CyberSam-Cyber-Security-Agent
Verified Safeby Satyampant
Overview
A Python code security analyzer powered by OpenAI Agents and Semgrep MCP server, identifying vulnerabilities and recommending fixes through a web interface.
Installation
docker run -p 8000:8000 -e OPENAI_API_KEY=your_key -e SEMGREP_APP_TOKEN=your_token cyber-analyzerEnvironment Variables
- OPENAI_API_KEY
- SEMGREP_APP_TOKEN
Security Notes
The core application (`backend/server.py`) uses `os.getenv` for API keys and securely limits AI agent tools to `semgrep_scan` via `create_static_tool_filter`, which is a strong positive. However, the `/semgrep-test` endpoint uses `subprocess.run` to execute `pip install semgrep`, which introduces a minor supply chain risk if the execution environment is compromised, though it's a fixed command. An unrelated `airline.py` file containing a direct `eval(expr)` exists in the repository but is not imported or used by the main API server.
Similar Servers
mcp-scanner
Scans Model Context Protocol (MCP) servers, tools, prompts, and resources for security vulnerabilities, employing static analysis, YARA rules, Cisco AI Defense API, and LLM-based behavioral analysis.
mcp-server-code-execution-mode
This server enables LLM agents to execute Python code in a highly secure, isolated container environment, facilitating complex multi-tool orchestration and data analysis with minimal LLM context token usage.
burp-mcp-agents
Connects Burp Suite MCP Server to AI backends (Codex, Gemini, Ollama, LM Studio) for assisted, non-destructive vulnerability analysis using real Burp traffic.
VibeShift
VibeShift is an intelligent security agent that integrates with AI coding assistants to analyze AI-generated code for vulnerabilities, suggest remediations, and facilitate web test recording, crawling, and execution.