project root with the kira-lite instructions
2. Verify the hook is in .claude/settings.local.json — this is the enforcement layer
3. Start a new session (CLAUDE.md is read at session start)

MCP tools not showing up

• Claude Code: Re-register with claude mcp add --scope user kira-lite -- npx -y @offgridsec/kira-lite-mcp
• Cursor / Windsurf / VS Code: Restart the IDE after adding the MCP config
• All tools: Ensure Node.js >= 18 is installed and npx is available in your PATH

"Settings Error: PostToolUse: Invalid key in record" (Claude Code)

Hooks are in the user-level settings file (~/.claude/settings.local.json). Hooks only work at project level (.claude/settings.local.json inside your project). Remove the hooks section from the user-level file and re-run Step 3.

Upgrading from an older installation

If your .claude/settings.local.json has PostToolCall or PreToolUse in the hooks section, update it to PostToolUse.

Scans returning "Skipped"

Your scan mode is set to "on-save" or "manual". Check with get_config() and change with set_config({ scanMode: "every-edit" }).

Hook fails silently (Claude Code)

Make sure Node.js can find the hook script:

node $(node -e "console.log(require.resolve('@offgridsec/kira-lite-mcp/hook.mjs'))")

If it exits with no output, it's working. If it throws an error, check the path.

Uninstall

Remove from a single project

Delete the kira-lite section from your instructions file (CLAUDE.md, .cursorrules, .windsurfrules, etc.) and remove the MCP config entry.

For Claude Code projects, also remove kira-lite entries from .claude/settings.local.json.

Remove globally

# Claude Code
claude mcp remove --scope user kira-lite

# Remove local config
rm -rf ~/.kira-lite

For Cursor/Windsurf/VS Code, remove the kira-lite entry from your MCP configuration file.

Privacy

Kira-Lite collects anonymous, non-personalized telemetry (tool usage stats, rule IDs, scan durations). No source code, file paths, or personal data is ever collected.

Opt out by setting KIRA_TELEMETRY=off in your environment.

What we collect

• Tool usage — which scan tools are called (e.g. scan_code, scan_file)
• Scan statistics — number of lines scanned, number of findings, severity counts, scan duration
• Vulnerability rule IDs and titles — which rules triggered (e.g. KIRA-JS-SQLI-001, CWE-89)
• Environment metadata — Node.js version, platform (win32/linux/darwin), Kira-Lite version
• Anonymous device ID — a randomly generated UUID stored locally at ~/.kira-lite/device-id

What we do NOT collect

• No source code — your code never leaves your machine
• No file paths — we do not log file names or directory structures
• No personal information — no names, emails, IP addresses, or account identifiers
• No code snippets — scan findings reference rule IDs only, not your actual code
• No project metadata — no repository names, branch names, or commit hashes

How to opt out

# macOS / Linux — add to ~/.bashrc or ~/.zshrc
export KIRA_TELEMETRY=off

# Windows (PowerShell)
[System.Environment]::SetEnvironmentVariable("KIRA_TELEMETRY", "off", "User")

When telemetry is off, no data is sent anywhere. Kira-Lite functions exactly the same.

Telemetry is sent to PostHog (US region) using an anonymous device ID. This ID is a random UUID generated on first run and stored locally. It cannot be traced back to you.

Questions? Reach us at [email protected].

License

Elastic License 2.0 (ELv2) — Offgrid Security