mcp-server-analyzer
mcp
Warn
Health Warn
- License — License: MIT
- Description — Repository has a description
- Active repo — Last push 0 days ago
- Low visibility — Only 7 GitHub stars
Code Pass
- Code scan — Scanned 12 files during light audit, no dangerous patterns found
Permissions Pass
- Permissions — No dangerous permissions requested
Purpose
This server provides automated Python code analysis using the Model Context Protocol (MCP). It integrates RUFF for linting and VULTURE for dead code detection, making it suitable for AI assistants, IDEs, and automated review workflows.
Security Assessment
Overall risk: Low. The tool is designed strictly for static code analysis and does not access sensitive user data, environment variables, or filesystem areas outside the project scope. It leverages well-known, trusted external libraries (RUFF and VULTURE) rather than executing raw shell commands. A lightweight scan of 12 files found no dangerous patterns, no hardcoded secrets, and no requests for dangerous permissions. While it does make standard network requests to fetch its dependencies via PyPI or Docker, it does not exhibit any suspicious outbound traffic behaviors.
Quality Assessment
The project demonstrates strong software engineering practices despite its relatively small community footprint of only 7 GitHub stars. It is under highly active development, with the most recent push occurring just today. The repository is well-documented and includes a robust CI/CD pipeline, code coverage tracking via Codecov, and convenient one-click installation options for VS Code. Furthermore, it is properly licensed under the permissive MIT license, allowing for widespread commercial and personal use.
Verdict
Safe to use — this is a well-structured, actively maintained, and secure static analysis tool, though users should keep in mind its low community visibility.
This server provides automated Python code analysis using the Model Context Protocol (MCP). It integrates RUFF for linting and VULTURE for dead code detection, making it suitable for AI assistants, IDEs, and automated review workflows.
Security Assessment
Overall risk: Low. The tool is designed strictly for static code analysis and does not access sensitive user data, environment variables, or filesystem areas outside the project scope. It leverages well-known, trusted external libraries (RUFF and VULTURE) rather than executing raw shell commands. A lightweight scan of 12 files found no dangerous patterns, no hardcoded secrets, and no requests for dangerous permissions. While it does make standard network requests to fetch its dependencies via PyPI or Docker, it does not exhibit any suspicious outbound traffic behaviors.
Quality Assessment
The project demonstrates strong software engineering practices despite its relatively small community footprint of only 7 GitHub stars. It is under highly active development, with the most recent push occurring just today. The repository is well-documented and includes a robust CI/CD pipeline, code coverage tracking via Codecov, and convenient one-click installation options for VS Code. Furthermore, it is properly licensed under the permissive MIT license, allowing for widespread commercial and personal use.
Verdict
Safe to use — this is a well-structured, actively maintained, and secure static analysis tool, though users should keep in mind its low community visibility.
MCP server for Python code analysis with RUFF linting and VULTURE dead code detection
README.md
MCP Server Analyzer for Python 🐍🔍
A powerful Model Context Protocol (MCP) server that provides comprehensive Python code analysis using RUFF for linting and VULTURE for dead code detection. Perfect for AI assistants, IDEs, and automated code review workflows.
🚀 Quick Start
VS Code Integration (One-Click Install)
For quick installation, use one of the one-click install buttons below...
For manual installation, add the following JSON block to your User Settings (JSON) file in VS Code. You can do this by pressing Ctrl + Shift + P and typing Preferences: Open User Settings (JSON).
Optionally, you can add it to a file called .vscode/mcp.json in your workspace. This will allow you to share the configuration with others.
Note that the
mcpkey is needed when using themcp.jsonfile.
Using uvx (recommended):
{
"mcp": {
"servers": {
"analyzer": {
"command": "uvx",
"args": ["mcp-server-analyzer"]
}
}
}
}
Using Docker:
{
"mcp": {
"servers": {
"analyzer": {
"command": "docker",
"args": ["run", "-i", "--rm", "ghcr.io/anselmoo/mcp-server-analyzer"]
}
}
}
}
Universal Installation
# Install with uvx (recommended)
uvx install mcp-server-analyzer
# Install with pip
pip install mcp-server-analyzer
# Run with Docker
docker run ghcr.io/anselmoo/mcp-server-analyzer:latest
# Install from source
git clone https://github.com/anselmoo/mcp-server-analyzer.git
cd mcp-server-analyzer
uv sync --dev
uv run mcp-server-analyzer
📋 Features
- 🔍 RUFF Analysis: Comprehensive Python linting with auto-fixes
- 🧹 Dead Code Detection: Find unused imports, functions, and variables with VULTURE
- 📊 Quality Scoring: Combined analysis with quality metrics
- 🚀 FastMCP Framework: High-performance MCP server implementation
- 🐳 Docker Ready: Multi-architecture containers with security signing
- 🔒 Secure: All releases signed with Sigstore for supply chain security
📈 Analysis Examples
RUFF Linting Preview
See comprehensive linting analysis examples: 📋 RUFF Analysis Preview
VULTURE Dead Code Detection Preview
Explore dead code detection capabilities: 🧹 VULTURE Analysis Preview
🛠️ Available Tools
| Tool | Description | Use Case |
|---|---|---|
ruff-check |
Lint Python code with RUFF | Style violations, potential errors |
ruff-format |
Format Python code with RUFF | Code formatting and consistency |
ruff-check-ci |
CI/CD optimized RUFF output | GitHub Actions, GitLab CI |
vulture-scan |
Dead code detection | Unused imports, functions, variables |
analyze-code |
Combined RUFF + VULTURE analysis | Complete code quality assessment |
🔧 Configuration
Claude Desktop
Add to your claude_desktop_config.json:
{
"mcpServers": {
"analyzer": {
"command": "uvx",
"args": ["mcp-server-analyzer"]
}
}
}
Zed
Add to your Zed settings.json:
"context_servers": {
"analyzer": {
"command": "uvx",
"args": ["mcp-server-analyzer"]
}
}
🧪 Development
Prerequisites
Setup
# Clone repository
git clone https://github.com/anselmoo/mcp-server-analyzer.git
cd mcp-server-analyzer
# Install dependencies
uv sync --dev
# Run tests
uv run pytest
# Run pre-commit hooks
uv tool run pre-commit run --all-files
# Build Docker image
docker build -t mcp-server-analyzer .
Testing
# Run all tests
uv run pytest tests/ -v
# Run with coverage
uv run pytest --cov=src/mcp_server_analyzer --cov-report=html
# Test specific functionality
uv run pytest tests/test_server.py::TestAnalyzer::test_ruff_analysis
📊 Quality Metrics
The server provides quality scoring based on:
- RUFF Issues: Style violations, potential bugs, complexity metrics
- Dead Code Detection: Unused imports, functions, variables
- Combined Score: Weighted quality assessment (0-100)
🔒 Security
- Signed Releases: All releases signed with Sigstore
- Container Signing: Docker images signed with Cosign
- Trusted Publishing: PyPI releases use GitHub OIDC trusted publishing
- Vulnerability Scanning: Automated security scanning in CI/CD
- Supply Chain Security: SLSA Build Level 3 compliance
📚 Documentation
- MCP Specification - Learn about Model Context Protocol
- FastMCP Framework - High-performance MCP implementation
- RUFF Documentation - Python linter and formatter
- VULTURE Documentation - Dead code finder
🤝 Contributing
Contributions are welcome! Please see our Contributing Guide for details.
- Fork the repository
- Create a feature branch (
git checkout -b feature/amazing-feature) - Commit your changes (
git commit -m 'Add amazing feature') - Push to the branch (
git push origin feature/amazing-feature) - Open a Pull Request
📝 License
This project is licensed under the MIT License - see the LICENSE file for details.
🙏 Acknowledgments
- Astral for RUFF and uv
- Jendrik Seipp for VULTURE
- Model Context Protocol team
- FastMCP framework
Made with ❤️ for better Python code quality
Reviews (0)
Sign in to leave a review.
Leave a reviewNo results found