The new standard in AI code security

AI-generated code,
verified by AI.

Invisible Unicode attacks, Trojan Source, Glassworm steganography, Rules File Backdoor — combining static analysis and AI deep analysis in one MCP server.

View Pricing GitHub
9 Detection Categories
6 MCP Tools
100% AI Detection Accuracy

What does it detect?

👻

Invisible Characters

Detects 30+ invisible Unicode characters including Zero-Width Space, Soft Hyphen, and more

🔄

BiDi / Trojan Source

Detects CVE-2021-42574 attacks that use bidirectional control characters to disguise code execution order

🎭

Homoglyphs

Detects CVE-2021-42694 attacks where Cyrillic/Greek characters masquerade as Latin variable names

🧬

Unicode Steganography

Detects Glassworm attack patterns — malicious payloads hidden in Variation Selectors

🤖

Rules File Backdoor

Detects prompt injection hidden in AI config files like .cursorrules, CLAUDE.md, and more

📦

Dependency Scanning

Detects typosquatting, slopsquatting, malicious install scripts, and suspicious packages

🧠

AI Deep Analysis

CodeBERT deep learning model automatically classifies obfuscated malicious code — catches threats that static rules miss

Pro
🔐

Obfuscation Patterns

Detects eval+base64, env variable exfiltration, reverse shells, crypto wallet C2 channels, and more

Pricing

Static analysis is free. AI deep analysis — pay only for what you use.

CodeSafer is a fully automated software product. All analysis is performed by static rules and AI models — no human-driven services are involved.

Community

$0 /mo

Free plan for individual developers

  • Unlimited static analysis
  • 9 detection categories
  • Local MCP execution
  • 10 AI analyses per session
  • API key
  • CI/CD integration
  • Team dashboard
Popular

Dev

$9 /mo

For freelancers and small projects

  • Everything in Community
  • 200 AI analyses/month
  • API key access
  • Real-time package reputation DB
  • Email support
  • CI/CD integration
  • Team dashboard

Team

$29 /user/mo

For teams and startups

  • Everything in Dev
  • 2,000 AI analyses/month
  • GitHub Actions integration
  • Automatic PR scanning
  • Team dashboard
  • Slack/Discord notifications
  • Priority support

Enterprise

On-premise deployment, unlimited AI analysis, compliance reports, SLA, dedicated support

Contact Us

Frequently Asked Questions

Is the free plan enough?

Yes. Static analysis (invisible characters, BiDi, homoglyphs, obfuscation, and 8 scanners total) is unlimited and free. Only AI deep analysis is limited to 10 per session on the free plan.

How is AI analysis different?

Static analysis matches known patterns with rules. AI analysis uses a CodeBERT deep learning model to judge the intent of code — detecting new attack patterns that don't match any existing rules.

Is my code sent to external servers?

No. Static analysis runs entirely locally. AI analysis also runs the ONNX model locally. Only when using the API plan are code snippets sent to our server for processing — and they are never stored.

What is your refund policy?

We offer a 30-day money-back guarantee on all paid plans. Refunds are processed within 7 business days. See our Refund Policy for details.

Which AI editors are supported?

Any editor that supports the MCP protocol. This includes Claude Code, Cursor, VS Code (Copilot), and more.

How do I get support?

Email us at paletteboxofficial@gmail.com. Dev plan users receive email support, and Team/Enterprise users get priority support with faster response times.