Package Exports
- @vettiq/mcp-server
- @vettiq/mcp-server/dist/index.js
This package does not declare an exports field, so the exports above have been automatically detected and optimized by JSPM instead. If any package subpath is missing, it is recommended to post an issue to the original package (@vettiq/mcp-server) to support the "exports" field. If that is not possible, create a JSPM override to customize the exports field for this package.
Readme
@vettiq/mcp-server
VettIQ MCP Server brings AI code security scanning directly into your coding environment. 7 tools let you scan code through VettIQ's 6-stage multi-LLM pipeline, check MCP server trust scores, search live threat intelligence, and monitor your security posture — all without leaving Claude Code, Cursor, or Windsurf.
Prerequisites
- Node.js 18+
- VettIQ API key (get free at app.vettiq.ai → Settings → API Keys)
- Free plan works — 1 scan/month included
Quick Start — Claude Code
npm install -g @vettiq/mcp-serverAdd to ~/.claude/mcp.json:
{
"mcpServers": {
"vettiq": {
"command": "vettiq-mcp",
"env": {
"VETTIQ_API_KEY": "your_api_key_here"
}
}
}
}Restart Claude Code. Test: "Scan this file with VettIQ" then paste any code.
Quick Start — Cursor
Add to .cursor/mcp.json at your project root:
{
"mcpServers": {
"vettiq": {
"command": "vettiq-mcp",
"env": {
"VETTIQ_API_KEY": "your_key_here"
}
}
}
}Quick Start — HTTP Transport
VETTIQ_API_KEY=your_key VETTIQ_MCP_TRANSPORT=http node dist/index.jsMCP endpoint: http://localhost:3100/sse
Health check: http://localhost:3100/health
Quick Start — Docker
docker build -t vettiq-mcp .
docker run -e VETTIQ_API_KEY=your_key -p 3100:3100 vettiq-mcpAvailable Tools
| Tool | What it does | When to use |
|---|---|---|
scan_code |
Submit code for 6-stage security scan | Before committing any AI-generated code |
get_scan_status |
Poll scan progress | After scan_code |
get_scan_results |
Get findings and verified fixes | When scan is complete |
check_mcp_server |
Look up MCP server trust score | Before installing any MCP server |
search_threat_intel |
Search live CVE/threat database | Researching a vulnerability |
get_security_score |
Get repo Security Health Score | Monitoring security posture |
list_open_findings |
List all unresolved findings | Security review / sprint planning |
Environment Variables
| Variable | Default | Description |
|---|---|---|
VETTIQ_API_KEY |
(required) | Your VettIQ API key |
VETTIQ_API_BASE_URL |
https://api.vettiq.ai |
API base URL |
VETTIQ_MCP_TRANSPORT |
stdio |
Transport: stdio or http |
VETTIQ_MCP_PORT |
3100 |
HTTP port (http transport only) |
VETTIQ_MCP_DEBUG |
false |
Enable debug logging to stderr |
VETTIQ_REQUEST_TIMEOUT_MS |
30000 |
API request timeout (ms) |
VETTIQ_RETRY_ATTEMPTS |
3 |
Max retry attempts for 429/5xx |
Example Prompts
- "Scan this Supabase integration for security issues" [paste code]
- "Check if github.com/owner/some-mcp-server is safe to install"
- "What critical vulnerabilities is VettIQ tracking this week?"
- "What's my security score for myorg/my-app?"
- "List all open critical findings across my repositories"
- "Scan my auth handler and apply the fixes"
Troubleshooting
API key not working Generate a new key at app.vettiq.ai → Settings → API Keys. The free tier includes 1 scan/month.
Server not appearing in Claude Code
Check that ~/.claude/mcp.json is valid JSON and the path to vettiq-mcp is correct. Restart Claude Code after any changes.
Scan taking too long
The 6-stage pipeline (Semgrep → Gemini → GPT-4o → Gemini → Claude → Gemini verification) typically completes in 60–90 seconds. Use get_scan_status to check progress.
Rate limit errors Free plan: 1 scan/month. Pro ($49/mo): unlimited scans. Upgrade at app.vettiq.ai/pricing.
Development
npm install
npm run build
npm test
npm run typecheckLicense
Proprietary — LumenIQ, Inc.