Scan code for TODO, FIXME, and XXX markers with prioritized outputs.
This MCP tool claims a narrow purpose: scanning code for TODO/FIXME/XXX markers, with no stated need for secrets or remote egress. The main concerns are its inherent local code execution and repository read access, while the source is a third-party registry entry with weak maintenance signals, so the overall posture is caution rather than high risk.
The materials explicitly state that no keys or environment variables are required. No API tokens, account credentials, or other sensitive authentication secrets are requested, so credential exposure and misuse risk appears low.
The materials list no remote endpoints, and the description only indicates local code scanning with result output. There is no stated evidence of sending user code or findings to external services.
The system flags this tool as executing code; as an MCP tool, this typically means running a local process/program to perform scanning. This is consistent with its stated function and is a normal capability, but it still creates a local execution surface and should be sandboxed.
Its function requires reading repository or workspace contents to locate TODO/FIXME/XXX markers and generate table, JSON, or SARIF output. The materials do not show data permissions beyond what code scanning needs, but it should be assumed to access files in the scanned project.
There is a public GitHub repository, so the source is in principle auditable, which is a positive sign. However, it comes from a third-party registry, has no declared license, shows 0 stars, unknown maintenance status, and no README, so trust and maturity signals are weak; review the source before use.
Copy the install command and let the AI configure it · recommended for beginners
No copy-paste install info for "modelroute" yet — see the docs or source repo.
Scan this code repository for TODO, FIXME, and XXX markers, sort findings by severity and file path, output a table, and highlight the issues that should be fixed before release.
A prioritized issue table with file locations, marker types, and recommended fixes before release.
Scan TODO, FIXME, and XXX comments in the current project and generate JSON output including file name, line number, marker type, context, and priority.
Structured JSON data ready for scripting, dashboards, or downstream automation.
Scan the repository for TODO, FIXME, and XXX markers and output a SARIF report for integration with code scanning platforms or CI pipelines.
A standard SARIF report that can be consumed by security or quality platforms.
Scan codebases for TODO/FIXME items and prioritize them for CI.
Scan MCP server configs for injections, secrets, and dangerous commands.
Search and navigate multiple code repositories with natural language understanding.
Search codebases semantically and find relevant snippets with source locations.
Scan AI agents, MCP servers, and skills for security risks.
Scan codebases, model threats, review security, and generate reports with AI.