Security●●Solid
MCP-scan – Security scanner for MCP server configs
First security scanner for MCP configs as the protocol gains adoption.
Niche GemShip It
AbanoubRodolf
102mo ago
Back to browse
Code Scalpel – AST analyzer and security scanner (MCP server)
by digitalbyooki·Feb 18, 2026·2 points·0 comments
AI Analysis
●●SolidWizardryNiche Gem
The Take
It turns real program analysis — ASTs, cross-file dependency graphs, taint tracking and Z3 symbolic paths — into callable MCP tools for agents, not just another prettier linter. Concrete features like simulate_refactor, generate_unit_tests from symbolic paths, and cross-file security_scan give it a distinct technical voice. The <10% false-positive claim and heavy test coverage are promising, but I'd want to see results on large, messy repos before swapping out existing scanners.
Category
Target Audience
Developers and security engineers using AI agents or CI to analyze and refactor codebases
Post Description
I built Code Scalpel as an MCP server for code analysis. It parses
Python, JavaScript, TypeScript, and Java - builds control flow graphs
and catches security bugs using taint analysis and symbolic execution.
Security detection: - 16+ vulnerability types (SQL/NoSQL/LDAP injection, XSS, command injection, SSRF, CSRF, SSTI, prototype pollution, weak crypto, etc.) - Taint tracking across files - <10% false positive rate - Z3 symbolic execution for path analysis
The MCP part exposes 23 tools that let AI agents analyze code: - security_scan, cross_file_security_scan - symbolic_execute (Z3-based path exploration) - generate_unit_tests (test gen from symbolic paths) - simulate_refactor (behavior preservation check) - code_policy_check (compliance verification)
CLI works standalone too. No-install usage: uvx codescalpel mcp
Or: pip install codescalpel
Testing was important - 7,297 test cases with 94.86% coverage.
What I'm curious about: - Is <10% false positive rate good enough for AppSec teams? - What other security checks would help? - Interest in expanding to Go/Rust/C++?
Target users: Individual developers (cost reduction story), security engineers (OWASP Top 10 evaluation), team leads (ROI analytics), enterprise architects (SOC2/ISO compliance).
Repo: https://github.com/3D-Tech-Solutions/code-scalpel
MIT licensed, actively maintained. Feedback welcome!
Similar Projects
Developer Tools●●Solid
Sephera – AST-compressed context packs and native MCP server in Rust
Tree-sitter AST compression cuts LLM context tokens 50-70% while preserving API structure.
Big BrainNiche Gem
reimisdev
202mo ago
AI/ML●●●Banger
An MCP server that fact-checks AI bug diagnoses against AST evidence
Forces LLMs to debug with AST evidence instead of pattern-matching symptoms.
Big BrainSolve My Problem
EruditeCoder108
311mo ago
Developer Tools●●●Banger
Vibe-coded your repo? Drift finds the architecture problems
Catches AI code debt deterministically with AST analysis when linters only check style.
Solve My ProblemBig BrainDark Horse
sauremilk
102mo ago
Security●Mid
We audited 914 K8s PRs for AI slop with a zero-upload AST firewall
Audit report without the actual tool repo — methodology is interesting, but where's The Janitor?
Bold Bet
GhrammR
102mo ago
Developer Tools●●Solid
I Built Context+ AST and Embeddings for Codebase Understanding
AST + embeddings for codebase search—but Sourcegraph Cody, Cursor, and Continue already solve this.
Ship It
forloopcodes
103mo ago