---
title: Security Mcp Tools
emoji: 🛡️
colorFrom: gray
colorTo: pink
sdk: gradio
sdk_version: 5.33.1
app_file: app.py
pinned: false
license: mit
tags:
- mcp-server-track
- bandit
- security-scanner
- code-analysis
- modal
short_description: on-demand security analysis for Python code
---

## Bandit Security Scanner (via Modal MCP)

This Gradio application provides an interface to scan Python code for common security vulnerabilities using **Bandit**. The analysis is performed by a Bandit tool running on a [Modal Labs](https://modal.com) Multi-Compute-Platform (MCP) server.

### How to Use

1.  **Input Parameters**:
    *   The input field expects a JSON object.
    *   This JSON object **must** contain a key named `"code"` whose value is the Python code string you want to analyze.
    *   An example is pre-filled for convenience:
        ```json
        {
          "code": "import subprocess\n\n# Example of a potential security risk with subprocess\nsubprocess.call(\"ls -l\", shell=True)"
        }
        ```

2.  **Submit**: Click the "Submit" button.

3.  **Output**:
    *   The application will send the code to the Bandit tool on the Modal MCP server.
    *   The results of the Bandit analysis will be displayed as a JSON object in the output field. This JSON will typically include:
        *   `tool`: "bandit"
        *   `issues`: A list of security issues found, with details like issue text, severity, confidence, line number, and test ID.
        *   `files_analyzed`: Number of files analyzed (usually 1 for the provided code snippet).
        *   Any errors encountered during the process or stderr output from Bandit.

### Configuration

For this application to function correctly, the `MODAL_MCP_ENDPOINT` environment variable must be set. This variable should point to your deployed Modal function that handles MCP tool execution (e.g., the `/execute_tool` endpoint).

*   Create a `.env` file in the `mcp_deploy` directory (or the root of your Space if deploying to Hugging Face Spaces and it's not automatically picked up from this directory).
*   Add the following line to the `.env` file, replacing the placeholder with your actual Modal endpoint URL:
    ```
    MODAL_MCP_ENDPOINT="https://your-username--mcp-server-app-execute-tool.modal.run"
    ```

If the `MODAL_MCP_ENDPOINT` is not set or is incorrect, the application will display an error message upon submission.

### Note
This application is specifically configured to use the "bandit" tool on the MCP server.

### Future works
Add more security tools and expose them through this mcp server.