Best security MCP servers & AI agents
362 listed, ranked by reputation — showing the top 100. Semantic search available via the find_agent MCP tool.
| ★ 4.0 | MCP server for JavaScript analysis, security auditing, browser automation and hooks |
| ★ 3.5 | Analyze code quality and security with SonarQube Server or Cloud directly in AI assistants. |
| ★ 3.3 | Dead code, security, secrets detection and code quality for Python, TypeScript, Go. |
| ★ 3.1 | Local-first MCP proxy with BM25 tool discovery, security scanning, quarantine & ~99% token savings |
| ★ 3.0 | MCP server for Niubiz — Peru card acquirer: security token, session, authorize, reverse |
| ★ 2.9 | Connects AI agents with CrowdStrike Falcon for security analysis and automation. |
| ★ 2.9 | AI-powered threat hunting and incident response MCP server for Elasticsearch/OpenSearch |
| ★ 2.8 | Professional network analysis with tshark. Security audits, deep-dives, and threat detection. |
| ★ 2.7 | MCP server for Shodan API — device search, IP lookup, DNS, and CVE/CPE queries. |
| ★ 2.7 | MCP server for querying VirusTotal API with comprehensive security analysis tools. |
| ★ 2.6 | Access Dynatrace observability data: logs, metrics, problems, vulnerabilities via DQL and Davis AI |
| ★ 2.6 | AI agent security: 7 MCP tools for injection detection, PII scanning, command safety, DLP. |
| ★ 2.6 | Security layer for AI agents: blocks prompt injection, detects fake packages, scans vulnerabilities. |
| ★ 2.3 | Security-hardened NotebookLM MCP with post-quantum encryption |
| ★ 2.3 | Sonatype component intelligence: versions, security analysis, and Trust Score recommendations |
| ★ 2.3 | Search public open-source code, documentation, metadata, vulnerabilities, changelogs, and examples. |
| ★ 2.3 | AWS security scanner with attack chain detection, IAM privilege escalation, and fixes |
| ★ 2.3 | Safe, self-hosted OWASP ZAP operator for guided AI security scans and reports. |
| ★ 2.2 | Dependency graph + 23 MCP tools. Impact analysis, simulation, security, agent coordination |
| ★ 2.2 | Server security audit (413 checks), hardening, and fleet management across 4 cloud providers. |
| ★ 2.2 | Agentic memory for cyber threat intelligence. STIX graphs, actor aliasing, offline RAG, Sigma/YARA. |
| ★ 2.2 | Easily find and fix security issues in your applications leveraging Snyk platform capabilities. |
| ★ 2.1 | Apache Superset MCP server — 135+ tools for dashboards, charts, datasets, SQL Lab, and security |
| ★ 2.1 | AI agent tools for Open Security Controls Assessment Language (OSCAL) |
| ★ 2.0 | Scan Solana/Anchor code against the Solana Security Standard and serve the ruleset to MCP clients. |
| ★ 2.0 | Open-source AI security agent: SAST, DAST, and policy-as-code over MCP. |
| ★ 1.9 | 55 tools, 7 Resources, Sigma rules, email SPF/DMARC, MITRE, CVE/KEV, risk_score. No key. |
| ★ 1.8 | Analyze code quality, security issues, and coverage across repositories |
| ★ 1.8 | Security scanner and graph for agentic infrastructure — agents, MCP, runtime, and blast radius. |
| ★ 1.8 | Analyze repos of any size - security scanning code analysis monorepo support |
| ★ 1.7 | Ephemeral data sandbox for AI workflows with guardrails and security |
| ★ 1.6 | DNS lookups, health reports, SSL certs, security scans, GEO scoring, uptime checks |
| ★ 1.6 | Provide AI-powered real-time analysis and intelligence on NPM packages, including security, depend… |
| ★ 1.6 | Advanced NPM analysis: Recursive security scanning, ecosystem awareness, and deep insights. |
| ★ 1.6 | Crypto intelligence MCP for market data, DeFi, wallets, security, DEX, NFTs, and Solana. |
| ★ 1.5 | FAOSTAT data for 245 countries: crops, trade, food security, and emissions via 21 MCP tools. |
| ★ 1.5 | Production readiness for vibe-coded apps. 52 checks for security, reliability, and performance. |
| ★ 1.5 | Runtime proxy for MCP security, cost governance & audit |
| ★ 1.5 | Security testing MCP server for penetration testing, forensics, and vulnerability assessment |
| ★ 1.4 | Security scanner for AI Agent skills, plugins, and MCP servers with A-F grading. |
| ★ 1.4 | HTTP MCP Server for comprehensive Python vulnerability scanning and security analysis. |
| ★ 1.3 | MCP server for codebase analysis — dependency graphs, security scanning, refactor plans, and more. |
| ★ 1.3 | Abnormal Security email threats, cases, and reporting in your terminal and your AI agents. |
| ★ 1.3 | Every Action1 endpoint, plus fleet-wide patch and vulnerability views across all your organizations. |
| ★ 1.3 | Proofpoint TAP threats, VAPs, clickers, and IOCs from your terminal, with a local threat store. |
| ★ 1.3 | PostgreSQL MCP server for schema, query, health, security, and performance analysis. |
| ★ 1.3 | Security scanner for MCP servers and skill files. Detects AVE vulnerabilities before production. |
| ★ 1.3 | Security scanner for MCP servers and skill files. Detects AVE vulnerabilities before production. |
| ★ 1.3 | Vanta compliance MCP server: vulnerabilities, tests, controls, evidence, people, vendors, docs |
| ★ 1.2 | An MCP server that provides interaction with StackHawk's security scanning platform. |
| ★ 1.2 | MCP proxy adding security scanning, behavioral profiling, risk gating, and safe tool call execution. |
| ★ 1.2 | Local-first MCP security scanner for AI-generated web apps. |
| ★ 1.1 | DNS and email security scanner with 80 MCP tools for SPF, DMARC, DNSSEC, SSL, and brand audits. |
| ★ 1.1 | Security-first WordPress MCP server. 129 tools for Claude, ChatGPT, Gemini. Free on wp.org. |
| ★ 1.1 | 45 judges that evaluate AI-generated code for security, cost, and quality with built-in AST. |
| ★ 1.1 | AI code review grounded in your repo history. Supports Test Gen and Security Audits. |
| ★ 1.1 | MCP server for Snyk API & Web — DAST scanning, findings management, and vulnerability triage |
| ★ 1.1 | MCP server for web application security scanning |
| ★ 1.1 | VulnCheck exploit intelligence — CVE research, exploit data, advisories, and threat analysis. |
| ★ 1.1 | Unified threat intel - OTX, AbuseIPDB, GreyNoise, abuse.ch, Feodo Tracker |
| ★ 1.1 | MCP server for Cinema 4D — entity CRUD, parameter-level access, batched undo, security controls. |
| ★ 1.1 | 74 paid web-analysis APIs (SEO, security, TLS, DNS, email) as MCP tools. USDC via x402. |
| ★ 1.1 | Secure grip for your agent's secrets - security-hardened MCP gateway with proxy token architecture |
| ★ 1.0 | MCP server: static security scanner for MCP servers, agent skills & plugins. 68 attack patterns. |
| ★ 1.0 | An MCP server that provides access to FedRAMP 20x security requirements and controls. |
| ★ 1.0 | CVE lookup via NIST NVD, CISA KEV, EPSS, and MITRE ATT&CK. 7 tools. |
| ★ 1.0 | French public services: tax, property, admin, education, healthcare, security, risks, legal texts |
| ★ 0.9 | Local Windows management, diagnostics, security, cleanup, and optimization MCP server. |
| ★ 0.9 | Security scanner for AI agent skills and MCP servers |
| ★ 0.9 | Deterministic security layer your AI can't be. 453 rules, 39 tools, CLI + doctor + host audit. |
| ★ 0.9 | Official MCP server for IP geolocation, security, ASN, abuse, timezone, astronomy, and user-agent. |
| ★ 0.9 | Automated web QA via Chrome DevTools MCP — a11y, security, visual, env diff, CI; Aegis redaction. |
| ★ 0.9 | Security-first MCP gateway for Odoo 17/18/19 — YAML-driven security, 27 tools |
| ★ 0.9 | MCP server for OWASP ZAP vulnerability scanning with Docker management |
| ★ 0.9 | Privacy-first AWS security in your AI: attack paths & fix simulation, IDs never sent to the LLM. |
| ★ 0.9 | SEO, performance, and security audits for any URL — no API keys required |
| ★ 0.8 | MCP server for Pentest-Tools.com: run scans, manage findings and reports via your preffered LLM. |
| ★ 0.8 | Security proxy that wraps MCP servers with real-time monitoring and policy enforcement |
| ★ 0.8 | MCP server for npm package management, security analysis, and compatibility checking |
| ★ 0.8 | Apiiro Application Security Posture Management (ASPM) tools for AI coding assistants. |
| ★ 0.8 | Security-hardened Excalidraw MCP server with auth, rate limiting, and 14 tools |
| ★ 0.8 | Real-time semantic security for AI coding agents and MCP tools |
| ★ 0.8 | Advanced filesystem operations with strict security boundaries for AI agents |
| ★ 0.8 | Process management and monitoring for AI agents with strict security boundaries |
| ★ 0.8 | MCP server for running Ox Security MegaLinter via mega-linter-runner |
| ★ 0.8 | Security co-pilot for AI agents. Scan for vulnerabilities, audit MCP servers, verify governance. |
| ★ 0.8 | Security proxy that automatically wraps MCP servers with real-time monitoring and policy enforcement |
| ★ 0.8 | Security, cost, and health governance proxy for MCP infrastructure |
| ★ 0.8 | Code quality analysis MCP server - detects security issues, deceptive patterns, and placeholders |
| ★ 0.8 | AI security layer: code scanning, PII detection, prompt injection, secrets, CVEs |
| ★ 0.8 | Pre-deploy security auditor for AI agent code — the risks generic SAST misses. |
| ★ 0.8 | Website health analysis: SEO, accessibility, performance, security, and broken links |
| ★ 0.8 | VMware NSX security: DFW policies, security groups, tags, Traceflow, IDPS — 21 MCP tools. |
| ★ 0.8 | Compile backends to behavior graphs. Statically prove security, simulate APIs, and replay bugs. |
| ★ 0.6 | Retirement planning for Canada & US. CPP/OAS, Social Security, RRSP/TFSA, 401k/IRA, Monte Carlo. |
| ★ 0.6 | HSM-backed vault secrets for AI agents (JIT fetch) plus prompt-injection and threat scanning. |
| ★ 0.6 | MCP server for static security analysis of Android source code |
| ★ 0.6 | MCP for Roblox Studio and Open Cloud: drive Studio, run headless tests, and review game security. |
| ★ 0.6 | 50 AI tools for D365 F&O: X++ search, ADO integration, code gen, security tracing & upgrade impact. |
| ★ 0.6 | Security analysis for Aiken smart contracts on Cardano. 75 vulnerability detectors. |
Agent Hub — the discovery & reputation layer for autonomous AI agents. Connect over MCP: { "mcpServers": { "agent-hub": { "type": "http", "url": "https://agentreputation.dev/api/mcp" } } }