ArmorIQ Sentry - MCP Security Scanner
Professional security scanner for MCP (Model Context Protocol) servers and AI agent code
ArmorIQ Sentry brings enterprise-grade security analysis directly into your code editor, helping developers identify and fix vulnerabilities in MCP servers, AI agents, and related code before deployment.
Supported Editors
✅ Visual Studio Code (v1.85.0+) - Full support
✅ Cursor - Full support with AI-optimized workflow
✅ VSCodium - Full support (open-source VS Code)
✅ GitHub Codespaces - Cloud development ready
✅ Gitpod - Works in browser and desktop
✅ VS Code Insiders - Latest features enabled
✅ Code-OSS - Community builds supported
✅ Theia IDE - Eclipse-based editor compatible
Works in any editor compatible with VS Code Extension API v1.85.0+
Features
Secure Authentication
- Google OAuth: Sign in securely with your Google account
- Tiered Access: FREE tier (3 scans/day) and DEVELOPER tier (unlimited)
- Account Management: View usage, upgrade options, and scan history
Comprehensive Scanning
- File-Level Analysis: Scan individual Python, JavaScript, TypeScript files
- Workspace Scanning: Analyze entire project for security issues
- MCP Endpoint Testing: Validate live MCP server endpoints
- Auto-Scan: Optional automatic scanning on file save
Vulnerability Detection
- Hardcoded secrets and API keys
- Insecure configurations
- MCP protocol violations
- SAFE-MCP compliance issues
- Permission and access control problems
SAFE-MCP Compliance
- Real-time compliance scoring
- Framework-based security assessment
- Best practice recommendations
- Risk categorization (HIGH, MEDIUM, LOW)
Developer Experience
- Click-to-Highlight: Jump to vulnerable code instantly
- Inline Recommendations: See fix suggestions right in your code
- Problems Panel: Integrated with VS Code diagnostics
- Context Menus: Right-click to scan files
- Activity Bar: Dedicated panels for quick access
Installation
For VS Code
From VS Code Marketplace:
- Open VS Code
- Go to Extensions (Ctrl+Shift+X / Cmd+Shift+X)
- Search for "ArmorIQ Sentry"
- Click Install
Or via command line:
code --install-extension armoriq-io.armoriq-sentry
For Cursor, VSCodium, & Other Editors
From Open VSX Registry:
- Open your editor (Cursor, VSCodium, etc.)
- Go to Extensions (Ctrl+Shift+X / Cmd+Shift+X)
- Search for "ArmorIQ Sentry"
- Click Install
Or via command line:
# Cursor
cursor --install-extension armoriq-io.armoriq-sentry
# VSCodium
codium --install-extension armoriq-io.armoriq-sentry
Note: If you don't see the extension in Cursor/VSCodium, it means it needs to be published to Open VSX Registry. See PUBLISH_TO_CURSOR.md for instructions.
From VSIX File (Manual Installation)
# For VS Code
code --install-extension armoriq-sentry-0.4.15.vsix
# For Cursor
cursor --install-extension armoriq-sentry-0.4.15.vsix
# For VSCodium
codium --install-extension armoriq-sentry-0.4.15.vsix
GitHub Codespaces
- Extension automatically syncs if installed locally
- Or install from Extensions panel in Codespaces
Gitpod
Add to .gitpod.yml:
vscode:
extensions:
- armoriq-io.armoriq-sentry
Getting Started
Install the Extension
- Find it in VS Code Marketplace or install from VSIX
Sign In
- Open the HOME panel in Activity Bar
- Click "Sign in with Google"
- Authorize ArmorIQ Sentry
Start Scanning
- Right-click any file → "Scan File with ArmorIQ Sentry"
- Or use Command Palette (Ctrl+Shift+P) → "ArmorIQ Sentry: Scan Workspace"
View Results
- See findings in ANALYSIS panel
- Click findings to jump to code
- Apply recommended fixes
Usage
Available Commands
| Command |
Description |
Shortcut |
Login with Google |
Authenticate with Google OAuth |
- |
Scan Current File |
Analyze active file for vulnerabilities |
- |
Scan Workspace |
Scan all files in workspace |
- |
Scan MCP Server Endpoint |
Test live MCP server URL |
- |
Show Account Info |
View tier and usage |
- |
Scanning Methods
- Right-click on any file in Explorer
- Select "Scan File with ArmorIQ Sentry"
2. Command Palette
- Press
Ctrl+Shift+P (Windows/Linux) or Cmd+Shift+P (Mac)
- Type "ArmorIQ Sentry" and select a command
3. Activity Bar Panels
- Click ArmorIQ icon in Activity Bar
- Use HOME panel buttons for quick actions
Configuration
Access settings via File → Preferences → Settings → Extensions → ArmorIQ Sentry
{
// API endpoint (default: production)
"armoriq-sentry.apiUrl": "https://sentry-api.armoriq.io",
// Enable real-time scanning features
"armoriq-sentry.enableAutoScan": true,
// Automatically scan files on save
"armoriq-sentry.autoScanOnSave": false,
// Minimum severity to show (low, medium, high)
"armoriq-sentry.minimumSeverity": "low",
// File patterns for MCP config detection
"armoriq-sentry.mcpConfigPatterns": [
"**/mcp.json",
"**/claude_desktop_config.json"
]
}
Supported Languages & Files
- Python (
.py) - MCP servers, AI agents
- JavaScript (
.js) - Node.js MCP implementations
- TypeScript (
.ts) - Type-safe MCP servers
- JSON - MCP configuration files
- MCP Configs -
mcp.json, claude_desktop_config.json
Tier Comparison
| Feature |
FREE |
DEVELOPER |
| Scans per day |
3 |
Unlimited |
| File scanning |
✅ |
✅ |
| Workspace scanning |
✅ |
✅ |
| MCP endpoint testing |
✅ |
✅ |
| SAFE-MCP scoring |
✅ |
✅ |
| Problems panel |
✅ |
✅ |
| Priority support |
❌ |
✅ |
Requirements
- Any VS Code-compatible editor: Version 1.85.0 or higher
- VS Code, Cursor, VSCodium, Gitpod, Codespaces, etc.
- Internet Connection: Required for cloud-based scanning and authentication
- Account: Google account for authentication
Troubleshooting
Authentication Issues
- Ensure you're allowing popups for OAuth flow
- Try logging out and logging back in
- Check internet connection
Scan Limit Reached (FREE Tier)
- Wait 24 hours for limit reset
- Upgrade to DEVELOPER tier for unlimited scans
- Check your usage in Account panel
No Findings Shown
- Ensure file type is supported (Python, JS, TS, JSON)
- Check minimum severity setting
- Verify authentication status
Support & Resources
Privacy & Security
- OAuth tokens stored securely in VS Code Secrets API
- Code analysis performed on ArmorIQ cloud (encrypted in transit)
- No code is stored permanently
- Findings are associated with your account
- Full data deletion available upon request
License
Copyright © 2025 ArmorIQ. All rights reserved.
Acknowledgments
Built for the MCP (Model Context Protocol) community to enhance security in AI agent development.
Made with care by ArmorIQ
