Security validation for AI coding assistants. You don't need to understand the code to secure it.

Navigation

Verified details

These details have been verified by PyPI
Project links
GitHub Statistics
Maintainers
Avatar for deepsweep-ai from gravatar.com deepsweep-ai

Unverified details

These details have not been verified by PyPI
Project links
Meta
  • License: MIT License (MIT)
  • Author: DeepSweep
  • Maintainer: DeepSweep
  • Tags ai , claude , copilot , cursor , linting , mcp , security , validation , vibe-coding , windsurf
  • Requires: Python >=3.10
  • Provides-Extra: dev , docs
Classifiers
Report project as malware

Project description

DeepSweep

Security validation for AI coding assistants

PyPI version Python 3.8+ License: MIT

DeepSweep validates your AI assistant configurations (Cursor, Windsurf, GitHub Copilot, Claude Code) for security vulnerabilities before they can cause harm.

Quick Start

pip install deepsweep-ai
deepsweep validate

DeepSweep automatically finds and validates:

  • .cursorrules / .windsurfrules / AGENTS.md
  • MCP configurations (mcp.json, claude_desktop_config.json)
  • 46 security patterns including prompt injection, MCP attacks, and data exfiltration

What's New in v0.2.0

  • MCP Security Validation - 7 new patterns for Model Context Protocol configs
  • deepsweep mcp list - Discover all MCP configurations on your system
  • deepsweep mcp validate - Dedicated MCP security scanning
  • deepsweep init - Create secure starter templates
  • deepsweep doctor - Check installation health
  • deepsweep badge - Generate repository security badges

Example Output

DEEPSWEEP Security Report ────────────────────────────────────────────────────── Score: ████████████████████████░░░░░░ 80/100 Grade: B Found 2 issue(s): [HIGH] DS-MCP-001: Unverified MCP server: @random/untrusted

Use @modelcontextprotocol/* servers or verify source [MEDIUM] DS-MCP-003: Unpinned MCP server version Pin version: @server@1.2.3 ────────────────────────────────────────────────────── Run with --fix to see remediation suggestions

Security Patterns

Rules File Patterns (39)

ID Severity Description
DS-PI-001 Critical Prompt injection attempt
DS-PI-002 Critical System prompt extraction
DS-DATA-001 High Sensitive data exposure
DS-EXEC-001 Critical Arbitrary code execution

See full list at https://deepsweep.ai/patterns

MCP Patterns (7)

ID Severity Description
DS-MCP-001 High Unverified MCP server source
DS-MCP-002 Critical Dangerous command arguments
DS-MCP-003 Medium Unpinned server version
DS-MCP-004 High Using @latest tag
DS-MCP-005 High Auto-approve enabled
DS-MCP-006 Critical Shell command execution
DS-MCP-007 Critical Network exfiltration risk

Commands

deepsweep validate [PATH]

deepsweep validate                    # Current directory
deepsweep validate /path/to/project   # Specific path
deepsweep validate --include-mcp      # Include MCP validation
deepsweep validate --fix              # Show fix suggestions
deepsweep validate --format json      # JSON output for CI/CD

deepsweep mcp list

deepsweep mcp list

deepsweep mcp validate

deepsweep mcp validate
deepsweep mcp validate --fix
deepsweep mcp validate --format json

deepsweep init

deepsweep init                    # Create .cursorrules
deepsweep init --type python      # Project type
deepsweep init --include-mcp      # Include MCP template
deepsweep init --force            # Overwrite existing

deepsweep doctor

deepsweep doctor

deepsweep badge

deepsweep badge
deepsweep badge --format markdown
deepsweep badge --format html

Security Badges

Add a DeepSweep badge to your README:

[![DeepSweep Validated](https://img.shields.io/badge/DeepSweep-A%20100%2F100-brightgreen)](https://deepsweep.ai)

Generate yours:

deepsweep validate && deepsweep badge

CI/CD Integration

GitHub Actions

name: AI Security Check
on: [push, pull_request]

jobs:
  deepsweep:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
      - uses: actions/setup-python@v5
        with:
          python-version: '3.11'
      - run: pip install deepsweep-ai
      - run: deepsweep validate --include-mcp --format json

Pre-commit Hook

repos:
  - repo: local
    hooks:
      - id: deepsweep
        name: DeepSweep Security Check
        entry: deepsweep validate
        language: system
        pass_filenames: false

Privacy

  • Your code never leaves your machine - Only pattern IDs and scores transmitted
  • Anonymous by default - No personal information collected
  • Opt-out anytime - Set DO_NOT_TRACK=1
  • Offline mode - Set DEEPSWEEP_OFFLINE=1

Learn more: https://deepsweep.ai/privacy

Contributing

See CONTRIBUTING.md for guidelines.

License

MIT License - see LICENSE for details.

Made by DeepSweep | https://deepsweep.ai

Project details

Verified details

These details have been verified by PyPI
Project links
GitHub Statistics
Maintainers
Avatar for deepsweep-ai from gravatar.com deepsweep-ai

Unverified details

These details have not been verified by PyPI
Project links
Meta
  • License: MIT License (MIT)
  • Author: DeepSweep
  • Maintainer: DeepSweep
  • Tags ai , claude , copilot , cursor , linting , mcp , security , validation , vibe-coding , windsurf
  • Requires: Python >=3.10
  • Provides-Extra: dev , docs
Classifiers

Release history Release notifications | RSS feed

This version

1.0.2

1.0.1

1.0.0

0.2.1

0.2.0

0.1.7

0.1.5

0.1.1

0.1.0

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

deepsweep_ai-1.0.2.tar.gz (79.8 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

deepsweep_ai-1.0.2-py3-none-any.whl (65.6 kB view details)

Uploaded Python 3

File details

Details for the file deepsweep_ai-1.0.2.tar.gz.

File metadata

  • Download URL: deepsweep_ai-1.0.2.tar.gz
  • Upload date:
  • Size: 79.8 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.7

File hashes

Hashes for deepsweep_ai-1.0.2.tar.gz
Algorithm Hash digest
SHA256 ebb71d7268a21774674da8b27378ee59d4967f1605d049513e3efb5debb1b481
MD5 d8b85f62257112c5be952850fceccdc2
BLAKE2b-256 a32313bf6ccef431627a17e7be4319cc8d8bd20493105b5847a6e1d90e737fe5

See more details on using hashes here.

Provenance

The following attestation bundles were made for deepsweep_ai-1.0.2.tar.gz:

Publisher: publish.yml on deepsweep-ai/deepsweep

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file deepsweep_ai-1.0.2-py3-none-any.whl.

File metadata

  • Download URL: deepsweep_ai-1.0.2-py3-none-any.whl
  • Upload date:
  • Size: 65.6 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.7

File hashes

Hashes for deepsweep_ai-1.0.2-py3-none-any.whl
Algorithm Hash digest
SHA256 4ca7328776941f114880c1b9fb51c8a67c063d9919954240fe6666fafe14e32a
MD5 d1f72aa9fef2a6542d17c8ab5461a536
BLAKE2b-256 03f287b517be63177d7890932f11be1f4de26cf211c47722fa746d6255663940

See more details on using hashes here.

Provenance

The following attestation bundles were made for deepsweep_ai-1.0.2-py3-none-any.whl:

Publisher: publish.yml on deepsweep-ai/deepsweep

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page