Server Security Snapshot

БесплатноHosted

An MCP server that gives Claude and other AI agents the ability to audit any public URL's HTTP security headers. What it checks: * HSTS, CSP, X-Frame-Options, X

автор: Seiya-wasabi

GitHub

Описание

An MCP server that gives Claude and other AI agents the ability to audit any public URL's HTTP security headers. What it checks: * HSTS, CSP, X-Frame-Options, X-Content-Type-Options, Referrer-Policy, Permissions-Policy * HTTPS enforcement and redirect chain depth * Presence of security.txt, robots.txt, sitemap.xml Payment model: * 0.05 USDC per scan, paid automatically on Base via the x402 proto

README

MCP server that exposes Website Security Snapshot API as a tool for Claude and other AI agents.

Scan any public URL's HTTP security headers directly from your AI assistant — payment settled automatically on-chain via x402 (0.05 USDC on Base).

Network status: Currently on Base Sepolia testnet. Mainnet (Base) goes live 2026-03-28. Use "NETWORK": "base-sepolia" for testing before that date; switch to "NETWORK": "base" on 2026-03-28.

Tools Provided

Tool	Description	Cost
`scan_security_headers`	Scan a URL's security headers (live, paid)	0.05 USDC
`demo_security_snapshot`	Return a pre-baked example (free)	Free

`scan_security_headers`

Checks:

HSTS, CSP, X-Frame-Options, X-Content-Type-Options, Referrer-Policy, Permissions-Policy
HTTPS enforcement and redirect chain
Presence of security.txt, robots.txt, sitemap.xml

Setup

Requirements

A wallet with USDC on Base (mainnet) or Base Sepolia (testnet)
Get testnet USDC free: https://faucet.circle.com

Claude Desktop

Add to claude_desktop_config.json (usually ~/Library/Application Support/Claude/ on macOS, %APPDATA%\Claude\ on Windows):

{
  "mcpServers": {
    "security-snapshot": {
      "command": "npx",
      "args": ["-y", "mcp-server-security-snapshot"],
      "env": {
        "WALLET_PRIVATE_KEY": "0xYOUR_PRIVATE_KEY",
        "NETWORK": "base"
      }
    }
  }
}

For testnet (free USDC from faucet):

{
  "env": {
    "WALLET_PRIVATE_KEY": "0xYOUR_TESTNET_KEY",
    "NETWORK": "base-sepolia"
  }
}

Run Directly

WALLET_PRIVATE_KEY=0x... NETWORK=base npx mcp-server-security-snapshot

Environment Variables

Variable	Required	Default	Description
`WALLET_PRIVATE_KEY`	Yes	—	Private key of paying wallet (`0x...`)
`NETWORK`	No	`base`	`base` or `base-sepolia`
`API_BASE_URL`	No	`https://api.cybersecurity-japan.com`	Override API endpoint

Example Usage in Claude

Once configured, ask Claude:

"Check the security headers on https://example.com"

"Does https://mysite.com have HSTS and CSP enabled?"

"Audit the security hygiene of https://example.com and tell me what's missing"

Claude will call scan_security_headers, pay 0.05 USDC from your wallet, and return the results.

Security Note

Your WALLET_PRIVATE_KEY is used to sign USDC transactions. Use a dedicated wallet with only enough USDC for your intended usage. Do not use your main wallet.

License

MIT

Как установить

Добавь это в claude_desktop_config.json и перезапусти Claude Desktop.

{
  "mcpServers": {
    "mcp-server-security-snapshot": {
      "command": "npx",
      "args": []
    }
  }
}

Server Security Snapshot

Описание

README

Tools Provided

`scan_security_headers`

Setup

Requirements

Claude Desktop

Run Directly

Environment Variables

Example Usage in Claude

Security Note

Links

License

Как установить

Похожие MCP

Stripe

malamutemayhem/unclick-agent-native-endpoints

whiteknightonhorse/APIbase

trackerfitness729-jpg/sitelauncher-mcp-server

Command Palette

Server Security Snapshot

Описание

README

Tools Provided

scan_security_headers

Setup

Requirements

Claude Desktop

Run Directly

Environment Variables

Example Usage in Claude

Security Note

Links

License

Как установить

Похожие MCP

Stripe

malamutemayhem/unclick-agent-native-endpoints

whiteknightonhorse/APIbase

trackerfitness729-jpg/sitelauncher-mcp-server

`scan_security_headers`