npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

ai-scanner-mcp

v1.0.3

Published

MCP server for ai-scanner — scan codebases for LLM usage, AI frameworks, and exposed secrets

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

aakashbhardwaj27aakashbhardwaj27

Keywords

mcpmodel-context-protocolai-scannerllmsecuritysecretstoken-detectionclaudecursor

Readme

An MCP server that exposes ai-scanner as tools for AI agents. Works with Claude Code, Claude Desktop, Cursor, Windsurf, and any MCP-compatible client.

Tools

| Tool | Description | |---|---| | scan_directory | Full scan — LLM SDKs, AI frameworks, exposed tokens, and hardcoded secrets with severity levels | | check_secrets | Security check — pass/fail scan for exposed credentials only. Perfect for pre-commit checks | | ai_inventory | AI stack overview — which SDKs, frameworks, models, and API endpoints are used (no secret detection) |

Setup

Claude Code

claude mcp add ai-scanner npx ai-scanner-mcp

Claude Desktop

Add to your claude_desktop_config.json:

{
  "mcpServers": {
    "ai-scanner": {
      "command": "npx",
      "args": ["ai-scanner-mcp"]
    }
  }
}

Config file location:

  • macOS: ~/Library/Application Support/Claude/claude_desktop_config.json
  • Windows: %APPDATA%\Claude\claude_desktop_config.json

Cursor

Add to .cursor/mcp.json in your project:

{
  "mcpServers": {
    "ai-scanner": {
      "command": "npx",
      "args": ["ai-scanner-mcp"]
    }
  }
}

Windsurf

Add to ~/.windsurf/mcp.json:

{
  "mcpServers": {
    "ai-scanner": {
      "command": "npx",
      "args": ["ai-scanner-mcp"]
    }
  }
}

Example Usage

Once connected, you can ask your AI agent:

  • "Scan this project for any exposed API keys"
  • "Check if there are any hardcoded secrets before I commit"
  • "What AI SDKs and frameworks does this codebase use?"
  • "Run a security scan on ./src and tell me if it's safe to push"
  • "Give me an AI inventory of this project"

Tool Details

scan_directory

Full scan with all detection categories. Parameters:

| Parameter | Type | Default | Description | |---|---|---|---| | directory | string | required | Path to scan | | ai_only | boolean | false | Skip generic secrets (Stripe, GitHub, etc.) | | scan_env | boolean | false | Include .env files | | include_endpoints | boolean | true | Detect LLM API endpoint URLs | | include_models | boolean | true | Detect model name references |

check_secrets

Security-focused pass/fail check. Parameters:

| Parameter | Type | Default | Description | |---|---|---|---| | directory | string | required | Path to scan | | ai_only | boolean | false | Only check AI tokens | | scan_env | boolean | false | Include .env files |

ai_inventory

AI stack awareness (no secret detection). Parameters:

| Parameter | Type | Default | Description | |---|---|---|---| | directory | string | required | Path to scan |

Detection Coverage

  • AI Tokens (20+) — OpenAI, Anthropic, Google, AWS, HuggingFace, Groq, Replicate, and more
  • Generic Secrets (59) — Stripe, Twilio, GitHub, Slack, Discord, database URIs, private keys, JWTs
  • LLM SDKs (23) — OpenAI, Anthropic, Google Gemini, LiteLLM, AWS Bedrock, and more
  • AI Frameworks (24) — LangChain, LlamaIndex, CrewAI, AutoGen, DSPy, Vercel AI SDK, and more
  • 145 total detection patterns

License

MIT