Three interfaces, one engine

Scan from anywhere

VibeScan is API-first. Connect it to Claude, ChatGPT, or call the REST API directly. Same engine, same results, every platform.

Claude (MCP Server)

Recommended

VibeScan connects to Claude via the Model Context Protocol. Claude calls VibeScan tools directly — no copy-pasting JSON, no browser extensions.

Setup (2 minutes): Add this to your Claude Desktop MCP config:

{
  "mcpServers": {
    "vibescan": {
      "type": "http",
      "url": "http://localhost:3002/mcp",
      "headers": {
        "Authorization": "Bearer vsk_YOUR_API_KEY"
      }
    }
  }
}

8 tools available: scan_code, scan_repo, get_scan_results, get_finding, list_findings, get_usage_info, create_upload_slot, scan_uploaded_artifact.

Just ask Claude: "Scan this code for security issues" — it calls VibeScan, reads the findings, and explains everything.

ChatGPT (Custom GPT)

Create a Custom GPT with VibeScan as an Action. ChatGPT calls the VibeScan API via OpenAPI spec.

Setup:

  1. Go to GPT Editor → Create new GPT
  2. In Actions, import OpenAPI spec from http://localhost:3001/docs/openapi.yaml
  3. Set auth to API Key (Bearer), paste your vsk_ key
  4. Set privacy policy URL to your /security page
  5. Add instructions: "When the user shares code, call createScan. Explain each finding with severity, what's wrong, and a fix."

REST API

For scripts, CI pipelines, or building your own integration. Bearer token auth, JSON in/out.

curl -X POST http://localhost:3001/api/v1/scans \
  -H "Authorization: Bearer vsk_YOUR_KEY" \
  -H "Content-Type: application/json" \
  -d '{"code": "eval(userInput);"}'

Full API reference in the documentation.

GitHub App (Private Repos)

Install the VibeScan GitHub App to scan private repositories. The app requests read-only access to repository contents. Installation tokens are encrypted at rest and never logged.

Manage your GitHub connection at /app/integrations after signing in.