Run a Vibe Check inside Cursor & Claude Code.
Add the Opzyai MCP and your AI coding agent can scan your live app for leaked API keys, exposed config and missing security headers — and get paste-ready fixes — without leaving the editor.
One line to connect it
It’s a remote server — point your MCP client at the hosted endpoint. Nothing to install or run locally.
Claude Code
claude mcp add --transport http opzyai https://www.opzyai.com/api/mcpCursor (~/.cursor/mcp.json)
{
"mcpServers": {
"opzyai": {
"url": "https://www.opzyai.com/api/mcp"
}
}
}Any MCP client works — point it at https://www.opzyai.com/api/mcp over Streamable HTTP.
From “scan my app” to fixes, in the chat
Add the MCP
One command in Claude Code, or a few lines in your Cursor config. No account, no API key.
Ask your agent
“Scan my app at https://myapp.com for security issues.” Your agent calls the scan_url tool.
Fix and re-scan
It returns a Launch Readiness score and ranked findings with paste-ready fixes. Apply them, then scan again to confirm.
scan_url
Give it a live URL. It returns a 0–100 Launch Readiness score, the findings ranked by real impact, a paste-ready fix for each, and a shareable report link.
- Leaked API keys in the client bundle
- Exposed .env, source maps and .git
- Missing security headers & weak CORS
Launch Readiness: 94/100 — looking solid.
Findings (5), most severe first:
[LOW] Missing security header: Content-Security-Policy
Where: https://yourapp.com/
Why: No Content-Security-Policy header was set.
Fix: Set a CSP to mitigate XSS (start report-only, then enforce).
...
Full report: https://www.opzyai.com/scan/<id>
No editor handy? Scan in your browser.
Paste a URL and get the same Launch Readiness score and fixes — no install required.