Scorton
БесплатноНе проверенMCP server for behavioral cybersecurity and AI risk scoring in financial workflows, deployed on Cloudflare Workers.
Описание
MCP server for behavioral cybersecurity and AI risk scoring in financial workflows, deployed on Cloudflare Workers.
README
Cloudflare Workers MCP server for behavioral cybersecurity and AI risk in financial workflows.
Built with the universal @modelcontextprotocol/sdk and Cloudflare's agents McpAgent runtime.
What this server provides
MCP tools
score_human_riskscore_ai_riskscore_workflow_riskrun_ai_eval_summarygenerate_audit_snapshothealth_check
MCP resources
scorton://policy-profile— active scoring policy and thresholds.
All tool inputs are validated with Zod and outputs are machine-oriented JSON.
Architecture
src/
config/ # app metadata + scoring thresholds
mcp/ # ScortonMCP agent (tools + resources)
schemas/ # Zod input/output schemas
services/ # pure business logic / scoring
utils/ # logger + structured errors
tests/ # node:test unit tests
Runtime
- Framework:
@modelcontextprotocol/sdk+agents/mcp - Hosting: Cloudflare Workers + Durable Objects
- Endpoint:
https://<worker>.workers.dev/mcp
Quick start
Prerequisites
- Node.js 18+
- Cloudflare account with Workers enabled
wrangler login
Local development
npm install
npm run dev
Server runs at http://localhost:8788/mcp.
Test with MCP Inspector:
npx @modelcontextprotocol/inspector@latest
# Open http://localhost:5173 and connect to http://localhost:8788/mcp
Deploy to Cloudflare
- Update
wrangler.jsoncvars:MCP_URL→ your worker URL (e.g.https://scorton-mcp.scortonlabs.workers.dev)TEAM_DOMAIN→ your Access team (e.g.https://scortonlabs.cloudflareaccess.com)POLICY_AUD→ AUD tag from Zero Trust → Access → your application
- Deploy:
npm run deploy
- Connect clients to
https://scorton-mcp.scortonlabs.workers.dev/mcp.
Cloudflare Access (required for protected workers)
If the worker is behind a self-hosted Access application, set TEAM_DOMAIN and POLICY_AUD in wrangler.jsonc (or Worker dashboard vars). The worker validates the Cf-Access-Jwt-Assertion header on /mcp requests.
Find the AUD tag: Zero Trust → Access → Applications → your app → AUD tag.
Claude Desktop (claude_desktop_config.json):
{
"mcpServers": {
"scorton": {
"command": "npx",
"args": ["mcp-remote", "https://scorton-mcp.<your-subdomain>.workers.dev/mcp"]
}
}
}
Cursor — add as a remote MCP server with the same URL.
Configuration
Scoring thresholds are set via Worker vars in wrangler.jsonc:
| Variable | Default | Purpose |
|---|---|---|
RISK_HUMAN_BASELINE_THRESHOLD |
0.2 |
Human baseline deviation flag threshold |
RISK_AI_FAILURE_WEIGHT |
0.5 |
Weight of eval failures in AI risk score |
RISK_WORKFLOW_HIGH_VALUE_THRESHOLD |
100000 |
USD threshold for high-value workflow flag |
Scripts
npm run dev # wrangler dev (local Worker)
npm run deploy # deploy to Cloudflare
npm run typecheck # TypeScript checks
npm run test # unit tests (services layer)
npm run cf-typegen # regenerate worker Env types
Example tool payloads
score_human_risk
{
"actorId": "user-42",
"baselineDeviation": 0.61,
"velocityAnomalyScore": 0.88,
"navigationAnomalyScore": 0.74,
"repeatedEditsCount": 7,
"sourceChannel": "new-device",
"workflowContext": "wire-transfer-approval"
}
score_ai_risk
{
"modelId": "llm-payments-v3",
"evalFailureRate": 0.31,
"useCaseCriticality": "mission-critical",
"complianceCategory": "aml",
"productionExposure": "full",
"recentIncidents": 2
}
score_workflow_risk
{
"workflowId": "ap-invoice-2026-0009",
"sequenceAnomalyScore": 0.67,
"actorRole": "approver",
"transactionValueUsd": 240000,
"vendorOrPaymentChangeSignal": true,
"changeWindowMinutes": 22
}
Optional: Cloudflare Access MCP portal
Register this server in Cloudflare Access AI controls to add OAuth governance and a managed portal for your team.
Migration from v1 (mcp-use / Dokploy)
v1 used mcp-use on Node.js + Docker. v2 runs on Cloudflare Workers with the standard MCP SDK. Tool names, schemas, and scoring logic are unchanged — only the transport/runtime changed.
Установка Scorton
У этого сервера нет опубликованного пакета — он собирается из исходников. Открой репозиторий и следуй инструкции в README.
▸ github.com/yojedesign/scorton-mcpFAQ
Scorton MCP бесплатный?
Да, Scorton MCP бесплатный — установка в пару кликов через Unyly без оплаты.
Нужен ли API-ключ для Scorton?
Нет, Scorton работает без API-ключей и переменных окружения.
Scorton — hosted или self-hosted?
Доступен hosted-вариант: Unyly запускает сервер в облаке, локальная установка не обязательна.
Как установить Scorton в Claude Desktop, Claude Code или Cursor?
Открой Scorton на unyly.org, выбери вкладку своего клиента (Claude Desktop, Claude Code, Cursor) и нажми Install — конфиг сгенерируется автоматически, без правки JSON.
Похожие MCP
Fetch
Web content fetching and conversion for efficient LLM usage.
AWS KB Retrieval
Retrieval from AWS Knowledge Base using Bedrock Agent Runtime.
автор: modelcontextprotocolSpring AI MCP Server
Provides auto-configuration for setting up an MCP server in Spring Boot applications.
llm-analysis-assistant
A very streamlined mcp client that supports calling and monitoring stdio/sse/streamableHttp, and can also view request responses through the /logs page. It also
автор: xuzexin-hzCompare Scorton with
Не уверен что выбрать?
Найди свой стек за 60 секунд
Автор?
Embed-бейдж для README
Похожее
Все в категории ai
