Skip to content
ai-supply.store
探すカテゴリランキングコミュニティAgent APIFAQ
サインイン無料登録
catalog / Coding / Serena
◇MCP serverCodingFree

Serena

Semantic, symbol-level code retrieval, editing, and refactoring tools that turn your agent into an IDE.

@ai-supply
インストール数523
↗ ソースリポジトリ
← More CodingCoding leaderboard →How we grade security →Source ↗

Serena

Serena is a powerful open-source MCP toolkit that turns an AI coding agent into something closer to an IDE, providing semantic code retrieval, editing, refactoring, and debugging tools.

Rather than operating on raw line numbers or text search, Serena works at the symbol level using language servers, giving the agent robust high-level abstractions and relational understanding of the codebase. It integrates with any MCP-compatible client/LLM and is designed to make agents faster and more reliable in large, complex projects.

It is intended for developers who want their coding agent to navigate and modify real codebases with IDE-grade precision.

Rating rank
#1
of 22 in Coding
Install rank
#21
of 22 in Coding
Security score
58/100 · D
review
Security rank
#10
of 22 in Coding
Installs
523
cat avg 190k
This listing vs category average
Installs
this
cat avg
Security (of 100)
this
cat avg
Adoption trend
See the Coding leaderboard →
! Security: Review · 5858/100 · grade Dscanned 2h ago

Only compromise signals — malicious or tampered code (leaked secrets, backdoors, path traversal, a dropped executable) — reduce the score. Dangerous-by-capability traits (shell, network, injection strings, pickle) are shown as risk surface: expected for some capabilities — a security tool ships offensive code on purpose — so they do not sink the grade.

Compromise signals
Embedded credentialshighoraios-serena-6171c48/src/solidlsp/lsp_protocol_handler/lsp_types.py
found: hardcoded credential
What this capability can do · med confidence (static)
⚑ filesystem⚑ shell⚑ network⚑ secrets
egress → plugins.jetbrains.com, plugins.jetbrains.com.*?, oraios-software.de, docs.anthropic.com, oraios.github.io, {cls.host}, {self._server_address}, peps.python.org +32
Risk surface (41)
Path traversal sequencesmediumoraios-serena-6171c48/.devcontainer/devcontainer.json
'../' present in content or name
External endpoints declaredloworaios-serena-6171c48/.github/ISSUE_TEMPLATE/issue--bug--performance-problem--question-.md
2 distinct host(s)
External endpoints declaredloworaios-serena-6171c48/.github/workflows/create-release.yml
1 distinct host(s)
Suspicious code patternshighoraios-serena-6171c48/.github/workflows/pytest.yml
pipe-to-shell install
Suspicious network referencesloworaios-serena-6171c48/.github/workflows/pytest.yml
suspicious TLD (25 URLs)
Broad capability surfaceloworaios-serena-6171c48/.github/workflows/pytest.yml
3 high-impact capability categories referenced — verify least-privilege
External endpoints declaredloworaios-serena-6171c48/.github/workflows/pytest.yml
4 distinct host(s)
External endpoints declaredloworaios-serena-6171c48/.serena/project.yml
3 distinct host(s)
Suspicious code patternshighoraios-serena-6171c48/Dockerfile
destructive rm -rf /; pipe-to-shell install
Broad capability surfaceloworaios-serena-6171c48/README.md
4 high-impact capability categories referenced — verify least-privilege
External endpoints declaredloworaios-serena-6171c48/README.md
7 distinct host(s)
External endpoints declaredloworaios-serena-6171c48/docs/01-about/020_programming-languages.md
5 distinct host(s)
Suspicious network referencesloworaios-serena-6171c48/docs/02-usage/030_clients.md
suspicious TLD (16 URLs)
External endpoints declaredloworaios-serena-6171c48/docs/02-usage/030_clients.md
10 distinct host(s)
Egress to an anonymous-paste / tunnel / OOB endpointhighoraios-serena-6171c48/docs/03-special-guides/serena_on_chatgpt.md
serena-agent-tunnel.trycloudflare.com
External endpoints declaredloworaios-serena-6171c48/docs/_config.yml
8 distinct host(s)
Suspicious code patternsmediumoraios-serena-6171c48/docs/create_toc.py
OS command execution
Prompt-injection phrasinghighoraios-serena-6171c48/news/20260427.html
instruction-subversion language detected
Very high entropymediumoraios-serena-6171c48/resources/serena-block-diagram.afdesign
7.96 bits/byte suggests packed or encrypted content
Suspicious network referencesmediumoraios-serena-6171c48/src/serena/dashboard.py
raw IP URL (7 URLs)
Potentially unbounded loopmediumoraios-serena-6171c48/src/serena/dashboard.py
an infinite loop (while True / while(1) / for(;;)) may cause runaway consumption
Suspicious code patternsmediumoraios-serena-6171c48/src/serena/hooks.py
pickle deserialization
Suspicious code patternsmediumoraios-serena-6171c48/src/serena/resources/config/prompt_templates/info_prompts.yml
dynamic code execution
Possible obfuscationmediumoraios-serena-6171c48/src/serena/resources/dashboard/jquery.min.js
very long lines
Suspicious code patternsmediumoraios-serena-6171c48/src/serena/util/yaml.py
unsafe yaml.load
Suspicious network referencesloworaios-serena-6171c48/src/solidlsp/language_servers/clangd_language_server.py
suspicious TLD (7 URLs)
Suspicious network referencesloworaios-serena-6171c48/src/solidlsp/language_servers/dart_language_server.py
suspicious TLD (5 URLs)
Suspicious network referencesloworaios-serena-6171c48/src/solidlsp/language_servers/eclipse_jdtls.py
suspicious TLD (14 URLs)
External endpoints declaredloworaios-serena-6171c48/src/solidlsp/language_servers/eclipse_jdtls.py
6 distinct host(s)
Suspicious network referencesloworaios-serena-6171c48/src/solidlsp/language_servers/kotlin_language_server.py
suspicious TLD (1 URLs)
Suspicious code patternshighoraios-serena-6171c48/src/solidlsp/language_servers/lean4_language_server.py
pipe-to-shell install; OS command execution
Egress to a private/loopback hosthighoraios-serena-6171c48/src/solidlsp/language_servers/ocaml_lsp_server.py
fdopen.github.io
Suspicious network referencesloworaios-serena-6171c48/src/solidlsp/language_servers/omnisharp/runtime_dependencies.json
suspicious TLD (26 URLs)
Suspicious network referencesloworaios-serena-6171c48/src/solidlsp/language_servers/phpantom.py
suspicious TLD (6 URLs)
Suspicious network referencesloworaios-serena-6171c48/src/solidlsp/language_servers/powershell_language_server.py
suspicious TLD (2 URLs)
Suspicious code patternsmediumoraios-serena-6171c48/src/solidlsp/language_servers/solargraph.py
OS command execution; dynamic code execution
Internal host / private infrastructure referencemediumoraios-serena-6171c48/test/resources/repos/ansible/test_repo/inventory/hosts.yml
shipped content references a private IP range or internal-only host
Suspicious network referencesloworaios-serena-6171c48/test/resources/repos/bsl/test_repo/src/CommonModules/ОбщийМодуль1.xml
suspicious TLD (17 URLs)
Suspicious network referencesloworaios-serena-6171c48/test/resources/repos/bsl/test_repo/src/ConfigDumpInfo.xml
suspicious TLD (4 URLs)
Embedded credentialshighexpected for this capabilityoraios-serena-6171c48/test/resources/repos/toml/test_repo/config.toml
found: DB connection string with credentials
Vulnerable dependencieshigh
18 known vulnerabilities in: agno@2.5.10, gitpython@3.1.46, pygments@2.19.2, pyjwt@2.12.0, pytest@8.4.1
✔ verified source · pinned oraios-serena-6171c48
Check against a policy

The same gate an agent runs before installing (POST /api/v1/trust/serena-coding-mcp/check). Click a policy:

OWASP AI control mapping
5passed
10flagged
0runtime-enforced
5governance

Evaluated against the OWASP Top 10 for LLM Applications (2025) and the OWASP Machine Learning Security Top 10. Expand any control to see the findings.

OWASP Top 10 for LLM Applications
⚠LLM01Prompt Injectionhigh
Adversarial instructions embedded in an artifact that hijack a downstream LLM.
•Prompt-injection phrasing — instruction-subversion language detected (CWE-77)
⚠LLM02Sensitive Information Disclosurehigh
Secrets, credentials or PII shipped inside the artifact.
•Embedded credentials — found: hardcoded credential (CWE-798)
•Embedded credentials — found: DB connection string with credentials (CWE-798)
⚠LLM03Supply Chainhigh
Vulnerable/compromised dependencies, models or archives in the artifact.
•Dependency manifest — 8 npm dependencies declared
•Dependency manifest — 12 npm dependencies declared
•Dependency manifest — 4 npm dependencies declared
•Vulnerable dependencies — 18 known vulnerabilities in: agno@2.5.10, gitpython@3.1.46, pygments@2.19.2, pyjwt@2.12.0, pytest@8.4.1 (CWE-1395)
✓LLM04Data and Model PoisoningPassed
Backdoors/poisoning in training data or serialized models.
Behavioral poisoning needs model execution; static check covers unsafe serialization + dataset skew only.
⚠LLM05Improper Output Handlinghigh
Code that pipes model/user output into shell, eval, SQL or paths unsafely.
•Path traversal sequences — '../' present in content or name (CWE-22)
•Suspicious code patterns — pipe-to-shell install (CWE-494)
•Suspicious code patterns — destructive rm -rf /; pipe-to-shell install (CWE-78)
•Suspicious code patterns — OS command execution (CWE-78)
•Suspicious code patterns — pickle deserialization (CWE-502)
•Suspicious code patterns — dynamic code execution (CWE-95)
•Suspicious code patterns — unsafe yaml.load (CWE-502)
•Suspicious code patterns — pipe-to-shell install; OS command execution (CWE-494)
•Suspicious code patterns — OS command execution; dynamic code execution (CWE-78)
⚠LLM06Excessive Agencyhigh
Over-broad tool/permission surface or unrestricted egress.
•External endpoints declared — 2 distinct host(s)
•External endpoints declared — 1 distinct host(s)
•Broad capability surface — 3 high-impact capability categories referenced — verify least-privilege (CWE-272)
•External endpoints declared — 4 distinct host(s)
•External endpoints declared — 3 distinct host(s)
•Broad capability surface — 4 high-impact capability categories referenced — verify least-privilege (CWE-272)
•External endpoints declared — 7 distinct host(s)
•External endpoints declared — 5 distinct host(s)
•External endpoints declared — 10 distinct host(s)
•Egress to an anonymous-paste / tunnel / OOB endpoint — serena-agent-tunnel.trycloudflare.com (CWE-200)
•External endpoints declared — 8 distinct host(s)
•External endpoints declared — 6 distinct host(s)
•Egress to a private/loopback host — fdopen.github.io (CWE-918)
⚠LLM07System Prompt Leakagehigh
Secrets, internal hosts or proprietary logic exposed in shipped prompts.
•Embedded credentials — found: hardcoded credential (CWE-798)
•Internal host / private infrastructure reference — shipped content references a private IP range or internal-only host (CWE-200)
•Embedded credentials — found: DB connection string with credentials (CWE-798)
✓LLM08Vector and Embedding WeaknessesPassed
PII or plaintext source leakage in embedding/vector exports.
Embedding inversion/poisoning is largely runtime; static check covers PII in vector exports.
§LLM09MisinformationGovernance
Artifacts designed to produce false/deceptive output.
Detectable only by runtime behavioral evaluation; addressed via responsible-use attestation.
⚠LLM10Unbounded Consumptionmedium
Unbounded loops/recursion causing DoS or runaway cost.
Enforced at runtime by the gateway (rate limits + spend caps + size caps); static check flags unbounded loops.
•Potentially unbounded loop — an infinite loop (while True / while(1) / for(;;)) may cause runaway consumption (CWE-835)
OWASP Machine Learning Security Top 10
§ML01Input Manipulation (Adversarial)Governance
Models vulnerable to adversarial perturbations.
Requires runtime robustness evaluation; addressed via publisher robustness attestation.
⚠ML02Data Poisoninghigh
Poisoned training datasets with triggers or anomalous distributions.
Static check covers trigger phrasing, PII and label skew; full poisoning detection is runtime.
•Prompt-injection phrasing — instruction-subversion language detected (CWE-77)
§ML03Model InversionGovernance
Training data reconstructable from a model's outputs.
Runtime/evaluation property; addressed via model-card data-provenance + DP attestation.
§ML04Membership InferenceGovernance
Determining whether a record was in the training set.
Runtime/evaluation property; addressed via overfitting disclosure + DP attestation.
✓ML05Model TheftPassed
Unlicensed re-distribution / license-incompatible derivatives.
Static check verifies license declaration; extraction throttling is runtime.
⚠ML06AI Supply Chainhigh
Compromised PyPI/npm packages, typosquats, unsafe serialized models.
•Dependency manifest — 8 npm dependencies declared
•Dependency manifest — 12 npm dependencies declared
•Dependency manifest — 4 npm dependencies declared
•Vulnerable dependencies — 18 known vulnerabilities in: agno@2.5.10, gitpython@3.1.46, pygments@2.19.2, pyjwt@2.12.0, pytest@8.4.1 (CWE-1395)
✓ML07Transfer Learning AttackPassed
Backdoored base models / LoRA adapters propagating to derivatives.
Backdoor detection needs behavioral probing; static check covers unsafe serialization + provenance.
§ML08Model SkewingGovernance
Models trained on skewed data producing biased output.
Requires fairness evaluation; addressed via model-card bias/limitations disclosure.
⚠ML09Output Integrityhigh
Middleware tampering with model outputs in transit.
Gateway enforces TLS + response integrity; static check flags output-rewriting code.
•Path traversal sequences — '../' present in content or name (CWE-22)
•Suspicious code patterns — pipe-to-shell install (CWE-494)
•Suspicious code patterns — destructive rm -rf /; pipe-to-shell install (CWE-78)
•Suspicious code patterns — OS command execution (CWE-78)
•Suspicious code patterns — pickle deserialization (CWE-502)
•Suspicious code patterns — dynamic code execution (CWE-95)
•Suspicious code patterns — unsafe yaml.load (CWE-502)
•Suspicious code patterns — pipe-to-shell install; OS command execution (CWE-494)
•Suspicious code patterns — OS command execution; dynamic code execution (CWE-78)
✓ML10Model Poisoning (Weights)Passed
Tampered model weight files; integrity must be verifiable.
Static check enforces safe formats + records a content hash for downstream verification.

Consume Serena programmatically. Authenticate with an API key or session — see Authorize an agent.

# Agents: CHECK BEFORE YOU INSTALL (no auth) — score, grade, level, capability manifest
curl https://ai-supply.store/api/v1/trust/serena-coding-mcp

# Gate against your org policy (returns { pass, violations })
curl -X POST https://ai-supply.store/api/v1/trust/serena-coding-mcp/check \
  -H "Content-Type: application/json" \
  -d '{"minGrade":"B","denyPermissions":["shell"],"denyUnknownEgress":true}'

# CLI
npx ai-supply add serena-coding-mcp

# REST (install → download)
curl -X POST https://ai-supply.store/api/v1/listings/serena-coding-mcp/install \
  -H "Authorization: Bearer $AIM_KEY"

# MCP tool
install_listing({ "slug": "serena-coding-mcp" })
OpenAPI spec →
vlatest
! Security: Review · 582h ago

Curated mirror — latest upstream source. See the repository for tagged releases.

Sign in and install this listing to leave a review.

More from @ai-supply

View profile →
◉Agent
MetaGPT
Multi-agent framework that assigns GPT roles (PM, engineer, QA) to solve complex software tasks end-to-end.
↓ 1.0M
⇄Connector
vLLM
High-throughput, memory-efficient LLM inference engine with PagedAttention and continuous batching.
↓ 892k
⇄Connector
Meilisearch
Lightning-fast open-source search engine with typo-tolerance, semantic hybrid search, and sub-50ms response times.
↓ 811k
△Eval
Weights & Biases (wandb)
ML experiment tracking and visualization — log metrics, hyperparameters, models, and media in real time.
↓ 784k
ai-supply.store

無料でセキュリティ監査済みのAI機能。スキル、MCP、プラグイン、agent、データセットまで、一つひとつをスコアリングし鮮度も追跡。人にもagentにも使えるように設計されています。

api · v3.1status · all green
お問い合わせ
support@ai-supply.storesecurity@ai-supply.store
カタログ
  • 探す
  • カテゴリ
  • ランキング
  • ベンチマーク
  • セキュリティ
コミュニティ
  • コミュニティ
  • FAQ
エージェント向け
  • クイックスタート (60s)
  • エージェントを認可
  • Agent API
  • OpenAPI 仕様
ビルダー向け
  • 公開する
  • ダッシュボード
アカウント
  • アカウント作成
  • サインイン
  • 設定
法的情報
  • 利用規約
  • パブリッシャー契約
  • 利用規定
  • プライバシーポリシー