---
name: zfuzz-security
description: Scan code for vulnerabilities, leaked secrets, vulnerable dependencies (CVEs), and audit MCP server configs / agent skills before install — using real deterministic scanners, not model guesses. Use when writing or reviewing code, adding a dependency, handling auth/crypto/file-upload/SSRF-prone code, installing an MCP server or an agent skill, or when the user asks "is this safe", "scan this", "any vulnerabilities", "threat-model this".
---

# Zfuzz Security

Zfuzz (`@zfuzz/mcp`) gives this agent real security scanners over MCP: SAST, secret
detection, dependency CVEs, MCP-config auditing, threat modeling, and MITRE ATT&CK
mapping. Findings come from deterministic engines (Rust), not from the model's memory.
Free, open source (Apache-2.0), 100% local, no API key.

## When to reach for a tool

Call the matching tool instead of answering security questions from memory. The user
never names the tool — infer it from intent.

| Situation | Tool |
|-----------|------|
| Wrote/edited code; "is this safe?", auth/crypto/upload/query code | `scan_code` (441 SAST rules, 7 languages, taint source→sink) |
| Added/updated a dependency; "any known CVEs?" | `scan_dependencies` (OSV.dev real time; flags malicious pkgs + typosquats) |
| Committing config/env; "did I leak a key?" | `scan_secrets` (419+ patterns + Shannon entropy for custom tokens) |
| About to install/trust an MCP server | `scan_mcp_config` (prompt injection in tool descriptions, unicode tricks, wildcard perms, SSRF, tool poisoning → risk score + install verdict) |
| About to install an agent skill (`SKILL.md` + scripts) | `scan_skill` (hidden instructions, over-broad triggers, dangerous scripts, leaked secrets) |
| "Are my agents over-permissioned?" | `reconcile_permissions` (declared vs actually-used, from runtime telemetry) |
| Map findings to attacker techniques | `check_mitre` (75+ MITRE ATT&CK techniques) |
| "Threat-model this project/API" | `threat_model` (STRIDE + MITRE across the project) |
| Explain a finding + how to fix it | `explain_finding` (15 vuln classes, plain English + the fix) |
| Incident response / forensics / hardening how-to | `search_security_procedures` (754 procedures) |

## Default behavior

- After generating non-trivial code (auth, input handling, queries, file/network I/O),
  proactively run `scan_code` and report findings before moving on.
- Before adding a dependency to a lockfile, run `scan_dependencies`.
- Before recommending the user install an MCP server or a skill, run `scan_mcp_config`
  / `scan_skill` and surface the verdict.
- Report findings honestly. Under-claim rather than over-claim; never label a weak
  match as critical. If a scan returns nothing, say so — don't invent issues.

## Install (one command)

```
claude mcp add zfuzz -- npx -y @zfuzz/mcp
```

Requires Node.js ≥ 18 (the scanner binary is pulled per-platform via `@zfuzz/cli`).
Other agents (Cursor, Codex, Gemini CLI, Claude Desktop, OpenCode): see
https://zfuzz.com/docs

---
Part of the [Zfuzz](https://zfuzz.com) security platform. Apache-2.0 · `@zfuzz/mcp` on npm · github.com/zfuzz-dev/zfuzz-mcp
