MCP Tool Reference Low Risk

security_check

Scan code for security vulnerabilities

Part of the Semgrep MCP server. Enforce policies on this tool with Intercept, the open-source MCP proxy.

semgrep/mcp Other

WHEN AI AGENTS USE THIS TOOL

AI agents call security_check to perform operations in Semgrep. While the risk category is not fully classified, applying a rate limit gives you visibility into how often the tool is called and prevents unexpected bursts of activity from autonomous agents.

WHY ENFORCE A POLICY ON SECURITY_CHECK

Applying a policy to security_check gives you an audit trail of every call an AI agent makes. Even for low-risk tools, visibility into agent behaviour helps you debug issues, optimise workflows, and maintain compliance with your organisation's security requirements.

RECOMMENDED POLICY

Apply a rate limit to control usage and monitor for unexpected behaviour.

semgrep.yaml 
tools:
  security_check:
    rules:
      - action: allow
        rate_limit:
          max: 60
          window: 60

See the full Semgrep policy for all 8 tools.

DETAILS

Tool Name

security_check

Category

Other

MCP Server

Semgrep MCP Server

Risk Level

Low

MORE SEMGREP TOOLS

semgrep_findings Other
Fetch findings from the Semgrep AppSec Platform API
semgrep_rule_schema Other
Fetch the latest Semgrep rule JSON Schema
semgrep_scan Other
Scan code files with a given config string
semgrep_scan_with_custom_rule Other
Scan code files using a custom Semgrep rule
supported_languages Other
Return the list of languages Semgrep supports
get_abstract_syntax_tree Read
Output the Abstract Syntax Tree of code
write_custom_semgrep_rule Write
Provide guidance for creating Semgrep rules

SIMILAR OTHER TOOLS ON OTHER SERVERS

analytics Algolia
Access Algolia analytics data
monitoring Algolia
Monitor Algolia service status
recommend Algolia
Access Algolia recommendation features
abtesting Algolia
Manage A/B tests
collections Algolia
Manage query suggestions collections
usage Algolia
Access Algolia usage data

RELATED READING

FREQUENTLY ASKED QUESTIONS

What does the security_check tool do?

Scan code for security vulnerabilities. It is categorised as a Other tool in the Semgrep MCP Server, which means it performs auxiliary operations.

How do I enforce a policy on security_check?

Add a rule in your Intercept YAML policy under the tools section for security_check. You can allow, deny, rate-limit, or validate arguments. Then run Intercept as a proxy in front of the Semgrep MCP server.

What risk level is security_check?

security_check is a Other tool with low risk. Read-only tools are generally safe to allow by default.

Can I rate-limit security_check?

Yes. Add a rate_limit block to the security_check rule in your Intercept policy. For example, setting max: 10 and window: 60 limits the tool to 10 calls per minute. Rate limits are tracked per agent session and reset automatically.

How do I block security_check completely?

Set action: deny in the Intercept policy for security_check. The AI agent will receive a policy violation error and cannot call the tool. You can also include a reason field to explain why the tool is blocked.

What MCP server provides security_check?

security_check is provided by the Semgrep MCP server (semgrep/mcp). Intercept sits as a proxy in front of this server to enforce policies before tool calls reach the server.

ENFORCE POLICIES ON SEMGREP

Open source. One binary. Zero dependencies.

VIEW ON GITHUB Full Semgrep policy →