Security validation for AI coding assistants. You don't need to understand the code to secure it.

Navigation

Verified details

These details have been verified by PyPI
Project links
GitHub Statistics
Maintainers
Avatar for deepsweep-ai from gravatar.com deepsweep-ai

Unverified details

These details have not been verified by PyPI
Project links
Meta
  • License: MIT License (MIT)
  • Author: DeepSweep
  • Maintainer: DeepSweep
  • Tags ai , claude , copilot , cursor , linting , mcp , security , validation , vibe-coding , windsurf
  • Requires: Python >=3.10
  • Provides-Extra: dev , docs
Classifiers
Report project as malware

Project description

DeepSweep

Security validation for AI coding assistants

PyPI version Python 3.8+ License: MIT

DeepSweep validates your AI assistant configurations (Cursor, Windsurf, GitHub Copilot, Claude Code) for security vulnerabilities before they can cause harm.

Quick Start

pip install deepsweep-ai
deepsweep validate

DeepSweep automatically finds and validates:

  • .cursorrules / .windsurfrules / AGENTS.md
  • MCP configurations (mcp.json, claude_desktop_config.json)
  • 46 security patterns including prompt injection, MCP attacks, and data exfiltration

What's New in v0.2.0

  • MCP Security Validation - 7 new patterns for Model Context Protocol configs
  • deepsweep mcp list - Discover all MCP configurations on your system
  • deepsweep mcp validate - Dedicated MCP security scanning
  • deepsweep init - Create secure starter templates
  • deepsweep doctor - Check installation health
  • deepsweep badge - Generate repository security badges

Example Output

DEEPSWEEP Security Report ────────────────────────────────────────────────────── Score: ████████████████████████░░░░░░ 80/100 Grade: B Found 2 issue(s): [HIGH] DS-MCP-001: Unverified MCP server: @random/untrusted

Use @modelcontextprotocol/* servers or verify source [MEDIUM] DS-MCP-003: Unpinned MCP server version Pin version: @server@1.2.3 ────────────────────────────────────────────────────── Run with --fix to see remediation suggestions

Security Patterns

Rules File Patterns (39)

ID Severity Description
DS-PI-001 Critical Prompt injection attempt
DS-PI-002 Critical System prompt extraction
DS-DATA-001 High Sensitive data exposure
DS-EXEC-001 Critical Arbitrary code execution

See full list at https://deepsweep.ai/patterns

MCP Patterns (7)

ID Severity Description
DS-MCP-001 High Unverified MCP server source
DS-MCP-002 Critical Dangerous command arguments
DS-MCP-003 Medium Unpinned server version
DS-MCP-004 High Using @latest tag
DS-MCP-005 High Auto-approve enabled
DS-MCP-006 Critical Shell command execution
DS-MCP-007 Critical Network exfiltration risk

Commands

deepsweep validate [PATH]

deepsweep validate                    # Current directory
deepsweep validate /path/to/project   # Specific path
deepsweep validate --include-mcp      # Include MCP validation
deepsweep validate --fix              # Show fix suggestions
deepsweep validate --format json      # JSON output for CI/CD

deepsweep mcp list

deepsweep mcp list

deepsweep mcp validate

deepsweep mcp validate
deepsweep mcp validate --fix
deepsweep mcp validate --format json

deepsweep init

deepsweep init                    # Create .cursorrules
deepsweep init --type python      # Project type
deepsweep init --include-mcp      # Include MCP template
deepsweep init --force            # Overwrite existing

deepsweep doctor

deepsweep doctor

deepsweep badge

deepsweep badge
deepsweep badge --format markdown
deepsweep badge --format html

Security Badges

Add a DeepSweep badge to your README:

[![DeepSweep Validated](https://img.shields.io/badge/DeepSweep-A%20100%2F100-brightgreen)](https://deepsweep.ai)

Generate yours:

deepsweep validate && deepsweep badge

CI/CD Integration

GitHub Actions

name: AI Security Check
on: [push, pull_request]

jobs:
  deepsweep:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
      - uses: actions/setup-python@v5
        with:
          python-version: '3.11'
      - run: pip install deepsweep-ai
      - run: deepsweep validate --include-mcp --format json

Pre-commit Hook

repos:
  - repo: local
    hooks:
      - id: deepsweep
        name: DeepSweep Security Check
        entry: deepsweep validate
        language: system
        pass_filenames: false

Privacy

  • Your code never leaves your machine - Only pattern IDs and scores transmitted
  • Anonymous by default - No personal information collected
  • Opt-out anytime - Set DO_NOT_TRACK=1
  • Offline mode - Set DEEPSWEEP_OFFLINE=1

Learn more: https://deepsweep.ai/privacy

Contributing

See CONTRIBUTING.md for guidelines.

License

MIT License - see LICENSE for details.

Made by DeepSweep | https://deepsweep.ai

Project details

Verified details

These details have been verified by PyPI
Project links
GitHub Statistics
Maintainers
Avatar for deepsweep-ai from gravatar.com deepsweep-ai

Unverified details

These details have not been verified by PyPI
Project links
Meta
  • License: MIT License (MIT)
  • Author: DeepSweep
  • Maintainer: DeepSweep
  • Tags ai , claude , copilot , cursor , linting , mcp , security , validation , vibe-coding , windsurf
  • Requires: Python >=3.10
  • Provides-Extra: dev , docs
Classifiers

Release history Release notifications | RSS feed

1.0.2

This version

1.0.1

1.0.0

0.2.1

0.2.0

0.1.7

0.1.5

0.1.1

0.1.0

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

deepsweep_ai-1.0.1.tar.gz (76.8 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

deepsweep_ai-1.0.1-py3-none-any.whl (64.0 kB view details)

Uploaded Python 3

File details

Details for the file deepsweep_ai-1.0.1.tar.gz.

File metadata

  • Download URL: deepsweep_ai-1.0.1.tar.gz
  • Upload date:
  • Size: 76.8 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.7

File hashes

Hashes for deepsweep_ai-1.0.1.tar.gz
Algorithm Hash digest
SHA256 795e71cecff8ba8371db7fc1818ab9732659a8aa0b445e2a2fd6ecd871af5e06
MD5 25d8ee9d0a344284c4b7eebf72291768
BLAKE2b-256 a33d808e19ed273a2495c5f43b6d5b755af17bdced7bbc4a32c89d6eab5e2831

See more details on using hashes here.

Provenance

The following attestation bundles were made for deepsweep_ai-1.0.1.tar.gz:

Publisher: publish.yml on deepsweep-ai/deepsweep

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file deepsweep_ai-1.0.1-py3-none-any.whl.

File metadata

  • Download URL: deepsweep_ai-1.0.1-py3-none-any.whl
  • Upload date:
  • Size: 64.0 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.7

File hashes

Hashes for deepsweep_ai-1.0.1-py3-none-any.whl
Algorithm Hash digest
SHA256 04561b14750b60926468c5002774498ef6f0acfff4a2b745b490048f21095eda
MD5 82d873103834691852605ac7379c6b82
BLAKE2b-256 19c91c88e2e7ff2d5070575858f4b6190b96bfd859e3b7409ee317d3cab670b4

See more details on using hashes here.

Provenance

The following attestation bundles were made for deepsweep_ai-1.0.1-py3-none-any.whl:

Publisher: publish.yml on deepsweep-ai/deepsweep

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page