io.github.Copenhagen0x/solana-security-mcpdev-tools

Solana Security Standard

Verified · yesterday

Scan Solana/Anchor code against the Solana Security Standard and serve the ruleset to MCP clients.

Install

claude mcp add solana-security-mcp -- npx -y @jelleo/[email protected]

Our take

The repo is the SOL-0XX 'Solana Security Standard' — 52 pattern-based rules for Solana/Anchor bug classes the author says are distilled from real exploit post-mortems — and the MCP server is its mcp/ subfolder (the @jelleo/solana-security-mcp npm package points there), serving the ruleset and a scan tool to any client; the same rules also ship as a zero-dependency CLI, Semgrep port, GitHub Action, Open VSX editor extension, and Claude Code plugin, with checksummed and SSH-signed releases. Caveats: the whole project is about six weeks old (created late May 2026), written by a single pseudonymous auditor, and the rules are regex/pattern matching — a lint layer that will miss logic bugs, not an audit substitute — while the '$514M of exploits' and bounty-win framing are the author's own claims. Actively maintained (v1.12.0, 604 weekly npm downloads). For Solana/Anchor teams wanting a cheap security gate in editors and CI.

reviewed by hand · 2026-07-05

Something wrong or dead here? Report it

Verification record

last verified
yesterday
github stars
35
last commit
4 days ago
archived
no
license
MIT
downloads / wk
604
latest version
1.5.1
in registry since
2026-06-30

github.com/Copenhagen0x/solana-security-standard