Security in Your
AI Editor
Vibe code without getting hacked. Real-time vulnerability scanning inside Cursor, Claude, Windsurf, and Cline.
Winfunc MCP connects your AI code editor directly to our security engine via the Model Context Protocol. Scan snippets, verify changes, and audit entire codebases — without leaving your flow.
Winfunc MCP scanning a codebase in real-time inside an AI editor
Three Tools, Complete Coverage
Winfunc MCP exposes three security primitives to your AI assistant. Each runs inline — no browser tabs, no dashboards, no friction.
Snippet Scanner
Paste or highlight code and get instant vulnerability analysis with severity, explanation, and fix suggestions.
winfunc_mcp.scan_snippet( code="def login(user, pw): ...", language="python" )
Codebase Scanner
Walk every file in your project and surface security issues with precise line numbers and context.
winfunc_mcp.scan_codebase(
file_path="app/models/user.py",
file_content=open("app/models/user.py").read()
)Change Verifier
Before you commit, verify that your latest edits don't introduce new vulnerabilities compared to the original.
winfunc_mcp.verify( original_code="# before", code_snippet="# after", language="python" )
Setup in 60 Seconds
Add this to your editor's MCP config, replace the API key, and you're scanning. Works with pipx, uvx, or Docker.
- 1Sign up at app.winfunc.com and grab your API key
- 2Add the config snippet to your editor's MCP settings
- 3Start coding — Winfunc scans automatically
{
"mcpServers": {
"winfunc-mcp": {
"command": "pipx",
"args": [
"run", "winfunc-mcp-server",
"--api-url", "https://api.winfunc.com",
"--transport", "stdio",
"--key", "YOUR_API_KEY"
]
}
}
}