Product Scanner MCP Security Web3 Security Docs Pricing X / Twitter
SecPilot Guard Engine Active

AI Security Copilot
for Vibe-Coded Apps

SecPilot scans AI-built applications, MCP agents, dependencies, secrets, authentication flows, and deployment risks before they reach production.

secpilot dashboard — my-ai-app
Security Score
82/100
Risk Grade
B+
Open Findings
25
Launch Ready
76%
Secrets Detected
2
Dependency Issues
3
MCP Warnings
2
Fix Recommendations
18
SeverityModuleFindingFileStatus
HighAuthMissing server-side role validation/api/admin/route.tsOpen
MediumDependencyVulnerable package detectedpackage.jsonReview
HighMCPTool has broad file-system accessmcp.config.jsonOpen
LowConfigMissing security headersnext.config.jsFix Ready
AI made building faster.
Security did not catch up.

Hidden Code Vulnerabilities

AI-generated code often ships with security flaws that traditional linters miss — broken input validation, insecure API patterns, and logic errors.

🔑

Leaked Secrets and Keys

API keys, tokens, and private credentials end up committed to repositories and exposed in environment files.

🔓

Incomplete Auth Logic

Authentication flows generated by AI tools may lack server-side validation, proper session management, or role-based access controls.

🤖

Excessive MCP Permissions

AI agents and MCP tools may request broad file-system, network, or execution permissions beyond what the task requires.

📦

Supply-Chain Risk

Dependencies introduced by AI coding assistants can include vulnerable or unmaintained packages with known CVEs.

🚀

Skipped Security Review

Fast launches prioritize speed. Security checks, deployment hardening, and production readiness get deferred or forgotten.

From prompt to production, secured.
1

Connect Repository

Import your GitHub repository, upload a project folder, or scan local code with SecPilot Guard.

2

Analyze Attack Surface

SecPilot maps secrets, dependencies, APIs, auth flows, environment files, MCP tools, and deployment configuration.

3

Generate Fix Guidance

Every finding includes severity, explanation, affected file, suggested remediation, and AI-ready fix prompt.

4

Ship with Confidence

Export a security report, CI result, SARIF output, launch checklist, and hardening plan.

Security modules built for modern AI development.
🔐

Secret Detection

Find exposed API keys, private keys, tokens, credentials, and environment leaks across your codebase.

📦

Dependency Risk Analysis

Detect vulnerable packages, outdated libraries, suspicious dependencies, and supply-chain risks.

🛡

Auth & Access Review

Analyze broken authentication flows, weak session handling, unsafe role checks, and privilege escalation paths.

🤖

MCP Permission Scanner

Review MCP servers, tools, file access, network permissions, and agent execution risks.

AI Code Risk Detection

Identify unsafe AI-generated patterns, insecure routes, weak validation, and risky backend logic.

🌐

Web3 Security Layer

Scan wallet connection logic, token approval flows, RPC exposure, and frontend Web3 attack surfaces.

🏗

Deployment Hardening

Check headers, CORS, environment config, public files, exposed routes, and production readiness.

Fix Prompt Generator

Generate clear fix instructions to paste into Cursor, Claude, Codex, or any AI coding agent.

One command. Full security visibility.
terminal — secpilot
$ npx secpilot scan

SecPilot Guard Engine
Scanning project...

Secrets: 0 critical, 2 warnings
Dependencies: 3 medium risks
Auth logic: 1 high risk
MCP permissions: 2 warnings
Deployment config: 4 improvements

Security Score: 82/100
Grade: B+

✓ Report generated: secpilot-report.md
Real-time security posture at a glance.
SecPilot Dashboard my-ai-app
82
Score
B+
Grade
1
Critical
3
High
7
Medium
14
Low
Launch Readiness
76%
SeverityModuleFindingFileStatus
CriticalSecretsExposed API key in sourcesrc/lib/api.tsOpen
HighAuthMissing server-side role validation/api/admin/route.tsOpen
HighMCPTool has broad file-system accessmcp.config.jsonOpen
HighAuthJWT token stored in localStoragesrc/auth/session.tsReview
MediumDependencyVulnerable package: lodash@4.17.20package.jsonReview
MediumConfigCORS allows all originsnext.config.jsFix Ready
LowConfigMissing X-Frame-Options headernext.config.jsFix Ready
Secure your AI agents before they touch production.

SecPilot validates MCP servers and AI tool permissions so agents cannot overreach, leak sensitive context, or execute unsafe operations.

Tool permission analysis
Context leakage detection
File system access review
Network access review
Agent action audit
Human approval rules
Security for AI-built Web3 apps.

Pre-audit risk scanning for Web3 interfaces and integrations. SecPilot helps builders detect frontend and integration risks before launching crypto-native products.

Wallet connection review
Unsafe approval flow detection
Exposed RPC endpoint checks
Token interaction warnings
Contract integration risk notes
Treasury address verification
Frontend phishing detection
Launch checklist for Solana, BSC & EVM
Works with the tools builders already use.
GitHub
GitLab
Cursor
Claude
Codex
Replit
Lovable
Bolt
Vercel
Netlify
Docker
MCP
Solana
BSC
EVM
Secure your stack at any scale.

Free

$0
For solo builders starting security checks.
  • Local scan
  • Secret detection
  • Basic dependency scan
  • Markdown report
  • 1 project

Team

Custom
For startups and protocol teams.
  • Team dashboard
  • Organization repos
  • Audit logs
  • Advanced policy rules
  • Deployment hardening
  • Private reports
  • Slack / Discord alerts
  • Custom security workflow
Developer-first documentation.

Quick Start

Get scanning in under 2 minutes

CLI Installation

Install and configure the CLI

GitHub Scan

Scan repos directly from GitHub

MCP Security

Validate MCP tool permissions

Web3 App Security

Pre-audit risk scanning

CI/CD Setup

Integrate into your pipeline

Report Format

Markdown, JSON, SARIF output

Security Policies

Configure fail conditions

Fix Prompt Generator

AI-ready remediation prompts

API Reference

Programmatic access to scans

Frequently asked questions.
What is SecPilot?
SecPilot is an AI security copilot that scans AI-built apps, MCP agents, dependencies, secrets, auth logic, deployment risks, and Web3 integrations. It helps development teams identify and fix security issues before shipping to production.
Is SecPilot a replacement for a manual audit?
No. SecPilot helps detect risks early and improve launch readiness. Critical systems should still use professional review and formal audits. SecPilot is designed to complement, not replace, human security expertise.
Does SecPilot work with vibe-coded apps?
Yes. SecPilot is designed for apps built with Cursor, Claude, Codex, Lovable, Bolt, Replit, and other AI coding tools. It understands the common patterns and pitfalls of AI-generated code.
Does SecPilot support MCP?
Yes. SecPilot reviews MCP tool permissions, file access, network access, context exposure, and agent execution risks. It helps ensure your AI agents operate within safe boundaries.
Does SecPilot support Web3?
Yes. SecPilot includes pre-audit risk scanning for wallet flows, RPC exposure, approval patterns, Web3 frontend risks, and contract interaction logic across Solana, BSC, and EVM chains.
Can I run SecPilot locally?
Yes. The CLI-first workflow allows local scans without requiring cloud upload. Install globally with npm and run scans directly on your local project directory.

Build fast. Ship secure.

AI can generate code in seconds. SecPilot helps make sure that code is ready for the real world.