mediazone/repo-cleanup-mcp
If you are the rightful owner of repo-cleanup-mcp and would like to certify it and/or have it hosted online, please leave a comment on the right or send an email to dayong@mcphub.com.
Repository Cleanup MCP Server is a tool designed to provide static analysis and cleanup recommendations for code repositories, ensuring better organization, security, and efficiency.
Repository Cleanup MCP Server
A Model Context Protocol (MCP) server that provides static analysis and cleanup recommendations for code repositories.
⚠️ IMPORTANT DISCLAIMER
USE AT YOUR OWN RISK - This tool performs static analysis and provides recommendations only.
- 🚨 No Warranty: This software is provided "AS IS" without any warranties
- 🛡️ Your Responsibility: You are solely responsible for reviewing and validating all recommendations
- 💾 Backup First: Always backup your code before making any changes based on tool suggestions
- 🔍 Verify Results: Security scans may have false positives/negatives - always verify findings
- 📝 No Liability: Authors are not liable for any data loss, security issues, or damages
The tool analyzes but does not modify your files. All cleanup actions are your decision and responsibility.
Features
🧹 Core Analysis Features
🧹 Obsolete File Detection - Find unused files, old logs, deprecated configurations 🔍 Dead Code Analysis - Identify unused imports, functions, and variables 📋 Configuration Extraction - Detect hardcoded values that should be externalized 🔒 Security Scanning - Find hardcoded secrets, credentials, and API keys 📊 Dependency Analysis - Identify unused dependencies and outdated packages 📁 File Organization - Suggest better folder structures and naming conventions 📝 Documentation Analysis - Find undocumented code and missing documentation
🛡️ Enhanced Security & Privacy Features
🕵️ Privacy Leak Detection - Detect personal emails in git history and source files ⚖️ Legal Disclaimer Analysis - Analyze legal compliance and API dependency disclaimers 🤖 GitHub Actions Security - Audit workflow security, permissions, and action pinning 📦 NPM Package Security - Analyze publishing automation and package metadata privacy
Installation
Global Installation (Recommended)
npm install -g repo-cleanup-mcp
Local Installation
npm install repo-cleanup-mcp
Using npx (No Installation)
npx repo-cleanup-mcp
Usage
As MCP Server
Add to your Claude Desktop config:
{
"mcpServers": {
"repo-cleanup": {
"command": "node",
"args": ["/path/to/repo-cleanup-mcp/dist/index.js"],
"env": {}
}
}
}
Available Tools
Core Analysis Tools
analyze_repository- Comprehensive repository analysisdetect_obsolete_files- Find unused and deprecated filesscan_for_secrets- Detect hardcoded credentials and API keysanalyze_dependencies- Check for unused and outdated dependenciesextract_hardcoded_values- Find values that should be configurableanalyze_documentation- Find documentation gaps
Enhanced Security & Privacy Tools
detect_privacy_leaks- Scan for personal emails and privacy leaks in git history and filesanalyze_legal_disclaimers- Analyze legal compliance and API dependency disclaimer coverageanalyze_github_actions_security- Audit GitHub Actions workflows for security best practicesanalyze_npm_security- Analyze NPM package security and publishing configuration
Tool Examples
Repository Analysis
// Analyze entire repository structure
const analysis = await analyzeTool.call({
path: "/path/to/repository",
includePatterns: ["**/*.js", "**/*.ts", "**/*.json"],
excludePatterns: ["node_modules/**", "dist/**"]
});
Obsolete File Detection
// Find unused files
const obsoleteFiles = await obsoleteDetection.call({
path: "/path/to/repository",
checkUnusedFiles: true,
checkOldLogs: true,
checkDeprecatedConfigs: true
});
Security Scanning
// Scan for hardcoded secrets
const securityIssues = await securityScan.call({
path: "/path/to/repository",
scanForSecrets: true,
scanForCredentials: true,
scanForApiKeys: true
});
Privacy Leak Detection
// Detect privacy leaks in git history and files
const privacyAnalysis = await privacyLeakDetection.call({
path: "/path/to/repository"
});
Legal Disclaimer Analysis
// Analyze legal compliance and disclaimers
const legalAnalysis = await legalDisclaimerAnalysis.call({
path: "/path/to/repository"
});
GitHub Actions Security
// Audit GitHub Actions workflows for security
const actionsAnalysis = await githubActionsSecurity.call({
path: "/path/to/repository"
});
NPM Package Security
// Analyze NPM package security and publishing setup
const npmAnalysis = await npmSecurity.call({
path: "/path/to/repository"
});
Configuration
Create a .repo-cleanup.json file in your repository root:
{
"excludePatterns": [
"node_modules/**",
"dist/**",
"build/**",
".git/**"
],
"includePatterns": [
"**/*.js",
"**/*.ts",
"**/*.json",
"**/*.md"
],
"deadCodeAnalysis": {
"enabled": true,
"excludeFunctions": ["main", "index", "init"]
},
"securityScan": {
"enabled": true,
"checkForSecrets": true,
"secretPatterns": [
"password\\s*=\\s*['\"][^'\"]+['\"]",
"api[_-]?key\\s*=\\s*['\"][^'\"]+['\"]",
"secret\\s*=\\s*['\"][^'\"]+['\"]"
]
},
"documentation": {
"requireReadme": true,
"requireFunctionDocs": true,
"requireClassDocs": true
}
}
Language Support
Currently supports analysis for:
- JavaScript/TypeScript
- Python
- Java
- Go
- Rust
- C/C++
- Shell scripts
- Configuration files (JSON, YAML, TOML, INI)
- Documentation (Markdown, reStructuredText)
Contributing
- Fork the repository
- Create a feature branch
- Make your changes
- Add tests
- Submit a pull request
License
MIT License - see LICENSE file for details.
Changelog
v1.1.0 (Latest)
- ✨ NEW: Privacy leak detection for personal emails in git history and files
- ✨ NEW: Legal disclaimer analysis for API dependencies and compliance
- ✨ NEW: GitHub Actions security auditing (permissions, action pinning, automation)
- ✨ NEW: NPM package security analysis (publishing, metadata privacy)
- 🛡️ Enhanced security scanning with comprehensive recommendations
- 📋 Improved compliance scoring and risk assessment
v1.0.0
- Initial release
- Basic repository analysis
- Obsolete file detection
- Security scanning
- Dead code detection
- Configuration extraction recommendations
Real-World Use Cases
🔒 Pre-Publication Security Review
Perfect for cleaning repositories before making them public:
- Detect personal emails in git history that need professional attribution
- Find hardcoded secrets, API keys, and credentials before public release
- Audit GitHub Actions workflows for secure automation
- Ensure legal disclaimers cover API dependencies and liability protection
📦 NPM Package Publishing
Essential for secure NPM package publishing:
- Scan package.json for personal email exposure
- Audit publishing automation for professional git attribution
- Analyze version history for packages that should be deleted
- Verify secure token management in CI/CD pipelines
⚖️ Legal Compliance Auditing
Comprehensive legal risk assessment:
- Detect missing "not legal advice" disclaimers for legal/compliance tools
- Analyze API dependency disclosure requirements
- Calculate compliance scores and identify critical gaps
- Generate recommendations for comprehensive legal protection
🏢 Enterprise Repository Hygiene
Maintain clean, professional repositories:
- Remove privacy leaks before code reviews
- Standardize legal disclaimers across projects
- Audit automation security across teams
- Ensure consistent professional attribution