Package Exports
- @aiclude/security-mcp
Readme
@aiclude/security-mcp
AIclude Security Vulnerability Scanner - MCP Server for scanning MCP servers and Claude Code Skills for security vulnerabilities.
Features
- security_scan: Search existing scan results by name, or trigger a new scan automatically
- scan_mcp_server: Scan local MCP server source code for vulnerabilities
- scan_skill: Scan local Claude Code Skill for vulnerabilities
- get_report / list_reports: Retrieve and browse security scan reports
- 7 parallel scan engines: SAST, SCA, Tool Analyzer, DAST, Permission Checker, Behavior Monitor, Malware Detector
Quick Install
Claude Desktop
Add to claude_desktop_config.json:
{
"mcpServers": {
"aiclude-security": {
"command": "npx",
"args": ["-y", "@aiclude/security-mcp"]
}
}
}Cursor
Add to .cursor/mcp.json:
{
"mcpServers": {
"aiclude-security": {
"command": "npx",
"args": ["-y", "@aiclude/security-mcp"]
}
}
}Usage
Once installed, ask your AI agent:
- "Check the security of @modelcontextprotocol/server-fetch"
- "mcp-server-github 의 보안 취약점을 확인해줘"
- "Scan ./my-mcp-server for security vulnerabilities"
Tools
| Tool | Description |
|---|---|
security_scan |
Search existing scan results by package name. Returns full report if found, or triggers new scan. |
scan_mcp_server |
Scan local MCP server directory for vulnerabilities |
scan_skill |
Scan local Claude Code Skill directory for vulnerabilities |
get_report |
Retrieve a specific scan report by ID |
list_reports |
List available scan reports with severity filtering |
configure_scan |
View or update scan configuration |
Environment Variables
| Variable | Description | Default |
|---|---|---|
ASVS_API_URL |
AIclude API server URL | https://vs-api.aiclude.com |
ASVS_SIGNING_SECRET |
HMAC signing secret for API authentication | Built-in default |
Web Dashboard
View all scan results at: https://vs.aiclude.com
License
MIT - AICLUDE Inc.