Get the FREE Ultimate OpenClaw Setup Guide →

VulScan

Security vulnerability scanner for VS Code. Scans dependencies for CVEs from NVD/OSV databases. Integrates with GitHub Copilot via Model Context Protocol. Supports npm, pip, Maven, Go, Rust, and more.

Installation
Run this command in your terminal to add the MCP server to Claude Code.
Run in terminal:
View docs
Command
claude mcp add --transport stdio abhishekrai43-vulscan-mcp python -m mcp_server

How to use

VulScan-MCP is a Python-based MCP server that analyzes your project dependencies for security vulnerabilities (CVEs) directly within the development environment. It leverages the Model Context Protocol to expose a standardized server interface that can be invoked by compatible clients, such as VS Code extensions or Copilot-assisted tooling. The server pulls vulnerability data from sources like the National Vulnerability Database (NVD) and OSV, and provides actionable guidance on mitigations and upgrade paths. To use it, ensure you have Python 3.11+ installed, then start the server (python -m mcp_server) and use the associated VS Code extension or Copilot prompts to request vulnerability scans. The extension will trigger the MCP server to scan your dependencies and present CVE details, risk levels, and remediation steps in-context.

How to install

Prerequisites:

  • Python 3.11+ installed on your system
  • Access to the VulScan-MCP repository (clone or download)

Install steps:

  1. Clone the repository: git clone https://github.com/abhishekrai43/VulScan-MCP.git cd VulScan-MCP

  2. Install Python dependencies (from requirements.txt): python -m pip install --upgrade pip python -m pip install -r requirements.txt

  3. Start the MCP server: python -m mcp_server

  4. (Optional) Install and configure the VS Code extension that integrates with VulScan-MCP and enables the Copilot-based vulnerability checks as described in the README.

Notes:

  • If you encounter module errors, ensure your Python environment is correctly configured and that dependencies are installed.
  • The server may generate logs to help diagnose issues (see troubleshooting notes in the README).

Additional notes

Tips and troubleshooting:

  • Ensure Python 3.11+ is the default Python used by the system (python --version).
  • If you see module import errors, install missing dependencies with: python -m pip install --user mcp requests
  • Logs for debugging can appear at: Windows: %TEMP%\vulscan-mcp-debug.log; macOS/Linux: /tmp/vulscan-mcp-debug.log
  • This MCP server focuses on CVE-based vulnerability reporting and is CVE-centric; it may report issues even if packages are not deprecated, as the primary concern is security vulnerabilities.
  • When updating dependencies, verify compatibility in a staging environment before deploying changes to production scans.

Related MCP Servers

Gitingest

136

mcp server for gitingest

azure-diagram

23

MCP server that turns natural-language prompts into Microsoft Azure architecture diagrams (PNG) using Python Diagrams + Graphviz.

skill-to

16

Convert AI Skills (Claude Skills format) to MCP server resources - Part of BioContextAI

scraper

6

Context-optimized MCP server for web scraping. Reduces LLM token usage by 70-90% through server-side CSS filtering and HTML-to-markdown conversion.

ros2_medkit_mcp

5

MCP server for ros2_medkit. Bridge LLM agents to the SOVD REST API for ROS 2 diagnostics and remote operations.

mcpbr

5

Model Context Protocol Benchmark Runner

Sponsor this space

Reach thousands of developers