Shannon Lite
FreeNot checkedMCP server for Shannon Lite security workflows, enabling configuration, scan orchestration, workspace management, and report reading.
About
MCP server for Shannon Lite security workflows, enabling configuration, scan orchestration, workspace management, and report reading.
README
Shannon Lite MCP
Model Context Protocol server for end-to-end Shannon Lite security workflows
This package enables AI assistants and applications to configure Shannon, start scans, monitor runtime, inspect workspaces, and read reports programmatically.
Features
- Full Shannon Lite workflow support through MCP tools
- Built-in config management for
~/.shannon/config.toml - Scan orchestration (
start,status,workspaces, logs, report reads) - Safe destructive operations with explicit confirmation tokens
- Smart CLI execution (
shannonbinary or fallback tonpx @keygraph/shannon) - TypeScript implementation with strict Zod validation
Setup
Prerequisites
- Node.js 18+
- Docker (daemon running)
- Shannon CLI access (
shannoninPATHornpxavailable)
MCP Configuration
If you are running this repo locally (unpublished package), build first:
npm install
npm run build
Then use command node with args [/absolute/path/to/shannon-mcp/dist/index.js] in your MCP client configuration.
For Claude Desktop
Add to your Claude Desktop configuration file (~/Library/Application Support/Claude/claude_desktop_config.json on macOS):
{
"mcpServers": {
"shannon-lite": {
"command": "npx",
"args": ["-y", "shannon-lite-mcp"]
}
}
}
For Cursor
Add the configuration to your Cursor settings:
{
"mcpServers": {
"shannon-lite": {
"command": "npx",
"args": ["-y", "shannon-lite-mcp"]
}
}
}
For Windsurf
Add the configuration to your Windsurf settings:
{
"mcpServers": {
"shannon-lite": {
"command": "npx",
"args": ["-y", "shannon-lite-mcp"]
}
}
}
For Warp
Add the following to your Warp session setup:
{
"shannon-lite": {
"command": "npx",
"args": ["-y", "shannon-lite-mcp"],
"working_directory": null,
"start_on_launch": true
}
}
For Other MCP Clients
Use standard MCP server settings:
- Command:
npx -y shannon-lite-mcpornode /path/to/shannon-mcp/dist/index.js - Transport: stdio
Available MCP Tools
shannon_health- Check Docker/Node/CLI readiness, config, and workspace stateshannon_config_set- Write~/.shannon/config.tomlforanthropic,custom_base_url,bedrock,vertex, orroutershannon_config_get- Read current config with secret maskingshannon_start_scan- Start a scan withurl,repo, and optionalconfig,workspace,output,pipeline_testing,routershannon_status- Get Temporal + worker runtime statusshannon_list_workspaces- List known Shannon workspacesshannon_get_workspace- Return detailed workspace/session metadatashannon_read_workflow_log- Read workspaceworkflow.log(tail by default)shannon_read_report- Read final report from workspace deliverablesshannon_stop- Stop Shannon runtime (clean mode requires confirmation token)shannon_uninstall- Remove~/.shannonand stop runtime (requires confirmation token)
Safety Notice
Shannon Lite can run real security test flows. Use only on systems you are authorized to test.
Destructive operations require exact confirmation tokens:
shannon_stopwithclean=true:I_UNDERSTAND_THIS_WILL_REMOVE_SHANNON_DATAshannon_uninstall:DELETE_SHANNON_HOME_AND_STOP_SHANNON
Usage Examples
Configure Anthropic API Key
await mcp.callTool("shannon_config_set", {
provider: "anthropic",
auth_method: "api_key",
api_key: "sk-ant-..."
});
Start a Scan
await mcp.callTool("shannon_start_scan", {
url: "https://example.com",
repo: "/absolute/path/to/repo",
workspace: "q2-audit"
});
Read Final Report
await mcp.callTool("shannon_read_report", {
workspace: "q2-audit"
});
Clean Stop (destructive)
await mcp.callTool("shannon_stop", {
clean: true,
confirm_destructive: "I_UNDERSTAND_THIS_WILL_REMOVE_SHANNON_DATA"
});
Development Setup
Prerequisites
- Node.js 18+
- npm
Local Development
Install dependencies:
npm installBuild the project:
npm run buildRun in development mode:
npm run devRun tests:
npm run test:run
Contributing
- Fork the repository
- Create your feature branch (
git checkout -b feature/amazing-feature) - Commit your changes (
git commit -m 'Add some amazing feature') - Push to the branch (
git push origin feature/amazing-feature) - Open a Pull Request
License
This project is licensed under the MIT License - see the LICENSE file for details.
Links
Support
- Create an issue for bug reports or feature requests
- Check existing issues before creating new ones
- Include reproduction steps, environment info, and relevant logs
Made with care for the security engineering community.
Install Shannon Lite in Claude Desktop, Claude Code & Cursor
unyly install shannon-lite-mcpInstalls into Claude Desktop, Claude Code, Cursor & VS Code — handles npx, uvx and build-from-source repos for you.
First time? Get the CLI: curl -fsSL https://unyly.org/install | sh
Or configure manually
Run in your terminal:
claude mcp add shannon-lite-mcp -- npx -y github:devinoldenburg/shannon-mcpFAQ
Is Shannon Lite MCP free?
Yes, Shannon Lite MCP is free — one-click install via Unyly at no cost.
Does Shannon Lite need an API key?
No, Shannon Lite runs without API keys or environment variables.
Is Shannon Lite hosted or self-hosted?
Self-hosted: the server runs locally on your machine via the install command above.
How do I install Shannon Lite in Claude Desktop, Claude Code or Cursor?
Open Shannon Lite on unyly.org, pick your client tab (Claude Desktop, Claude Code, Cursor) and press Install — the config is generated automatically, no JSON editing.
Related MCPs
GitHub
PRs, issues, code search, CI status
by GitHubFilesystem
Secure file operations with configurable access controls.
Memory
Knowledge graph-based persistent memory system.
Template MCP Server
A CLI tool to create a new Model Context Protocol server project with TypeScript support, dual transport options, and an extensible structure
by mcpdotdirectCompare Shannon Lite with
Not sure what to pick?
Find your stack in 60 seconds
Author?
Embed badge for your README
Browse similar
All development MCPs
