frontpage.

I built Code Scalpel as an MCP server for code analysis. It parses Python, JavaScript, TypeScript, and Java - builds control flow graphs and catches security bugs using taint analysis and symbolic execution.

Security detection: - 16+ vulnerability types (SQL/NoSQL/LDAP injection, XSS, command injection, SSRF, CSRF, SSTI, prototype pollution, weak crypto, etc.) - Taint tracking across files - <10% false positive rate - Z3 symbolic execution for path analysis

The MCP part exposes 23 tools that let AI agents analyze code: - security_scan, cross_file_security_scan - symbolic_execute (Z3-based path exploration) - generate_unit_tests (test gen from symbolic paths) - simulate_refactor (behavior preservation check) - code_policy_check (compliance verification)

CLI works standalone too. No-install usage: uvx codescalpel mcp

Or: pip install codescalpel

Testing was important - 7,297 test cases with 94.86% coverage.

What I'm curious about: - Is <10% false positive rate good enough for AppSec teams? - What other security checks would help? - Interest in expanding to Go/Rust/C++?

Target users: Individual developers (cost reduction story), security engineers (OWASP Top 10 evaluation), team leads (ROI analytics), enterprise architects (SOC2/ISO compliance).

Repo: https://github.com/3D-Tech-Solutions/code-scalpel

MIT licensed, actively maintained. Feedback welcome!

Ask HN: Options for single-button media remote control for smartphones?

Beagle: CRDT-based AST-level version control (doc)

Hard Calculator

Exact Universal Bounds on Quantum Dynamics and Fast Scrambling(2024)

Show HN: Axon – Run autonomous coding agents(Claude, Codex) safely on Kubernetes

Show HN: UltraPlot 2.0 – semantic legends, better layouts, faster imports

From automated farm tractors to exam paper grading, AI boosts efficiency

Show HN: Sports-skills.sh – sports data connectors for AI agents

The first signs of burnout are coming from the people who embrace AI the most

Baby food sold in 49 states recalled over possible health risk

Show HN: Ocrbase.dev – pdf→.md/.json OCR for developers

Show HN: AsdPrompt – Vimium-style keyboard navigation for AI chat responses

Omacon 2026 – The vibes around Linux are changing

Aqueous chemi-mechanical recycling for blending and purifying mixed polyolefins

Simplify IT: The art and science towards simpler IT solutions(2025)[pdf]

Ask HN: Why do so many people dislike the Opera browser?

Show HN: Sniptail – Turn Slack into a team interface for AI coding agents

How to teach Claude to write better code

Urgent recall for trendy supplement over contamination with deadly bacteria

Show HN: Data Processing Recipes for Edge Computing and AI Agents

We need to act with urgency to address the growing AI divide

How Personal AI Agents and Agent Orchestrators Like OpenClaw or GasTown Are Made

Notes on Clarifying Man Pages

Tesla avoids 30-day California sales suspension

Show HN: NarrateNow – Add AI audio to any blog post with a single script tag

Minimalist Design for Space Camera Flight Software

Turbocharging PostgreSQL Listen/Notify with 40x Boost

Thinking Improves Thinking

Show HN: PatchworkMCP – Agents report what's missing from your MCP server

How did we end up threatening our kids' lives with AI?

Show HN: Code Scalpel – AST analyzer and security scanner (MCP server)