Zfuzz (@zfuzz/mcp) is the free, open-source security copilot for AI coding agents. Pick your tool, copy one line, done. No account, no API key, 100% local. Requires Node.js ≥ 18.
Install
Run it once in your terminal.
Add the MCP server to Codex.
Add the MCP server to Gemini CLI.
One line in your terminal.
Add to .cursor/mcp.json
Settings → Developer → Edit Config
Add to opencode.json
Self-host the HTTP endpoint, then point your tool's MCP / Integrations setting at it.
Remove anytime: claude mcp remove zfuzz (Claude Code), or delete the zfuzz entry from your client's MCP config.
Quickstart
Pick your agent above and run the one-liner. The first run pulls the per-platform scanner binary via @zfuzz/cli.
You never call the tools by hand. Just ask your agent things like:
The agent calls a Zfuzz tool and returns findings from a real scanner — not a guess. Confirm it's wired up: in Claude Code, /mcp lists zfuzz and its 10 tools.
What Zfuzz scans
Findings come from deterministic engines, not model guesses. The AI brain stays your editor's own model; Zfuzz adds the security muscle, right where you code. Built in Rust.
Languages: Python, JS/TS, Go, Java, Rust, Ruby, PHP.
The agent picks the right tool when you ask — you never call them by hand.
| Tool | What it does |
|---|---|
scan_code | SAST — 441 rules across 7 languages. Taint analysis tracks data from source to sink. |
scan_secrets | 419+ patterns (AWS, GitHub, Stripe, OpenAI, Anthropic keys). Shannon-entropy analysis catches custom tokens. |
scan_dependencies | CVEs via OSV.dev in real time — known CVEs, malicious packages and typosquats flagged before they reach your lockfile. |
scan_mcp_config | Audits every MCP server config: prompt injection in tool descriptions, unicode tricks, wildcard permissions, SSRF, tool poisoning. Returns a risk score + install verdict. |
scan_skill | Vets an agent skill (SKILL.md + bundled scripts) before install — hidden instructions, over-broad triggers, dangerous scripts, leaked secrets. |
reconcile_permissions | Declared vs actually-used tools — least privilege, from runtime telemetry. |
check_mitre | Maps findings to 75+ MITRE ATT&CK techniques. |
threat_model | STRIDE + MITRE analysis across a whole project. |
explain_finding | 15 vulnerability classes explained in plain English, with the fix. |
search_security_procedures | 754 procedures: incident response, forensics, hardening. |
Drop-in skill
SKILL.md is a small instruction file. Drop it into your agent's skills folder and it will reach for the right Zfuzz tool automatically — scanning new code, checking dependencies, and vetting MCP servers before you install them, without being asked each time.
Download SKILL.mdFAQ
Yes. @zfuzz/mcp is fully free and open source under Apache-2.0 — no usage cap, no cloud account, no API key.
No. The scanners run locally on your machine. The AI brain stays your own editor's model; Zfuzz only adds the security tools.
Claude Code, Cursor, VS Code (Copilot), Codex, Gemini CLI, Claude Desktop and OpenCode over stdio; browser tools like AI Studio, v0 and Lovable via a self-hosted HTTP endpoint.
Node.js 18 or newer. The scanner binary is pulled per-platform via @zfuzz/cli — no Rust toolchain, no compiler.
Zfuzz runs inside your AI agent while you write code, returns findings conversationally in seconds, and is free. Traditional scanners run in CI minutes after a push, behind a dashboard, and charge per developer.
Restart the agent after adding it and confirm Node ≥ 18. For the HTTP transport, if you hit "address already in use", change --port (avoid 8090). Binary errors? npm i -g @zfuzz/cli.