by Lekssays
🦡 codebadger is a containerized Model Context Protocol (MCP) server that gives AI agents and LLMs deep, queryable access to a codebase's structure and data flow through Joern Code Property Graphs (CPGs).
# Add to your Claude Code skills
git clone https://github.com/Lekssays/codebadgerLast scanned: 5/30/2026
{
"issues": [],
"status": "PASSED",
"scannedAt": "2026-05-30T16:37:08.971Z",
"npmAuditRan": true,
"pipAuditRan": false
}codebadger is an open-source ai agents skill for AI coding assistants such as Claude Code, Codex CLI, and ChatGPT, built by Lekssays. 🦡 codebadger is a containerized Model Context Protocol (MCP) server that gives AI agents and LLMs deep, queryable access to a codebase's structure and data flow through Joern Code Property Graphs (CPGs). It has 126 GitHub stars.
Yes. codebadger passed SkillsLLM's automated security scan — a dependency vulnerability audit plus prompt-injection heuristics — with no high-severity issues. You can read the full report in the Security Report section on this page.
Clone the repository with "git clone https://github.com/Lekssays/codebadger" and add it to your Claude Code skills directory (see the Installation section above).
codebadger is primarily written in Python. It is open-source under Lekssays on GitHub, so you can review or fork the full source.
Yes. SkillsLLM lists many other AI Agents skills you can browse and compare side by side. Open the AI Agents category from the badge at the top of this page, or use the Related Skills and comparison links further down to weigh codebadger against similar tools.
No comments yet. Be the first to share your thoughts!
codebadger is a containerized Model Context Protocol (MCP) server that gives AI agents and LLMs deep, queryable access to a codebase's structure and data flow through Joern Code Property Graphs (CPGs).
Point it at a Git repository, a local path, or even a pasted code snippet, and codebadger builds a CPG and exposes it over MCP — so an assistant can run CPGQL queries, trace data flow and taint, slice programs, and hunt for vulnerabilities across Java, C/C++, JavaScript, Python, Go, Kotlin, C#, Ghidra, Jimple, PHP, Ruby, and Swift.
It's a general-purpose foundation for both program analysis (understanding code structure, call graphs, and data flow) and vulnerability analysis (taint tracking, bug hunting, and PoC development) — useful for academic research as well as industry security and engineering work. It's built to scale to large analysis batches with per-CPG worker pools, memory-aware scheduling, and a Postgres/Redis backend.
codebadger and its paper - Bridging Code Property Graphs and Language Models for Program Analysis - were accepted at the Software Vulnerability Management Workshop @ ICSE 2026. 🎉
Everything a developer or security researcher needs lives in docs/:
| Doc | What's in it |
|---|---|
| Installation | Prerequisites and a 5-minute local setup. |
| Usage | Connecting MCP clients, the tool catalog, and a researcher workflow. |
| Available Tools | Every MCP tool by category, with a description of what each does. |
| Configuration | config.yaml / env reference, telemetry. |
| Deployment | Postgres/Redis, memory sizing, shared vs pool, large batches. |
| Architecture | System design and diagrams. |
| Security | Threat model, trust boundaries, and production hardening. |
| Custom Tools | Add your own detectors. |
| Contributing | Dev setup, tests, and guidelines. |
| Roadmap | What's shipped and what's next. |
We'd love to hear about it - open a PR adding it to TROPHIES.md (CVE ID, project, one-line description, date).
@inproceedings{lekssays2026bridging,
title={Bridging Code Property Graphs and Language Models for Program Analysis},
author={Lekssays, Ahmed},
booktitle={Proceedings of the 2026 IEEE/ACM 4th International Workshop on Software Vulnerability Management},
pages={33--40},
year={2026}
}