Elytra Security Server
FreeNot checkedEnables AI coding agents to scan smart contracts and code for vulnerabilities, check against 12 famous-hack patterns, and return public security receipts direct
About
Enables AI coding agents to scan smart contracts and code for vulnerabilities, check against 12 famous-hack patterns, and return public security receipts directly in the IDE.
README
Elytra Security as a Model Context Protocol server. Give your AI coding agent (Claude Desktop, Cursor, Cline, Zed) the ability to scan smart contracts and code, check 12 famous-hack patterns, and return public Elytra security receipts — without leaving the IDE.
173 detection rules. ERC-8004 verified agent. x402 pay-per-call in USDC on Base + Solana.
Install
Claude Desktop
Add to ~/Library/Application Support/Claude/claude_desktop_config.json (macOS) or %APPDATA%\Claude\claude_desktop_config.json (Windows):
{
"mcpServers": {
"elytra": {
"command": "npx",
"args": ["-y", "@elytrasec/mcp@latest"]
}
}
}
Restart Claude Desktop. The 4 Elytra tools appear in the MCP indicator.
Cursor
Settings → MCP → Add server:
{ "command": "npx", "args": ["-y", "@elytrasec/mcp@latest"] }
Cline / Continue / any MCP-compatible client
Same one-liner — install as a stdio server with the npx command above.
Tools
| Tool | What it does |
|---|---|
elytra_scan |
Scan a code snippet for security vulnerabilities |
elytra_scan_address |
Scan a deployed contract by 0x address (Ethereum / Base / Arbitrum / Optimism / Polygon) |
elytra_replay_hacks |
Test code against 12 famous-exploit patterns ($3.04B combined losses): Bybit, Ronin, Euler, Beanstalk, Multichain, Curve, Radiant, zkSync, Cream, Wormhole, Nomad, Mango |
elytra_agent_identity |
Return Elytra's onchain agent card (ERC-8004, pricing, capabilities) |
Privacy & safety
This MCP server is a thin, read-only client over Elytra's public HTTP API. Specifically:
- No shell execution. The server never spawns child processes or executes shell commands.
- No file writes. The server reads nothing from disk and writes nothing to disk.
- No private keys. The server never reads, requests, generates, or stores private keys.
- No wallet signing. The server never signs transactions or messages. Any onchain payments (x402) are settled by Elytra's facilitators, not by this server.
- Sends only what you ask it to. Each tool call forwards exactly the code, address, or query the AI agent passed in — nothing more. No telemetry, no ambient file reads, no background uploads.
- May return public receipt URLs. Depending on Elytra's API mode, a scan can produce a public receipt page at
https://elytrasec.io/r/<id>. The URL is returned to you; you decide whether to share it.
Optional env vars
ELYTRA_API_KEY— Bearer key for the paid/api/v1/scanendpoint (bypasses x402 micropayment for higher throughput). Contact [email protected].ELYTRA_BASE_URL— Override the defaulthttps://elytrasec.io(for self-hosting).
Pricing
All tools above hit Elytra's free public endpoints. For higher rate limits or AI-powered deep review, the underlying API supports x402 pay-per-call in USDC on Base or Solana (1¢ per scan, 2¢ per review).
Other Elytra packages
- @elytrasec/cli — same detectors, command-line.
npx -y @elytrasec/cli scan . - ElytraSec/elytra-action — drop into a GitHub Actions workflow.
- @elytrasec/engine — the underlying analysis library.
Links
- Website: https://elytrasec.io
- Playground (interactive): https://elytrasec.io/playground
- Hack Replay Library: https://elytrasec.io/hacks
- Agent card: https://elytrasec.io/.well-known/agent-card.json
License
MIT
Install Elytra Security Server in Claude Desktop, Claude Code & Cursor
unyly install elytra-security-mcp-serverInstalls into Claude Desktop, Claude Code, Cursor & VS Code — handles npx, uvx and build-from-source repos for you.
First time? Get the CLI: curl -fsSL https://unyly.org/install | sh
Or configure manually
Run in your terminal:
claude mcp add elytra-security-mcp-server -- npx -y @elytrasec/mcpFAQ
Is Elytra Security Server MCP free?
Yes, Elytra Security Server MCP is free — one-click install via Unyly at no cost.
Does Elytra Security Server need an API key?
No, Elytra Security Server runs without API keys or environment variables.
Is Elytra Security Server hosted or self-hosted?
A hosted option is available: Unyly runs the server in the cloud, no local setup required.
How do I install Elytra Security Server in Claude Desktop, Claude Code or Cursor?
Open Elytra Security Server on unyly.org, pick your client tab (Claude Desktop, Claude Code, Cursor) and press Install — the config is generated automatically, no JSON editing.
Related MCPs
GitHub
PRs, issues, code search, CI status
by GitHubFilesystem
Secure file operations with configurable access controls.
Memory
Knowledge graph-based persistent memory system.
Template MCP Server
A CLI tool to create a new Model Context Protocol server project with TypeScript support, dual transport options, and an extensible structure
by mcpdotdirectCompare Elytra Security Server with
Not sure what to pick?
Find your stack in 60 seconds
Author?
Embed badge for your README
Browse similar
All development MCPs
