Back to /mcp
Beta · docs are evolving

MCP Server quick start.

Connect Claude Code to vul.ninja in about 30 seconds. This is the developer-facing half of vul.ninja's find → fix → validate loop — the dashboard finds posture issues across your cloud accounts; the MCP server delivers the same security checks inline in your editor, so fixes and IaC reviews happen where you write code. This page covers the install config and the tools your agent can call. Broader MCP-client compatibility is on the roadmap; deeper reference docs land alongside GA.

Step 1

Get an API key.

Sign up on /get-started. The key is shown once after signup; treat it like any other bearer token. Each key is bound to a single account and inherits the cloud-connection permissions you've already configured.

Step 2

Add the server to your MCP client.

Drop this into Claude Code's MCP config (claude_desktop_config.json). Replace YOUR_API_KEY with the value from step 1.

claude_desktop_config.json
{
  "mcpServers": {
    "vulninja": {
      "type": "http",
      "url": "https://mcp.vul.ninja",
      "headers": {
        "Authorization": "Bearer YOUR_API_KEY"
      }
    }
  }
}

Step 3

Install the vul.ninja skills.

For the best experience, install the vul.ninja skills for Claude Code. This adds three slash commands — /vulninja-triage, /vulninja-fix-top, /vulninja-pr-review — that orchestrate the find → fix → validate loop end-to-end against the tools above.

install
git clone https://github.com/R221/vulninja-skills ~/.claude/skills/vulninja

Restart Claude Code or start a new session, then type / to see the skills in the picker.

Step 4

The tools.

Your agent discovers these automatically once the server is connected. No prompting required — Claude Code calls them on the right triggers (e.g. assess_iac_change fires before an apply).

Available now · Before deploy

Static analysis on what your agent is about to ship — IaC, ARM / Bicep templates, IAM policies — plus the matching remediation fetch.

assess_iac_change

Run a security review on a Terraform plan, CloudFormation template, or Kubernetes manifest before the agent applies it.

input (example)
{
  "format": "terraform",
  "plan": "<terraform plan output>"
}
output (example)
{
  "verdict": "blocked",
  "findings": [
    {
      "rule": "public_acl_on_sensitive_bucket",
      "severity": "critical",
      "resource": "aws_s3_bucket.prod_data_store",
      "fix_hint": "Remove ACL; enforce bucket policy + Block Public Access."
    }
  ]
}
evaluate_iam_policy

Risk-score an IAM policy or role document. Catches wildcards, privilege-escalation paths, and missing condition keys.

input (example)
{
  "policy_document": { "Version": "2012-10-17", "Statement": [...] }
}
output (example)
{
  "risk": "high",
  "findings": [
    {
      "rule": "overprivileged_deploy_role",
      "issue": "iam:* on Resource:*",
      "suggested_scope": "s3:PutObject on arn:aws:s3:::deploys/*"
    }
  ]
}
get_remediation

Return a contextual fix for a finding. Common findings get template-based fixes (no LLM call); novel findings get an AI-generated diff.

input (example)
{
  "finding_id": "public_acl_on_sensitive_bucket",
  "resource_snippet": "<offending HCL block>"
}
output (example)
{
  "fix_kind": "template",
  "diff": "<unified diff>",
  "notes": "Removes ACL and adds Block Public Access."
}

Available now · Read your cloud

Read-only bridge to findings vul.ninja's dashboard scanners have already discovered in your AWS, Azure, and GCP accounts. The two finding stores remain distinct on disk — MCP-tool findings stay in MCP, dashboard findings stay in the dashboard — but a single Claude Code session can see both.

list_dashboard_findings

Read findings from your vul.ninja dashboard scans into the editor — what's already been discovered in your AWS, Azure, and GCP accounts. Pull the full record for any one of them via get_dashboard_finding.

input (example)
{
  "severity_min": "high",
  "limit": 20
}
output (example)
{
  "findings": [
    {
      "finding_id": "finding-f2b39e01959f1292-4",
      "scan_id": "c255e9e1-aa02-4571-9085-...",
      "rule": "Key Vault Accessible from Public Internet",
      "severity": "high",
      "resource": "vulninja-kv",
      "short_description": "Key Vault allows access from all networks..."
    }
  ],
  "next_cursor": null
}
get_dashboard_finding

Fetch the full record for one dashboard finding by (scan_id, finding_id). Dashboard findings are addressable as a pair because the dashboard models them as nested inside their scan; finding_id alone isn't enough.

input (example)
{
  "scan_id": "c255e9e1-aa02-4571-9085-...",
  "finding_id": "finding-f2b39e01959f1292-4"
}
output (example)
{
  "finding_id": "finding-f2b39e01959f1292-4",
  "title": "Key Vault Accessible from Public Internet",
  "severity": "high",
  "remediation_available": true,
  "source": "dashboard"
}
get_remediation_for_dashboard_finding

Get the suggested fix for a finding the dashboard surfaced — CLI commands, portal steps, and a console deep link. Same response shape as get_remediation, with source: "dashboard" so the agent knows which pipeline produced it.

input (example)
{
  "scan_id": "c255e9e1-aa02-4571-9085-...",
  "finding_id": "finding-f2b39e01959f1292-4"
}
output (example)
{
  "resource_id": "/subscriptions/.../Microsoft.KeyVault/vaults/vulninja-kv",
  "methods": {
    "cli_commands": ["az keyvault network-rule add ..."],
    "portal_steps": ["1. Navigate to Azure Portal", "..."],
    "console_url": "https://portal.azure.com/..."
  },
  "source": "dashboard"
}

Coming soon · Azure expansion

AWS shipped first because that's where the customer set lives today. Azure parity is the next milestone — Bicep / ARM template review is in development now, with broader Azure coverage on the roadmap.

assess_arm_templateAzure

Bicep / ARM template review — same contract as assess_iac_change, narrowed to Azure-native deployment files.

Roadmap

More Azure coverage on the roadmap — RBAC evaluation, Key Vault auditing, NSG analysis. Secret scanning across providers on the roadmap.

What we store and what we don't.

IaC files are never stored. The findings produced by MCP tool calls (rule, severity, location) are stored for audit and billing. Your code is not retained.

When you call get_remediation and we generate a contextual diff, the offending snippet is sent to Anthropic's API — Anthropic doesn't train on API content, and the snippet isn't stored in vul.ninja's database afterward.

Template-based remediation (the most common path) doesn't send anything anywhere — the fix is returned from a hand-curated template.

Read the full positioning →

What's next.

We're shipping deeper reference docs (full schema, error codes, rate limits) alongside GA. If you hit something that's not covered here, email support@vul.ninja — bug reports during the beta jump the queue.

Get an API keyBack to /mcp