codesafer

codesafer

CodeSafer is an MCP server that scans AI-generated code for 9 categories of hidden security threats — including invisible Unicode, Trojan Source, homoglyphs, and rules file backdoors — using static analysis plus CodeBERT deep learning. Runs locally, free tier available.

Category
访问服务器

README

CodeSafer (cleaner-code)

AI code security scanner as a Model Context Protocol (MCP) server. Detects hidden threats in AI-generated code that traditional linters miss.

npm license: ISC Node

Website: codesafer.org  ·  MCP Clients: Claude Code, Cursor, VS Code + Copilot, Cline


Why CodeSafer?

AI coding assistants generate code fast — but who's checking it for hidden threats?

Recent supply-chain attacks show that malicious code can hide in ways human reviewers and traditional linters routinely miss:

  • Invisible Unicode characters injected into identifiers (30+ variants)
  • BiDi / Trojan Source attacks that reorder how code is displayed vs. executed (CVE-2021-42574)
  • Homoglyphs — Cyrillic characters masquerading as Latin (CVE-2021-42694)
  • Glassworm-style Unicode steganography hiding payloads in whitespace
  • Rules file backdoors planted in .cursorrules, CLAUDE.md, and other AI config files
  • Typosquatted dependencies in package.json
  • Obfuscation patternseval + base64, reverse shells, packed payloads

CodeSafer scans for all of these before the code runs on your machine.


How it works

CodeSafer runs as a local MCP server. Your AI client (Claude Code, Cursor, etc.) calls its tools when reviewing or generating code, and findings are returned inline.

Hybrid detection:

  1. 8 static analysis scanners — deterministic rules for known attack categories (fast, zero false-negatives on the patterns they cover).
  2. CodeBERT deep analysis — transformer model classifies code chunks as malicious/benign with confidence scores. Catches obfuscated or novel patterns that static rules miss.

Nothing leaves your machine. The AI analysis runs locally against a tokenizer server.


Features

Capability Details
Invisible character detection 30+ Unicode variants including Zero-Width Space, Mongolian Vowel Separator
BiDi / Trojan Source Full CVE-2021-42574 coverage
Homoglyph detection Cyrillic/Greek/Latin confusables (CVE-2021-42694)
Unicode steganography Glassworm-style whitespace payloads
Rules file backdoors Scans .cursorrules, CLAUDE.md, .claude/, Cursor rules
Dependency scanning Typosquatting + suspicious install scripts in package.json
Obfuscation detection eval + base64, reverse shells, packed payloads
AI deep analysis CodeBERT transformer classifier with confidence scores
MCP native 6 MCP tools, stdio transport
Local-first No code uploaded — runs entirely on your machine

MCP Tools

CodeSafer exposes six tools to your MCP client:

Tool Purpose
scan_file Scan a single file for hidden malicious code patterns
scan_directory Recursively scan a directory across all source files
scan_rules_file Scan an AI configuration/rules file for prompt injection and Rules File Backdoor attacks
check_dependencies Check package.json for typosquatting, suspicious install scripts, and dependency risks
ai_analyze Deep AI analysis using the trained CodeBERT model (classifies chunks as malicious/benign with confidence)
explain_finding Get detailed explanation of a specific threat category, with attack scenarios and remediation

Installation

Prerequisites

  • Node.js 18 or later
  • An MCP-compatible client (Claude Code, Cursor, VS Code + Copilot, Cline)

From source

git clone https://github.com/goldmembrane/cleaner-code.git
cd cleaner-code
npm install
npm run build

Configure your MCP client

Claude Code (~/.claude.json or project .mcp.json):

{
  "mcpServers": {
    "codesafer": {
      "command": "node",
      "args": ["/absolute/path/to/cleaner-code/dist/index.js"]
    }
  }
}

Cursor (.cursor/mcp.json):

{
  "mcpServers": {
    "codesafer": {
      "command": "node",
      "args": ["/absolute/path/to/cleaner-code/dist/index.js"]
    }
  }
}

Restart your client, and CodeSafer tools will appear in the tool picker.


Usage

Once configured, ask your AI client things like:

  • "Scan this file for hidden security issues."
  • "Check the dependencies in package.json for typosquatting."
  • "Scan .cursorrules for a rules-file backdoor."
  • "Run a deep AI analysis of src/auth.ts."
  • "Explain what a Trojan Source attack is and how to fix the finding above."

The client will call the appropriate MCP tool and return findings with severity, line numbers, and remediation guidance.


Free tier & Plans

CodeSafer is free to use. Static analysis (scan_file, scan_directory, scan_rules_file, check_dependencies, explain_finding) has no limits.

AI deep analysis (ai_analyze) includes 10 free runs per session. Paid plans for higher AI quotas are available at codesafer.org.


Detection categories

CodeSafer detects threats across 9 categories:

  1. Invisible Unicode characters — 30+ variants including Zero-Width Space, Zero-Width Joiner
  2. BiDi / Trojan Source attacks — CVE-2021-42574
  3. Homoglyphs — Cyrillic/Greek characters masquerading as Latin (CVE-2021-42694)
  4. Unicode steganography — Glassworm patterns in whitespace
  5. Rules file backdoors — malicious instructions in .cursorrules, CLAUDE.md, etc.
  6. Dependency risks — typosquatting and suspicious install scripts
  7. Obfuscation patternseval + base64, packed payloads, reverse shells
  8. Static analysis findings — 8 deterministic scanners
  9. AI deep analysis — CodeBERT transformer for novel and obfuscated threats

Project structure

cleaner-code/
├── src/
│   ├── index.ts           # MCP server entry point
│   ├── api-server.ts      # Optional HTTP API server
│   ├── types.ts           # Scanner interfaces
│   ├── utils.ts           # File collection, summary formatting
│   └── scanner/
│       ├── invisible.ts       # Invisible Unicode scanner
│       ├── bidi.ts            # BiDi / Trojan Source scanner
│       ├── homoglyph.ts       # Homoglyph scanner
│       ├── encoding.ts        # Encoding / charset scanner
│       ├── obfuscation.ts     # Obfuscation pattern scanner
│       ├── steganography.ts   # Unicode steganography scanner
│       ├── rules-backdoor.ts  # Rules file backdoor scanner
│       ├── dependency.ts      # Dependency risk scanner
│       └── ai-analyzer.ts     # CodeBERT deep analyzer
├── ml/                    # ML model assets and tokenizer
├── functions/             # Cloud function deployments
├── deploy/                # Deployment manifests
└── web/                   # Landing page assets

License

ISC — see the LICENSE file for details.


Links

推荐服务器

Baidu Map

Baidu Map

百度地图核心API现已全面兼容MCP协议,是国内首家兼容MCP协议的地图服务商。

官方
精选
JavaScript
Playwright MCP Server

Playwright MCP Server

一个模型上下文协议服务器,它使大型语言模型能够通过结构化的可访问性快照与网页进行交互,而无需视觉模型或屏幕截图。

官方
精选
TypeScript
Magic Component Platform (MCP)

Magic Component Platform (MCP)

一个由人工智能驱动的工具,可以从自然语言描述生成现代化的用户界面组件,并与流行的集成开发环境(IDE)集成,从而简化用户界面开发流程。

官方
精选
本地
TypeScript
Audiense Insights MCP Server

Audiense Insights MCP Server

通过模型上下文协议启用与 Audiense Insights 账户的交互,从而促进营销洞察和受众数据的提取和分析,包括人口统计信息、行为和影响者互动。

官方
精选
本地
TypeScript
VeyraX

VeyraX

一个单一的 MCP 工具,连接你所有喜爱的工具:Gmail、日历以及其他 40 多个工具。

官方
精选
本地
graphlit-mcp-server

graphlit-mcp-server

模型上下文协议 (MCP) 服务器实现了 MCP 客户端与 Graphlit 服务之间的集成。 除了网络爬取之外,还可以将任何内容(从 Slack 到 Gmail 再到播客订阅源)导入到 Graphlit 项目中,然后从 MCP 客户端检索相关内容。

官方
精选
TypeScript
Kagi MCP Server

Kagi MCP Server

一个 MCP 服务器,集成了 Kagi 搜索功能和 Claude AI,使 Claude 能够在回答需要最新信息的问题时执行实时网络搜索。

官方
精选
Python
e2b-mcp-server

e2b-mcp-server

使用 MCP 通过 e2b 运行代码。

官方
精选
Neon MCP Server

Neon MCP Server

用于与 Neon 管理 API 和数据库交互的 MCP 服务器

官方
精选
Exa MCP Server

Exa MCP Server

模型上下文协议(MCP)服务器允许像 Claude 这样的 AI 助手使用 Exa AI 搜索 API 进行网络搜索。这种设置允许 AI 模型以安全和受控的方式获取实时的网络信息。

官方
精选