ArmorIQ Sentry - MCP Security Scanner
Professional security scanner for MCP (Model Context Protocol) servers and AI agent code
ArmorIQ Sentry brings enterprise-grade security analysis directly into your VS Code editor, helping developers identify and fix vulnerabilities in MCP servers, AI agents, and related code before deployment.
Features
Secure Authentication
- Google OAuth: Sign in securely with your Google account
- Tiered Access: FREE tier (3 scans/day) and DEVELOPER tier (unlimited)
- Account Management: View usage, upgrade options, and scan history
Comprehensive Scanning
- File-Level Analysis: Scan individual Python, JavaScript, TypeScript files
- Workspace Scanning: Analyze entire project for security issues
- MCP Endpoint Testing: Validate live MCP server endpoints
- Auto-Scan: Optional automatic scanning on file save
Vulnerability Detection
- Hardcoded secrets and API keys
- Insecure configurations
- MCP protocol violations
- SAFE-MCP compliance issues
- Permission and access control problems
SAFE-MCP Compliance
- Real-time compliance scoring
- Framework-based security assessment
- Best practice recommendations
- Risk categorization (HIGH, MEDIUM, LOW)
Developer Experience
- Click-to-Highlight: Jump to vulnerable code instantly
- Inline Recommendations: See fix suggestions right in your code
- Problems Panel: Integrated with VS Code diagnostics
- Context Menus: Right-click to scan files
- Activity Bar: Dedicated panels for quick access
Installation
From VS Code Marketplace
- Open VS Code
- Go to Extensions (Ctrl+Shift+X / Cmd+Shift+X)
- Search for "ArmorIQ Sentry"
- Click Install
From VSIX File
code --install-extension armoriq-sentry-0.1.0.vsix
Getting Started
Install the Extension
- Find it in VS Code Marketplace or install from VSIX
Sign In
- Open the HOME panel in Activity Bar
- Click "Sign in with Google"
- Authorize ArmorIQ Sentry
Start Scanning
- Right-click any file → "Scan File with ArmorIQ Sentry"
- Or use Command Palette (Ctrl+Shift+P) → "ArmorIQ Sentry: Scan Workspace"
View Results
- See findings in ANALYSIS panel
- Click findings to jump to code
- Apply recommended fixes
Usage
Available Commands
| Command |
Description |
Shortcut |
Login with Google |
Authenticate with Google OAuth |
- |
Scan Current File |
Analyze active file for vulnerabilities |
- |
Scan Workspace |
Scan all files in workspace |
- |
Scan MCP Server Endpoint |
Test live MCP server URL |
- |
View Scan History |
See past scan results |
- |
Show Account Info |
View tier, usage, limits |
- |
Open Dashboard |
Launch ArmorIQ web dashboard |
- |
Scanning Methods
- Right-click on any file in Explorer
- Select "Scan File with ArmorIQ Sentry"
2. Command Palette
- Press
Ctrl+Shift+P (Windows/Linux) or Cmd+Shift+P (Mac)
- Type "ArmorIQ Sentry" and select a command
3. Activity Bar Panels
- Click ArmorIQ icon in Activity Bar
- Use HOME panel buttons for quick actions
Configuration
Access settings via File → Preferences → Settings → Extensions → ArmorIQ Sentry
{
// API endpoint (default: production)
"armoriq-sentry.apiUrl": "https://sentry-api.armoriq.io",
// Enable real-time scanning features
"armoriq-sentry.enableAutoScan": true,
// Automatically scan files on save
"armoriq-sentry.autoScanOnSave": false,
// Minimum severity to show (low, medium, high)
"armoriq-sentry.minimumSeverity": "low",
// File patterns for MCP config detection
"armoriq-sentry.mcpConfigPatterns": [
"**/mcp.json",
"**/claude_desktop_config.json"
]
}
Supported Languages & Files
- Python (
.py) - MCP servers, AI agents
- JavaScript (
.js) - Node.js MCP implementations
- TypeScript (
.ts) - Type-safe MCP servers
- JSON - MCP configuration files
- MCP Configs -
mcp.json, claude_desktop_config.json
Tier Comparison
| Feature |
FREE |
DEVELOPER |
| Scans per day |
3 |
Unlimited |
| File scanning |
✅ |
✅ |
| Workspace scanning |
✅ |
✅ |
| MCP endpoint testing |
✅ |
✅ |
| SAFE-MCP scoring |
✅ |
✅ |
| Problems panel |
✅ |
✅ |
| Scan history |
✅ |
✅ |
| Priority support |
❌ |
✅ |
Requirements
- VS Code: Version 1.85.0 or higher
- Internet Connection: Required for cloud-based scanning
- Account: Google account for authentication
Troubleshooting
Authentication Issues
- Ensure you're allowing popups for OAuth flow
- Try logging out and logging back in
- Check internet connection
Scan Limit Reached (FREE Tier)
- Wait 24 hours for limit reset
- Upgrade to DEVELOPER tier for unlimited scans
- Check your usage in Account panel
No Findings Shown
- Ensure file type is supported (Python, JS, TS, JSON)
- Check minimum severity setting
- Verify authentication status
Support & Resources
Privacy & Security
- OAuth tokens stored securely in VS Code Secrets API
- Code analysis performed on ArmorIQ cloud (encrypted in transit)
- No code is stored permanently
- Findings are associated with your account
- Full data deletion available upon request
License
Copyright © 2025 ArmorIQ. All rights reserved.
Acknowledgments
Built for the MCP (Model Context Protocol) community to enhance security in AI agent development.
Made with care by ArmorIQ
