npm:guardvibe

Item: npm:guardvibe
Rating: 75
Author: wmcp.sh

https://www.npmjs.com/package/guardvibe

75/100 · MCP Trust Grade · checked 2h ago · MCP 3.1.25

What it offers — 30 tools · Developer Tools

check_code

Analyze inline code for security vulnerabilities (OWASP Top 10, XSS, SQL injection, insecure patterns). Pass code as a string parameter. For scanning

check_project

Scan multiple files for security vulnerabilities and generate a project-wide security report with a security score. Use this for comprehensive securit

get_security_docs

Get security best practices and remediation guidance for a specific topic, framework, or vulnerability type. Covers OWASP Top 10, framework-specific h

check_dependencies

Check npm, PyPI, or Go packages for known security vulnerabilities (CVEs) using the OSV database. Use this before adding new dependencies or to audit

scan_directory

Scan all files in a directory on disk for security vulnerabilities. Pass a directory path — reads files from filesystem. Returns security score (A-F)

scan_dependencies

Parse a lockfile or manifest (package.json, package-lock.json, requirements.txt, go.mod) and check all dependencies for known CVEs via the OSV databas

scan_secrets

Scan files and directories for leaked secrets, API keys, tokens, and credentials. Detects high-entropy strings, known API key patterns (AWS, Stripe, O

scan_staged

Scan git-staged files for security vulnerabilities before committing. Run this before every commit to catch issues early. No input needed — automatica

compliance_report

Map security findings to compliance controls (SOC2, PCI-DSS, HIPAA, GDPR, ISO27001, EUAIACT). Scans a directory and groups issues by control. Output i

export_sarif

Scan a directory and export results in SARIF v2.1.0 format for CI/CD integration (GitHub, GitLab, Azure DevOps). Returns JSON string.

check_package_health

Check npm packages for typosquat risk, maintenance status, adoption metrics, and deprecation. Use this before adding new dependencies to catch suspici

fix_code

Pass vulnerable code as a string and get fix suggestions with before/after patches. Returns structured edit instructions (line numbers, severity, conf

audit_config

Audit application config files (next.config, middleware, .env, vercel.json) for cross-file security gaps: missing headers, unprotected routes, exposed

generate_policy

Auto-detect project stack (Next.js, Supabase, Stripe, Clerk, Prisma, etc.) and generate tailored security policies. Outputs ready-to-use CSP headers,

review_pr

Review a pull request for security issues. Scans only changed lines (diff-only mode) and produces output for GitHub Check Runs, PR comments, or inline

scan_secrets_history

Scan git history for leaked secrets. Finds secrets that were committed in the past — even if they were later removed. Marks each finding as

policy_check

Check project against compliance policies defined in .guardviberc. Use this in CI/CD pipelines to enforce security gates, or before releases to verify

analyze_dataflow

Track user input (request body, URL params, form data) flowing into dangerous sinks (SQL queries, eval, file operations, redirects). Detects injection

+12 more tools

Spec / packaging20%100

✓ depends on an MCP SDK
✓ declares a bin entry (runnable server)
✓ 30 tool(s) detected in source

Security (OWASP MCP)30%25

⚠ references sensitive file paths / env secrets
uses eval/exec/child_process (review for unsanitized input)
scanned 6 source files

Maintenance / popularity20%100

published within 90 days
156 published versions

Tool hygiene15%95

✓ ships TypeScript types
2 runtime deps

Transparency / provenance15%90

✓ public repository linked
✓ Apache-2.0 license
720 weekly downloads

Findings

WARNMCP08 References sensitive file paths / environment secrets.

INFO Static analysis of npm package guardvibe@3.1.25 (stdio server — no remote endpoint). Reliability/behavioral signals require running it; not measured.

Grade another server

We re-grade npm:guardvibe on a schedule and alert your Slack/webhook the moment its tools change or its grade drops — rug-pull insurance for the connection.

Share this report card

A 1200×630 card with the grade + audit — drop it in a post, Slack, or your repo.

MCP Trust report card — npm:guardvibe grade C

Share on X Open card image

https://wmcp.sh/mcp/grade/npm%3Aguardvibe

Embed this grade

A live badge — it re-verifies itself and shows current stability. Static scorecards can't. Paste it in your README or site to show users you're independently audited.

Markdown (for your README)

[![MCP Trust Grade C](https://wmcp.sh/mcp/grade/npm%3Aguardvibe/badge.svg)](https://wmcp.sh/mcp/grade/npm%3Aguardvibe)

HTML

<a href="https://wmcp.sh/mcp/grade/npm%3Aguardvibe"><img src="https://wmcp.sh/mcp/grade/npm%3Aguardvibe/badge.svg" alt="MCP Trust Grade C · wmcp.sh"></a>

Agents: check this before connecting

Add the wmcp.sh trust oracle as an MCP server and call grade_mcp_server / check_mcp_drift in your agent's pre-connection gate:

https://wmcp.sh/mcp/trust

How this grade is computed. An open, independent rubric — Spec conformance (20%), Security mapped to the OWASP MCP Top 10 (30%), Reliability (20%), Tool hygiene (15%), Transparency (15%) — run by connecting to the server and inspecting its real MCP surface. The grade is free and identical whether or not the operator pays. v1 uses static + spec signals from a single connection; continuous uptime, real latency, and annotation-truthing (declared readOnly vs observed behavior) layer on via the wmcp.sh proxy.