VibeShift

Name: VibeShift
Rating: 2.3 (67 reviews)
Author: GroundNG

by GroundNG·★ 67·Score 45

VibeShift is an MCP server that provides automated security scanning and testing for AI-generated code.

securitydeveloper-toolsai-llm

Forks

Open issues

6 mo ago

Last commit

2d ago

Indexed

Overview

VibeShift integrates seamlessly with AI coding assistants like Cursor, GitHub Copilot, and Claude Code to provide automated security analysis. It uses static analysis tools like Semgrep to identify vulnerabilities in AI-generated code and facilitates AI-driven remediation. The server also supports automated test recording and execution using Playwright, creating a security feedback loop that helps developers catch and fix security issues before they enter the codebase. VibeShift represents a shift-left security approach for AI-assisted coding environments.

Try asking AI

After installing, here are 5 things you can ask your AI assistant:

you:Automatically scanning AI-generated code for security vulnerabilities before committing

you:Recording automated UI tests from natural language descriptions

you:Executing regression tests to catch issues after code changes

you:Which AI coding assistants does VibeShift support?

you:What security tools does VibeShift use?

When to choose this

Choose VibeShift when you need automated security scanning integrated directly into your AI coding workflow, especially for teams using static analysis tools like Semgrep or requiring automated UI testing with Playwright.

When NOT to choose this

Avoid VibeShift if you're looking for a comprehensive enterprise-grade security solution, as it's focused primarily on AI-generated code rather than full codebase analysis, or if you require advanced DAST capabilities beyond its basic implementation.

Tools this server exposes

5 tools extracted from the README

get_security_scan
Perform security analysis on code using static analysis tools like Semgrep.
record_test_flow
Record a Playwright-based test script from natural language descriptions.
run_regression_test
Execute a recorded JSON test file using Playwright.
discover_test_flows
Crawl websites and suggest test steps using LLM analysis.
list_recorded_tests
List available recorded test JSON files in the output directory.

Comparable tools

semgrepowasp-zapnucleibrowser-useplaywright

Installation

Clone the repository: git clone https://github.com/GroundNG/VibeShift
Create and activate a virtual environment: python -m venv venv && source venv/bin/activate
Install dependencies: pip install -r requirements.txt
Install Playwright browsers: patchright install --with-deps
Rename .env.example to .env and add your LLM API key

MCP Configuration

Add this to your MCP config:

{
  "mcpServers": {
    "VibeShift":{
      "command": "uv",
      "args": ["--directory","path/to/cloned_repo", "run", "mcp_server.py"]
    }
  }
}

FAQ

Which AI coding assistants does VibeShift support?: VibeShift supports Cursor, Windsurf, GitHub Copilot, and Roo Code through MCP integration.
What security tools does VibeShift use?: It uses Semgrep for static analysis (SAST) and can integrate Nuclei or ZAP for dynamic analysis (DAST).

On Hacker News

Recent discussion from the developer community.

Show HN: VibeShift MCP – Getting secure working code from AI▲ 2
Story by Ilikepizza2 · 2025-05-19

Compare VibeShift with

VibeShift vs ultimate_mcp_server VibeShift vs mcp-server-chart VibeShift vs everything VibeShift vs filesystem VibeShift vs time

GitHub →

Last updated 2026-05-17 · Auto-generated from public README + GitHub signals.