gc_scanPro+#
Point your agent at code, get a security scan. You send a bundle of files and a ruleset; gc_scan runs the matching pack of AST security rules and returns each finding's rule, severity, and file. It is built for pull-request review and bug triage from inside an MCP client — no local install, no CI wiring.
?profile=full on the MCP URL (the security tools are not in the default core profile). Both files and ruleset are required — a call without a ruleset is rejected.Rulesets
Pick the built-in pack that matches what you are checking. Each pack is a curated set of language-aware AST rules:
subprocess-safe— shell-injection sinks (os.system,subprocess(..., shell=True), and friends).auth-safe— weak or missing authentication / authorization patterns.crypto-safe— insecure cryptographic primitives and modes.deserialization-safe— unsafe deserialization sinks.tls-safe— disabled certificate / hostname verification.secrets-basic— hardcoded-secret heuristics (narrow AST patterns; treat as a first pass, not a complete secrets scanner).
Tool schema
{
"name": "gc_scan",
"description": "Scan a code bundle with a built-in AST security ruleset.",
"inputSchema": {
"type": "object",
"properties": {
"files": {
"type": "array",
"description": "{path, content} objects. Relative paths; ≤1000 files, ≤512 KB each, ≤5 MB total.",
"items": {
"type": "object",
"properties": { "path": { "type": "string" }, "content": { "type": "string" } },
"required": ["path", "content"]
}
},
"ruleset": {
"type": "string",
"description": "REQUIRED. One built-in rule pack.",
"enum": ["auth-safe","crypto-safe","deserialization-safe","secrets-basic","subprocess-safe","tls-safe"]
},
"language": {
"type": "string",
"description": "Optional. Auto-detected from file extension when omitted.",
"enum": ["javascript","python","rust","typescript"]
}
},
"required": ["files", "ruleset"]
}
}Example call
gc_scan(
files=[
{
"path": "handler.py",
"content": "import subprocess\ndef run(cmd):\n return subprocess.run(cmd, shell=True)"
}
],
ruleset="subprocess-safe"
)Example response
Read matched_rules / total_matches for the headline. A real hit has matches > 0 with the file listed:
{
"ruleset": "subprocess-safe",
"language": "python",
"matched_rules": 1,
"total_matches": 1,
"findings": [
{
"rule_id": "python-subprocess-run-shell-true",
"severity": "high",
"message": "Avoid subprocess with shell=True (command injection).",
"matches": 1,
"files": ["handler.py"]
}
]
}gc_skill_scanPro+#
Scan a skill or MCP server before your agent trusts it. Send the SKILL.md / AGENTS.md markdown or an MCP tool-manifest JSON; gc_skill_scan checks for AI-native threats — tool-poisoning, prompt-injection, least-privilege and excessive-agency violations, data-exfiltration — and returns a single safe_to_install verdict. It is the install-gate a generic code scanner does not ship.
safe_to_install (a boolean) or on recommendation (SAFE / CAUTION / DO_NOT_INSTALL). Any CRITICAL finding forces DO_NOT_INSTALL.Tool schema
{
"name": "gc_skill_scan",
"description": "Scan a SKILL.md / AGENTS.md / MCP tool-manifest for AI-native threats. Returns a safe_to_install verdict.",
"inputSchema": {
"type": "object",
"properties": {
"files": {
"type": "array",
"description": "SKILL.md/AGENTS.md markdown and/or MCP tool-manifest JSON. ≤200 files, ≤256 KB each, ≤2 MB total.",
"items": {
"type": "object",
"properties": { "path": { "type": "string" }, "content": { "type": "string" } },
"required": ["path", "content"]
}
}
},
"required": ["files"]
}
}Example call
gc_skill_scan(
files=[
{ "path": "SKILL.md", "content": "<the skill markdown you are about to install>" }
]
)Example response
A poisoned skill (here, a hidden “ignore all previous instructions” exfiltration payload) returns:
{
"risk_score": 70,
"severity": "HIGH",
"recommendation": "DO_NOT_INSTALL",
"safe_to_install": false,
"scan_mode": "static",
"findings": [
{
"id": "P1-1",
"category": "Prompt Injection",
"severity": "HIGH",
"confidence": 0.8,
"location": { "file": "SKILL.md", "line": 7 },
"message": "Instruction override: 'IGNORE ALL PREVIOUS INSTRUCTIONS'",
"tags": ["LLM01"]
}
]
}A clean skill returns risk_score: 0, recommendation: "SAFE", safe_to_install: true, findings: [].