Skip to main content

gc_scanPro+#

Point your agent at code, get a security scan. You send a bundle of files and a ruleset; gc_scan runs the matching pack of AST security rules and returns each finding's rule, severity, and file. It is built for pull-request review and bug triage from inside an MCP client — no local install, no CI wiring.

Pro and above. Requires ?profile=full on the MCP URL (the security tools are not in the default core profile). Both files and ruleset are required — a call without a ruleset is rejected.

Rulesets

Pick the built-in pack that matches what you are checking. Each pack is a curated set of language-aware AST rules:

  • subprocess-safe — shell-injection sinks (os.system, subprocess(..., shell=True), and friends).
  • auth-safe — weak or missing authentication / authorization patterns.
  • crypto-safe — insecure cryptographic primitives and modes.
  • deserialization-safe — unsafe deserialization sinks.
  • tls-safe — disabled certificate / hostname verification.
  • secrets-basic — hardcoded-secret heuristics (narrow AST patterns; treat as a first pass, not a complete secrets scanner).

Tool schema

{
  "name": "gc_scan",
  "description": "Scan a code bundle with a built-in AST security ruleset.",
  "inputSchema": {
    "type": "object",
    "properties": {
      "files": {
        "type": "array",
        "description": "{path, content} objects. Relative paths; ≤1000 files, ≤512 KB each, ≤5 MB total.",
        "items": {
          "type": "object",
          "properties": { "path": { "type": "string" }, "content": { "type": "string" } },
          "required": ["path", "content"]
        }
      },
      "ruleset": {
        "type": "string",
        "description": "REQUIRED. One built-in rule pack.",
        "enum": ["auth-safe","crypto-safe","deserialization-safe","secrets-basic","subprocess-safe","tls-safe"]
      },
      "language": {
        "type": "string",
        "description": "Optional. Auto-detected from file extension when omitted.",
        "enum": ["javascript","python","rust","typescript"]
      }
    },
    "required": ["files", "ruleset"]
  }
}

Example call

gc_scan(
  files=[
    {
      "path": "handler.py",
      "content": "import subprocess\ndef run(cmd):\n    return subprocess.run(cmd, shell=True)"
    }
  ],
  ruleset="subprocess-safe"
)

Example response

Read matched_rules / total_matches for the headline. A real hit has matches > 0 with the file listed:

{
  "ruleset": "subprocess-safe",
  "language": "python",
  "matched_rules": 1,
  "total_matches": 1,
  "findings": [
    {
      "rule_id": "python-subprocess-run-shell-true",
      "severity": "high",
      "message": "Avoid subprocess with shell=True (command injection).",
      "matches": 1,
      "files": ["handler.py"]
    }
  ]
}

gc_skill_scanPro+#

Scan a skill or MCP server before your agent trusts it. Send the SKILL.md / AGENTS.md markdown or an MCP tool-manifest JSON; gc_skill_scan checks for AI-native threats — tool-poisoning, prompt-injection, least-privilege and excessive-agency violations, data-exfiltration — and returns a single safe_to_install verdict. It is the install-gate a generic code scanner does not ship.

Pure static. No LLM call, no code execution — it never runs the skill it scans. Gate your install on safe_to_install (a boolean) or on recommendation (SAFE / CAUTION / DO_NOT_INSTALL). Any CRITICAL finding forces DO_NOT_INSTALL.

Tool schema

{
  "name": "gc_skill_scan",
  "description": "Scan a SKILL.md / AGENTS.md / MCP tool-manifest for AI-native threats. Returns a safe_to_install verdict.",
  "inputSchema": {
    "type": "object",
    "properties": {
      "files": {
        "type": "array",
        "description": "SKILL.md/AGENTS.md markdown and/or MCP tool-manifest JSON. ≤200 files, ≤256 KB each, ≤2 MB total.",
        "items": {
          "type": "object",
          "properties": { "path": { "type": "string" }, "content": { "type": "string" } },
          "required": ["path", "content"]
        }
      }
    },
    "required": ["files"]
  }
}

Example call

gc_skill_scan(
  files=[
    { "path": "SKILL.md", "content": "<the skill markdown you are about to install>" }
  ]
)

Example response

A poisoned skill (here, a hidden “ignore all previous instructions” exfiltration payload) returns:

{
  "risk_score": 70,
  "severity": "HIGH",
  "recommendation": "DO_NOT_INSTALL",
  "safe_to_install": false,
  "scan_mode": "static",
  "findings": [
    {
      "id": "P1-1",
      "category": "Prompt Injection",
      "severity": "HIGH",
      "confidence": 0.8,
      "location": { "file": "SKILL.md", "line": 7 },
      "message": "Instruction override: 'IGNORE ALL PREVIOUS INSTRUCTIONS'",
      "tags": ["LLM01"]
    }
  ]
}

A clean skill returns risk_score: 0, recommendation: "SAFE", safe_to_install: true, findings: [].

Where to next

Quickstart
Connect your MCP client and run your first compression in under two minutes.
Recipes
Copy-paste tool sequences for the workflows you'll run most.
Troubleshooting
Symptom-to-fix for the errors people actually hit.
Glossary
Plain-language definitions for skeleton, fidelity, profiles, and the rest.