docs/integrations/vscode

How to connect the Secret & Repo Scanner MCP Tool to VS Code

Scans a directory for leaked secrets, API tokens, private keys, PII (emails, SSNs), and missing .gitignore entries. This guide provides the exact configuration required to load the repo_scanner tool inside VS Code.

Step 1: Open the configuration file

Locate and open your VS Code configuration file at the following path:

macOS / Linux.vscode/mcp.json (workspace) or settings.json

Windows.vscode\mcp.json (workspace) or settings.json

Step 2: Add the server config

Copy and paste the following JSON snippet into the file. Save the file and restart VS Code.

mcp.json

{
  "mcpServers": {
    "agenticstore": {
      "command": "uvx",
      "args": ["agentic-store-mcp", "--tools", "repo_scanner"]
    }
  }
}

Step 3: Try it out

Once restarted, ask VS Code something like this to trigger the tool:

"Scan this repository for any leaked API keys or secrets."

Explore more

→ View full repo_scanner documentation → See all Client integrations