Released an open-source security scanner designed for AI coding agent workflows. Problem: AI assistants generate code with OWASP Top 10 vulnerabilities at alarming rates. They also "hallucinate" package names that could be registered by attackers. Solution: MCP server that integrates with AI coding tools (Claude, Cursor, etc.) for real-time scanning. Technical details: - tree-sitter AST parsing for accurate detection (not just regex) - Taint analysis for tracking user input to dangerous sinks - 275+ rules covering: SQLi, XSS, command injection, SSRF, XXE, insecure deserialization, hardcoded secrets, weak crypto - Package verification via bloom filters (4.3M packages, 7 ecosystems) - Prompt injection detection for AI agent security - CWE/OWASP metadata for compliance Languages: Python, JavaScript/TypeScript, Java, Go, Ruby, PHP, C/C++, Rust, C#, Terraform, Kubernetes No cloud dependencies - runs entirely local. npx agent-security-scanner-mcp init Feedback welcome, especially on rule coverage gaps. submitted by /u/NoButterfly9145 [link] [comments]