by freshtechbro
Vibe-Coder-MCP server extends AI assistants with specialized software development tools.
Requires a passing catalog security scan. Resolve the flagged issues and resubmit to enable featuring.
# Add to your Claude Code skills
git clone https://github.com/freshtechbro/Vibe-Coder-MCPGuides for using ai agents skills like Vibe-Coder-MCP.
Last scanned: 7/11/2026
{
"issues": [
{
"type": "npm-audit",
"message": "@modelcontextprotocol/sdk: Anthropic's MCP TypeScript SDK has a ReDoS vulnerability",
"severity": "high"
},
{
"type": "npm-audit",
"message": "@protobufjs/utf8: protobufjs has overlong UTF-8 decoding",
"severity": "medium"
},
{
"type": "npm-audit",
"message": "@vitest/coverage-v8: Vulnerability found",
"severity": "critical"
},
{
"type": "npm-audit",
"message": "@vitest/ui: Vulnerability found",
"severity": "critical"
},
{
"type": "npm-audit",
"message": "@xenova/transformers: Vulnerability found",
"severity": "high"
},
{
"type": "npm-audit",
"message": "ajv: ajv has ReDoS when using `$data` option",
"severity": "medium"
},
{
"type": "npm-audit",
"message": "axios: Axios is vulnerable to DoS attack through lack of data size check",
"severity": "high"
},
{
"type": "npm-audit",
"message": "body-parser: body-parser is vulnerable to denial of service when url encoding is used",
"severity": "medium"
},
{
"type": "npm-audit",
"message": "brace-expansion: brace-expansion: Zero-step sequence causes process hang and memory exhaustion",
"severity": "medium"
},
{
"type": "npm-audit",
"message": "express: Vulnerability found",
"severity": "high"
},
{
"type": "npm-audit",
"message": "fast-uri: fast-uri vulnerable to path traversal via percent-encoded dot segments",
"severity": "high"
},
{
"type": "npm-audit",
"message": "flatted: flatted vulnerable to unbounded recursion DoS in parse() revive phase",
"severity": "high"
},
{
"type": "npm-audit",
"message": "follow-redirects: follow-redirects leaks Custom Authentication Headers to Cross-Domain Redirect Targets",
"severity": "medium"
},
{
"type": "npm-audit",
"message": "form-data: form-data: CRLF injection in form-data via unescaped multipart field names and filenames",
"severity": "high"
},
{
"type": "npm-audit",
"message": "glob: glob CLI: Command injection via -c/--cmd executes matches with shell:true",
"severity": "high"
},
{
"type": "npm-audit",
"message": "js-yaml: js-yaml has prototype pollution in merge (<<)",
"severity": "medium"
},
{
"type": "npm-audit",
"message": "minimatch: minimatch has a ReDoS via repeated wildcards with non-matching literal in pattern",
"severity": "high"
},
{
"type": "npm-audit",
"message": "onnx-proto: Vulnerability found",
"severity": "high"
},
{
"type": "npm-audit",
"message": "onnxruntime-web: Vulnerability found",
"severity": "high"
},
{
"type": "npm-audit",
"message": "path-to-regexp: path-to-regexp vulnerable to Regular Expression Denial of Service via multiple route parameters",
"severity": "high"
},
{
"type": "npm-audit",
"message": "picomatch: Picomatch: Method Injection in POSIX Character Classes causes incorrect Glob Matching",
"severity": "high"
},
{
"type": "npm-audit",
"message": "postcss: PostCSS has XSS via Unescaped </style> in its CSS Stringify Output",
"severity": "medium"
},
{
"type": "npm-audit",
"message": "protobufjs: Arbitrary code execution in protobufjs",
"severity": "critical"
},
{
"type": "npm-audit",
"message": "qs: qs's arrayLimit bypass in comma parsing allows denial of service",
"severity": "medium"
},
{
"type": "npm-audit",
"message": "rollup: Rollup 4 has Arbitrary File Write via Path Traversal",
"severity": "high"
},
{
"type": "npm-audit",
"message": "simple-git: simple-git Affected by Command Execution via Option-Parsing Bypass",
"severity": "critical"
},
{
"type": "npm-audit",
"message": "tar-fs: tar-fs has a symlink validation bypass if destination directory is predictable with a specific tarball",
"severity": "high"
},
{
"type": "npm-audit",
"message": "uuid: uuid: Missing buffer bounds check in v3/v5/v6 when buf is provided",
"severity": "medium"
},
{
"type": "npm-audit",
"message": "vite: Vite middleware may serve files starting with the same name with the public directory",
"severity": "high"
},
{
"type": "npm-audit",
"message": "vitest: Vulnerability found",
"severity": "critical"
},
{
"type": "npm-audit",
"message": "ws: ws: Uninitialized memory disclosure",
"severity": "high"
},
{
"type": "npm-audit",
"message": "yaml: yaml is vulnerable to Stack Overflow via deeply nested YAML collections",
"severity": "medium"
}
],
"status": "FAILED",
"scannedAt": "2026-07-11T06:12:35.646Z",
"npmAuditRan": true,
"pipAuditRan": true,
"promptInjectionRan": true
}Vibe Coder is an MCP (Model Context Protocol) server designed to supercharge your AI assistant (like Cursor, Cline AI, or Claude Desktop) with powerful tools for software development. It helps with research, planning, generating requirements, creating starter projects, and more!
Major Improvements:
any types, all explicit typing, production-grade code qualityUser Experience Enhancements:
src/config-templates/vibe command for all operations# Install globally (recommended)
npm install -g vibe-coder-mcp@latest
# Run setup wizard on first use
vibe --setup
# Or use instantly with npx (no installation)
npx vibe-coder-mcp@latest --setup
The setup wizard will:
# Recommended: Install globally for the 'vibe' command
npm install -g vibe-coder-mcp@latest
# Or run instantly without installation
npx vibe-coder-mcp@latest
Global Installation (Recommended)
npm install -g vibe-coder-mcp@latest
# Use the 'vibe' command anywhere
vibe # Start MCP server
vibe "create a PRD for a todo app" # CLI mode
vibe --interactive # Interactive REPL mode
vibe --setup # Setup wizard
Quick Run with npx
# No installation needed
npx vibe-coder-mcp@latest
npx vibe-coder-mcp@latest "research React best practices"
Local Project Installation
npm install vibe-coder-mcp
npx vibe-coder-mcp "map the codebase structure"
# MCP Server Mode (for Claude Desktop, Cursor, etc.)
vibe # Start with stdio transport
vibe --sse # Start with Server-Sent Events
# CLI Mode - Natural Language Commands
vibe "research modern JavaScript frameworks"
vibe "create a PRD for an e-commerce platform"
vibe "map the codebase structure" --json
vibe "generate user stories for auth system"
# Interactive REPL Mode
vibe --interactive # Chat interface with context retention
# Configuration
vibe --setup # Run setup wizard
vibe --help # Show all options
vibe --version # Show version
Interactive Mode Features:
Vibe-Coder MCP integrates seamlessly with any MCP-compatible client. Here's how to configure it:
In your MCP client's server configuration dialog:
vibe-coder-mcpnpxvibe-coder-mcpOPENROUTER_API_KEY: Your OpenRouter API key (required)VIBE_PROJECT_ROOT: /path/to/your/project (required)LOG_LEVEL: info (optional)NODE_ENV: production (optional)# First install globally
npm install -g vibe-coder-mcp
Then configure:
vibenode/path/to/node_modules/vibe-coder-mcp/build/index.jsFor Claude Desktop users, add this to your claude_desktop_config.json:
{
"mcpServers": {
"vibe-coder-mcp": {
"command": "npx",
"args": ["vibe-coder-mcp"],
"env": {
"OPENROUTER_API_KEY": "your-openrouter-api-key",
"VIBE_PROJECT_ROOT": "/path/to/your/project",
"LOG_LEVEL": "info",
"NODE_ENV": "production"
}
}
}
}
See example_claude_desktop_config.json for a complete example.
Once configured, your MCP client will have access to:
After configuration, test by asking your AI assistant:
# Automatic project detection - just run from your project!
cd /path/to/your/project
vibe "map the codebase structure"
{
"env": {
"OPENROUTER_API_KEY": "your_key_here",
"VIBE_PROJECT_ROOT": "/path/to/your/project"
}
}
VIBE_PROJECT_ROOT replaces multiple directory configsRequired: You need an OpenRouter API key to use Vibe Coder MCP.
Option 1: Using Setup Wizard (Recommended for v0.2.3+)
# Run the interactive setup wizard
vibe --setup
# The wizard will:
# • Configure your OpenRouter API key
# • Set up project directories
# • Create configuration files
# • Validate your setup
Option 2: Environment Variables
# Set your OpenRouter API key
export OPENROUTER_API_KEY="your_api_key_here"
# Optional: Set custom directories
export VIBE_CODER_OUTPUT_DIR="/path/to/output/directory"
export VIBE_PROJECT_ROOT="/path/to/your/project"
# Legacy variables (still supported for backward compatibility)
export CODE_MAP_ALLOWED_DIR="/path/to/your/source/code"
export VIBE_TASK_MANAGER_READ_DIR="/path/to/your/project"
Option 3: Create .env file (templates provided in v0.2.3+)
Create a .env file in your working directory (or copy from src/config-templates/.env.template):
# Required: Your OpenRouter API key
OPENROUTER_API_KEY="your_api_key_here"
Vibe-Coder-MCP is an open-source ai agents skill for AI coding assistants such as Claude Code, Codex CLI, and ChatGPT, built by freshtechbro. Vibe-Coder-MCP server extends AI assistants with specialized software development tools. It has 100 GitHub stars.
Vibe-Coder-MCP failed SkillsLLM's automated security scan, which flagged one or more high-severity issues. Review the Security Report section carefully before using it.
Clone the repository with "git clone https://github.com/freshtechbro/Vibe-Coder-MCP" and add it to your Claude Code skills directory (see the Installation section above).
Vibe-Coder-MCP is primarily written in TypeScript. It is open-source under freshtechbro on GitHub, so you can review or fork the full source.
Yes. SkillsLLM lists many other AI Agents skills you can browse and compare side by side. Open the AI Agents category from the badge at the top of this page, or use the Related Skills and comparison links further down to weigh Vibe-Coder-MCP against similar tools.
No comments yet. Be the first to share your thoughts!