VibeCheck MCP Server

How to use

You can run the VibeCheck MCP Server from an MCP client to perform comprehensive security audits on your codebase. The server leverages real-time CWE data and package vulnerability checks to identify authentication, API, and secrets risks, as well as dependency issues. Use it for periodic scans, pre-merge checks, or continuous integration security gates.

How to install

Prerequisites: ensure you have a modern Node.js and npm environment installed on your workstation or CI runner.

Option 1: Claude Code (Recommended) from the MCP marketplace is the quickest path to get started.

/plugin marketplace add BPN-Solutions/vibecheck-mcp
/plugin install vibecheck@vibecheck

Option 2: Manual installation (CLI config)

Add the MCP server configuration to your Claude Desktop or equivalent MCP client configuration as shown.

{
  "mcpServers": {
    "vibecheck": {
      "command": "npx",
      "args": ["-y", "vibecheck-audit-mcp"]
    }
  }
}

Option 3: From source

Clone the repository, install dependencies, and build the server locally.

git clone https://github.com/BPN-Solutions/vibecheck-mcp.git
cd vibecheck-mcp
npm install && npm run build

Runtime start after installation

Start the MCP server through your chosen MCP client or by invoking the runtime as shown in the installation options. The runtime will initialize the audit tooling and connect to the configured data sources.

Additional notes

During setup, you do not need API keys for basic operation. The server uses MCP-based integration to run scans and report findings with CWE/OWASP references and remediation steps.

scan_codebase

Performs a full AI-powered security audit across code files and dependencies, enriches findings with CWE/OWASP references and remediation steps.

check_dependencies

Runs a quick dependency scan using npm audit to identify vulnerable npm packages.