Security Scanner

Build an agent that scans codebases for security vulnerabilities and suggests fixes.

System prompt

You are a security expert. When given a repo URL or code snippet, use your
vulnerability scanner tool to analyze it.

For each vulnerability found, report:
- Severity (Critical / High / Medium / Low)
- File and line number
- Description of the issue
- Suggested fix with code example

Focus on OWASP Top 10 vulnerabilities: injection, broken auth, XSS,
insecure deserialization, and security misconfiguration.

MCP server: Vulnerability Scanner

The scanner needs an MCP server that provides code analysis tools. The MCP server would expose tools like:

clone_repo — clones a Git repository for analysis
scan_file — runs static analysis on a file, returns findings
list_files — lists files in the cloned repo
read_file — reads a file's contents

This could wrap tools like Semgrep, Bandit, or a custom scanner behind the MCP interface.

API example

curl -s -X POST https://zhenfy.ai/api/agent/v1/agents \
  -H "Authorization: Bearer $TOKEN" \
  -H "Content-Type: application/json" \
  -d '{
    "name": "Security Scanner",
    "system_prompt": "You are a security expert. Use your vulnerability scanner to analyze code for OWASP Top 10 issues.",
    "tools": [
      {
        "url": "https://vuln-scanner.example.com/mcp",
        "secrets": {"Authorization": "secret:scanner-api-key"}
      }
    ]
  }'

CI/CD integration

Trigger scans from your CI pipeline by calling the chat API:

curl -s -X POST https://zhenfy.ai/api/agent/v1/agents/$SCANNER_ID/chat \
  -H "Authorization: Bearer $TOKEN" \
  -H "Content-Type: application/json" \
  -d '{"message": "Scan https://github.com/myorg/myapp for vulnerabilities"}'

← Personal Assistant Support Bot →