mcp-security-hub and agent-security-scanner-mcp
These are complementary tools: the first provides offensive security testing capabilities (reconnaissance, exploitation, reverse engineering), while the second provides defensive security scanning and remediation for AI-generated code, making them useful together in a complete security testing workflow.
About mcp-security-hub
FuzzingLabs/mcp-security-hub
A growing collection of MCP servers bringing offensive security tools to AI assistants. Nmap, Ghidra, Nuclei, SQLMap, Hashcat and more.
Implements 38 modular MCP servers as production-hardened Docker containers that expose 300+ security tools through a unified natural-language interface to Claude and other AI clients. Each server wraps tools like Nuclei, SQLMap, and Radare2 with stdio transport, enabling multi-tool workflows via Docker Compose orchestration while maintaining security posture through non-root containers and automated Trivy vulnerability scanning. Supports both global Claude Desktop configuration and project-level `.mcp.json` deployments with volume mounting for file access.
About agent-security-scanner-mcp
sinewaveai/agent-security-scanner-mcp
Security scanner MCP server for AI coding agents. Prompt injection firewall, package hallucination detection (4.3M+ packages), 1000+ vulnerability rules with AST & taint analysis, auto-fix.
Combines MCP integration with CLI flexibility, supporting Claude, Cursor, Windsurf, and OpenClaw — with parallel architecture splitting lightweight regex-based scanning (81.5KB ProofLayer) from enterprise features like AST+taint analysis, cross-file data flow tracking, and LLM-powered semantic intent profiling. Generates CycloneDX SBOMs, cross-references against OSV.dev for CVEs, and includes specialized detection for autonomous AI threats (prompt jailbreaks, unicode poisoning, malware signatures).
Related comparisons
Scores updated daily from GitHub, PyPI, and npm data. How scores work