Security validation for AI coding assistants. You don't need to understand the code to secure it.

Navigation

Verified details

These details have been verified by PyPI
Project links
GitHub Statistics
Maintainers
Avatar for deepsweep-ai from gravatar.com deepsweep-ai

Unverified details

These details have not been verified by PyPI
Project links
Meta
  • License: MIT License (MIT)
  • Author: DeepSweep
  • Maintainer: DeepSweep
  • Tags ai , claude , copilot , cursor , linting , mcp , security , validation , vibe-coding , windsurf
  • Requires: Python >=3.10
  • Provides-Extra: dev , docs
Classifiers
Report project as malware

Project description

DeepSweep

Security validation for AI coding assistants

PyPI version Python 3.8+ License: MIT

DeepSweep validates your AI assistant configurations (Cursor, Windsurf, GitHub Copilot, Claude Code) for security vulnerabilities before they can cause harm.

Quick Start

pip install deepsweep-ai
deepsweep validate

DeepSweep automatically finds and validates:

  • .cursorrules / .windsurfrules / AGENTS.md
  • MCP configurations (mcp.json, claude_desktop_config.json)
  • 46 security patterns including prompt injection, MCP attacks, and data exfiltration

What's New in v0.2.0

  • MCP Security Validation - 7 new patterns for Model Context Protocol configs
  • deepsweep mcp list - Discover all MCP configurations on your system
  • deepsweep mcp validate - Dedicated MCP security scanning
  • deepsweep init - Create secure starter templates
  • deepsweep doctor - Check installation health
  • deepsweep badge - Generate repository security badges

Example Output

DEEPSWEEP Security Report ────────────────────────────────────────────────────── Score: ████████████████████████░░░░░░ 80/100 Grade: B Found 2 issue(s): [HIGH] DS-MCP-001: Unverified MCP server: @random/untrusted

Use @modelcontextprotocol/* servers or verify source [MEDIUM] DS-MCP-003: Unpinned MCP server version Pin version: @server@1.2.3 ────────────────────────────────────────────────────── Run with --fix to see remediation suggestions

Security Patterns

Rules File Patterns (39)

ID Severity Description
DS-PI-001 Critical Prompt injection attempt
DS-PI-002 Critical System prompt extraction
DS-DATA-001 High Sensitive data exposure
DS-EXEC-001 Critical Arbitrary code execution

See full list at https://deepsweep.ai/patterns

MCP Patterns (7)

ID Severity Description
DS-MCP-001 High Unverified MCP server source
DS-MCP-002 Critical Dangerous command arguments
DS-MCP-003 Medium Unpinned server version
DS-MCP-004 High Using @latest tag
DS-MCP-005 High Auto-approve enabled
DS-MCP-006 Critical Shell command execution
DS-MCP-007 Critical Network exfiltration risk

Commands

deepsweep validate [PATH]

deepsweep validate                    # Current directory
deepsweep validate /path/to/project   # Specific path
deepsweep validate --include-mcp      # Include MCP validation
deepsweep validate --fix              # Show fix suggestions
deepsweep validate --format json      # JSON output for CI/CD

deepsweep mcp list

deepsweep mcp list

deepsweep mcp validate

deepsweep mcp validate
deepsweep mcp validate --fix
deepsweep mcp validate --format json

deepsweep init

deepsweep init                    # Create .cursorrules
deepsweep init --type python      # Project type
deepsweep init --include-mcp      # Include MCP template
deepsweep init --force            # Overwrite existing

deepsweep doctor

deepsweep doctor

deepsweep badge

deepsweep badge
deepsweep badge --format markdown
deepsweep badge --format html

Security Badges

Add a DeepSweep badge to your README:

[![DeepSweep Validated](https://img.shields.io/badge/DeepSweep-A%20100%2F100-brightgreen)](https://deepsweep.ai)

Generate yours:

deepsweep validate && deepsweep badge

CI/CD Integration

GitHub Actions

name: AI Security Check
on: [push, pull_request]

jobs:
  deepsweep:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
      - uses: actions/setup-python@v5
        with:
          python-version: '3.11'
      - run: pip install deepsweep-ai
      - run: deepsweep validate --include-mcp --format json

Pre-commit Hook

repos:
  - repo: local
    hooks:
      - id: deepsweep
        name: DeepSweep Security Check
        entry: deepsweep validate
        language: system
        pass_filenames: false

Privacy

  • Your code never leaves your machine - Only pattern IDs and scores transmitted
  • Anonymous by default - No personal information collected
  • Opt-out anytime - Set DO_NOT_TRACK=1
  • Offline mode - Set DEEPSWEEP_OFFLINE=1

Learn more: https://deepsweep.ai/privacy

Contributing

See CONTRIBUTING.md for guidelines.

License

MIT License - see LICENSE for details.

Made by DeepSweep | https://deepsweep.ai

Project details

Verified details

These details have been verified by PyPI
Project links
GitHub Statistics
Maintainers
Avatar for deepsweep-ai from gravatar.com deepsweep-ai

Unverified details

These details have not been verified by PyPI
Project links
Meta
  • License: MIT License (MIT)
  • Author: DeepSweep
  • Maintainer: DeepSweep
  • Tags ai , claude , copilot , cursor , linting , mcp , security , validation , vibe-coding , windsurf
  • Requires: Python >=3.10
  • Provides-Extra: dev , docs
Classifiers

Release history Release notifications | RSS feed

1.0.2

1.0.1

This version

1.0.0

0.2.1

0.2.0

0.1.7

0.1.5

0.1.1

0.1.0

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

deepsweep_ai-1.0.0.tar.gz (69.2 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

deepsweep_ai-1.0.0-py3-none-any.whl (59.5 kB view details)

Uploaded Python 3

File details

Details for the file deepsweep_ai-1.0.0.tar.gz.

File metadata

  • Download URL: deepsweep_ai-1.0.0.tar.gz
  • Upload date:
  • Size: 69.2 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.7

File hashes

Hashes for deepsweep_ai-1.0.0.tar.gz
Algorithm Hash digest
SHA256 c5cbd01306f1b019548cff219ce39e660d0036a1af4c159ee5bf08dfe67b1415
MD5 ac6dc4b9beab189501b3ee67661d1e41
BLAKE2b-256 56e14cbb21bfc40a01910c22a3417083faecd027099cf1b766a7d3bfd31d53a3

See more details on using hashes here.

Provenance

The following attestation bundles were made for deepsweep_ai-1.0.0.tar.gz:

Publisher: publish.yml on deepsweep-ai/deepsweep

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file deepsweep_ai-1.0.0-py3-none-any.whl.

File metadata

  • Download URL: deepsweep_ai-1.0.0-py3-none-any.whl
  • Upload date:
  • Size: 59.5 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.7

File hashes

Hashes for deepsweep_ai-1.0.0-py3-none-any.whl
Algorithm Hash digest
SHA256 5f8e1fd8339a07089eb2558ffde93fb65dd61fe39ae3f6e9c0d41538b359e74d
MD5 4ad5fde2e49029dc655ad10713652398
BLAKE2b-256 c369b22117265a976133ed5a566a26d5667a6fcd37c3a20dc9cfbe86147b295f

See more details on using hashes here.

Provenance

The following attestation bundles were made for deepsweep_ai-1.0.0-py3-none-any.whl:

Publisher: publish.yml on deepsweep-ai/deepsweep

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page